--------[ AIDA64 Extreme Edition ]-------------------------------------------------------------------------------------- Version AIDA64 v3.00.2500 Benchmark Module 4.0.568-x64 Homepage http://www.aida64.com/ Report Type Report Wizard Computer SPRINGFOREST Generator Devihaka Operating System Microsoft Windows 7 Ultimate 6.1.7601.18247 (Win7 RTM) Date 2013-12-24 Time 23:17 --------[ Summary ]----------------------------------------------------------------------------------------------------- Computer: Computer Type ACPI x64-based PC Operating System Microsoft Windows 7 Ultimate OS Service Pack Service Pack 1 Internet Explorer 9.11.9600.16428 DirectX DirectX 11.0 Computer Name SPRINGFOREST User Name Devihaka Logon Domain SpringForest Date / Time 2013-12-24 / 23:17 Motherboard: CPU Type HexaCore AMD Phenom II X6 Black Edition 1100T, 3725 MHz (18.5 x 201) Motherboard Name Gigabyte GA-970A-UD3 (2 PCI, 3 PCI-E x1, 2 PCI-E x16, 4 DDR3 DIMM, Audio, Gigabit LAN, IEEE-1394) Motherboard Chipset AMD 970, AMD K10 System Memory 12288 MB (DDR3 SDRAM) DIMM1: Mushkin 991782 (996782) 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 592 MHz) (6-6-6-16 @ 444 MHz) DIMM2: Mushkin 991782 (996782) 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 592 MHz) (6-6-6-16 @ 444 MHz) DIMM3: G Skill F3-12800CL9-4GBRL 4 GB DDR3-1600 DDR3 SDRAM (11-11-11-28 @ 800 MHz) (10-10-10-27 @ 761 MHz) (9-9-9-24 @ 685 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-19 @ 533 MHz) (6-6-6-16 @ 457 MHz) DIMM4: G Skill F3-12800CL9-4GBRL 4 GB DDR3-1600 DDR3 SDRAM (11-11-11-28 @ 800 MHz) (10-10-10-27 @ 761 MHz) (9-9-9-24 @ 685 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-19 @ 533 MHz) (6-6-6-16 @ 457 MHz) BIOS Type Award Modular (10/13/11) Communication Port Communications Port (COM1) Display: Video Adapter NVIDIA GeForce GTX 460 (1 GB) Video Adapter NVIDIA GeForce GTX 460 (1 GB) 3D Accelerator nVIDIA GeForce GTX 460 Monitor eMachines E15T4 [15" LCD] (H66 50V 00910) Monitor Hannstar HF199H [19" LCD] (OHM0200011782) Multimedia: Audio Adapter nVIDIA HDMI/DP @ nVIDIA GF104 - High Definition Audio Controller Audio Adapter nVIDIA HDMI/DP @ nVIDIA GF104 - High Definition Audio Controller Audio Adapter nVIDIA HDMI/DP @ nVIDIA GF104 - High Definition Audio Controller Audio Adapter nVIDIA HDMI/DP @ nVIDIA GF104 - High Definition Audio Controller Audio Adapter Realtek ALC889 @ ATI SB900 - High Definition Audio Controller Storage: IDE Controller Standard Dual Channel PCI IDE Controller IDE Controller Standard Dual Channel PCI IDE Controller Disk Drive Hitachi HDS721050CLA362 ATA Device (500 GB, 7200 RPM, SATA-II) Disk Drive WDC WD6400AAKS-22A7B2 ATA Device (640 GB, 7200 RPM, SATA-II) Optical Drive Optiarc DVD RW AD-7203S ATA Device (DVD+R9:8x, DVD-R9:12x, DVD+RW:20x/8x, DVD-RW:20x/6x, DVD-RAM:12x, DVD-ROM:16x, CD:48x/32x/48x DVD+RW/DVD-RW/DVD-RAM) SMART Hard Disks Status OK Partitions: C: (NTFS) 275.9 GB (155.3 GB free) D: (NTFS) 465.8 GB (209.4 GB free) E: (NTFS) 300.0 GB (81.1 GB free) F: (NTFS) 20652 MB (3262 MB free) Total Size 1061.8 GB (449.0 GB free) Input: Keyboard HID Keyboard Device Keyboard HID Keyboard Device Keyboard HID Keyboard Device Mouse HID-compliant mouse Mouse Logitech Gaming Mouse G600 Network: Primary IP Address 192.168.1.138 Primary MAC Address 50-E5-49-C2-27-97 Network Adapter Realtek PCIe GBE Family Controller (192.168.1.138) Network Adapter VirtualBox Host-Only Ethernet Adapter (192.168.56.1) Peripherals: Printer Adobe PDF Printer Fax - HP Officejet 6600 (Network) Printer Fax Printer Google Cloud Printer Printer HP Officejet 6600 (Network) Printer Microsoft XPS Document Writer Printer Send To OneNote 2013 Printer Snagit 11 FireWire Controller VIA VT6308 Fire IIM IEEE1394 Host Controller (PHY: VIA VT6307) USB1 Controller ATI SB900 - OHCI USB Controller USB1 Controller ATI SB900 - OHCI USB Controller USB1 Controller ATI SB900 - OHCI USB Controller USB1 Controller ATI SB900 - OHCI USB Controller USB2 Controller ATI SB900 - EHCI USB 2.0 Controller USB2 Controller ATI SB900 - EHCI USB 2.0 Controller USB2 Controller ATI SB900 - EHCI USB 2.0 Controller USB3 Controller Etron EJ168 USB 3.0 xHCI Controller USB3 Controller Etron EJ168 USB 3.0 xHCI Controller USB Device USB Composite Device USB Device USB Composite Device USB Device USB Input Device USB Device USB Input Device USB Device USB Input Device USB Device USB Input Device DMI: DMI BIOS Vendor Award Software International, Inc. DMI BIOS Version F4 DMI System Manufacturer Gigabyte Technology Co., Ltd. DMI System Product GA-970A-UD3 DMI System Version DMI System Serial Number DMI System UUID 35304535-34394332-32373937-FFFFFFFF DMI Motherboard Manufacturer Gigabyte Technology Co., Ltd. DMI Motherboard Product GA-970A-UD3 DMI Motherboard Version x.x DMI Motherboard Serial Number DMI Chassis Manufacturer Gigabyte Technology Co., Ltd. DMI Chassis Version DMI Chassis Serial Number DMI Chassis Asset Tag DMI Chassis Type Desktop Case DMI Total / Free Memory Sockets 4 / 0 --------[ Computer Name ]----------------------------------------------------------------------------------------------- Computer Comment Logical NetBIOS Name Logical SPRINGFOREST DNS Host Name Logical SpringForest DNS Domain Name Logical Fully Qualified DNS Name Logical SpringForest NetBIOS Name Physical SPRINGFOREST DNS Host Name Physical SpringForest DNS Domain Name Physical Fully Qualified DNS Name Physical SpringForest --------[ DMI ]--------------------------------------------------------------------------------------------------------- [ BIOS ] BIOS Properties: Vendor Award Software International, Inc. Version F4 Release Date 10/13/2011 Size 4096 KB Boot Devices Floppy Disk, Hard Disk, CD-ROM, ATAPI ZIP, LS-120 Capabilities Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS Supported Standards DMI, ACPI, PnP Expansion Capabilities ISA, PCI, USB Virtual Machine No BIOS Manufacturer: Company Name Phoenix Technologies Ltd. Product Information http://www.phoenix.com/pages/products BIOS Upgrades http://www.aida64.com/bios-updates [ System ] System Properties: Manufacturer Gigabyte Technology Co., Ltd. Product GA-970A-UD3 Universal Unique ID 35304535-34394332-32373937-FFFFFFFF Wake-Up Type Power Switch [ Motherboard ] Motherboard Properties: Manufacturer Gigabyte Technology Co., Ltd. Product GA-970A-UD3 Version x.x Motherboard Manufacturer: Company Name Gigabyte Technology Co., Ltd. Product Information http://www.giga-byte.com/products/main.aspx?s=42 BIOS Download http://www.giga-byte.com/support-downloads/download-center.aspx Driver Update http://www.aida64.com/driver-updates BIOS Upgrades http://www.aida64.com/bios-updates [ Chassis ] Chassis Properties: Manufacturer Gigabyte Technology Co., Ltd. Chassis Type Desktop Case [ Memory Controller ] Memory Controller Properties: Error Detection Method 64-bit ECC Error Correction None Supported Memory Interleave 1-Way Current Memory Interleave 1-Way Supported Memory Speeds 70ns, 60ns Supported Memory Types SPM, EDO Supported Memory Voltages 3.3V Maximum Memory Module Size 1024 MB Memory Slots 4 [ Processors / AMD Phenom(tm) II X6 1100T Processor ] Processor Properties: Manufacturer AMD Version AMD Phenom(tm) II X6 1100T Processor External Clock 200 MHz Current Clock 3700 MHz Type Central Processor Voltage 0.9 V Status Enabled Upgrade ZIF Socket Designation Socket M2 CPU Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/processors Driver Update http://www.aida64.com/driver-updates [ Caches / Internal Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Write-Back Maximum Size 128 KB Installed Size 128 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Socket Designation Internal Cache [ Caches / Internal Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Write-Back Maximum Size 128 KB Installed Size 128 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Socket Designation Internal Cache [ Caches / External Cache ] Cache Properties: Type Internal Status Enabled Operational Mode Write-Back Maximum Size 512 KB Installed Size 512 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Socket Designation External Cache [ Caches / External Cache ] Cache Properties: Type Internal Status Disabled Operational Mode Write-Through Maximum Size 1024 KB Installed Size 0 KB Supported SRAM Type Synchronous Current SRAM Type Synchronous Socket Designation External Cache [ Memory Modules / A0 ] Memory Module Properties: Socket Designation A0 Type EDO Speed 64 ns Installed Size 2048 MB Enabled Size 2048 MB [ Memory Modules / A1 ] Memory Module Properties: Socket Designation A1 Type EDO Speed 64 ns Installed Size 2048 MB Enabled Size 2048 MB [ Memory Modules / A2 ] Memory Module Properties: Socket Designation A2 Type EDO Speed 64 ns Installed Size 4096 MB Enabled Size 4096 MB [ Memory Modules / A3 ] Memory Module Properties: Socket Designation A3 Type EDO Speed 64 ns Installed Size 4096 MB Enabled Size 4096 MB [ Memory Devices / A0 ] Memory Device Properties: Form Factor DIMM Size 2048 MB Max. Clock Speed 1600 MHz Total Width 64-bit Data Width 64-bit Device Locator A0 Bank Locator Bank0/1 [ Memory Devices / A1 ] Memory Device Properties: Form Factor DIMM Size 2048 MB Max. Clock Speed 1600 MHz Total Width 64-bit Data Width 64-bit Device Locator A1 Bank Locator Bank2/3 [ Memory Devices / A2 ] Memory Device Properties: Form Factor DIMM Size 4096 MB Max. Clock Speed 1600 MHz Total Width 64-bit Data Width 64-bit Device Locator A2 Bank Locator Bank4/5 [ Memory Devices / A3 ] Memory Device Properties: Form Factor DIMM Size 4096 MB Max. Clock Speed 1600 MHz Total Width 64-bit Data Width 64-bit Device Locator A3 Bank Locator Bank6/7 [ System Slots / PCI ] System Slot Properties: Slot Designation PCI Type PCI Usage Empty Data Bus Width 32-bit Length Long [ System Slots / PCI Express x16 ] System Slot Properties: Slot Designation PCI Express x16 Type PCI-E Data Bus Width x16 [ System Slots / PCI Express x16 ] System Slot Properties: Slot Designation PCI Express x16 Type PCI-E Data Bus Width x16 [ System Slots / PCI Express x8 ] System Slot Properties: Slot Designation PCI Express x8 Type PCI-E Data Bus Width x8 [ System Slots / PCI Express x8 ] System Slot Properties: Slot Designation PCI Express x8 Type PCI-E Data Bus Width x8 [ System Slots / PCI Express x4 ] System Slot Properties: Slot Designation PCI Express x4 Type PCI-E Data Bus Width x4 [ System Slots / PCI Express x4 ] System Slot Properties: Slot Designation PCI Express x4 Type PCI-E Data Bus Width x4 [ Port Connectors / PRIMARY IDE ] Port Connector Properties: Internal Reference Designator PRIMARY IDE Internal Connector Type On-Board IDE External Connector Type None [ Port Connectors / FDD ] Port Connector Properties: Port Type 8251 FIFO Compatible Internal Reference Designator FDD Internal Connector Type On-Board Floppy External Connector Type None [ Port Connectors / COM1 ] Port Connector Properties: Port Type Serial Port 16450 Compatible Internal Reference Designator COM1 Internal Connector Type 9 Pin Dual Inline (pin 10 cut) External Connector Type DB-9 pin male [ Port Connectors / Keyboard ] Port Connector Properties: Port Type Keyboard Port Internal Reference Designator Keyboard External Connector Type PS/2 [ Port Connectors / No Detected ] Port Connector Properties: Port Type Mouse Port Internal Reference Designator PS/2 Mouse Internal Connector Type PS/2 External Reference Designator No Detected External Connector Type PS/2 [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB [ Port Connectors / USB ] Port Connector Properties: Port Type USB Internal Reference Designator USB Internal Connector Type None External Connector Type USB --------[ Overclock ]--------------------------------------------------------------------------------------------------- CPU Properties: CPU Type HexaCore AMD Phenom II X6 Black Edition 1100T CPU Alias Thuban CPU Stepping PH-E0 Engineering Sample No CPUID CPU Name AMD Phenom(tm) II X6 1100T Processor CPUID Revision 00100FA0h CPU VID 1.4750 V North Bridge VID 1.1500 V CPU Speed: CPU Clock 4027.1 MHz (original: 3300 MHz, overclock: 22%) CPU Multiplier 20x CPU FSB 201.4 MHz (original: 200 MHz) HyperTransport Clock 2013.6 MHz North Bridge Clock 2013.6 MHz Memory Bus 805.4 MHz DRAM:FSB Ratio 24:6 CPU Cache: L1 Code Cache 64 KB per core L1 Data Cache 64 KB per core L2 Cache 512 KB per core (On-Die, ECC, Full-Speed) L3 Cache 6 MB (On-Die, ECC, NB-Speed) Motherboard Properties: Motherboard ID 10/13/2011-RD970-SB950-7A66FG05C-00 Motherboard Name Gigabyte GA-970A-UD3 (2 PCI, 3 PCI-E x1, 2 PCI-E x16, 4 DDR3 DIMM, Audio, Gigabit LAN, IEEE-1394) Chipset Properties: Motherboard Chipset AMD 970, AMD K10 Memory Timings 11-11-11-29 (CL-RCD-RP-RAS) Command Rate (CR) 2T DIMM1: Mushkin 991782 (996782) 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 592 MHz) (6-6-6-16 @ 444 MHz) DIMM2: Mushkin 991782 (996782) 2 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 592 MHz) (6-6-6-16 @ 444 MHz) DIMM3: G Skill F3-12800CL9-4GBRL 4 GB DDR3-1600 DDR3 SDRAM (11-11-11-28 @ 800 MHz) (10-10-10-27 @ 761 MHz) (9-9-9-24 @ 685 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-19 @ 533 MHz) (6-6-6-16 @ 457 MHz) DIMM4: G Skill F3-12800CL9-4GBRL 4 GB DDR3-1600 DDR3 SDRAM (11-11-11-28 @ 800 MHz) (10-10-10-27 @ 761 MHz) (9-9-9-24 @ 685 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-19 @ 533 MHz) (6-6-6-16 @ 457 MHz) BIOS Properties: System BIOS Date 10/13/11 Video BIOS Date 11/16/10 Award BIOS Type Award Modular BIOS v6.00PG Award BIOS Message GA-970A-UD3 F4 DMI BIOS Version F4 Graphics Processor Properties: Video Adapter EVGA e-GeForce GTX 460 GPU Code Name GF104 (PCI Express 2.0 x16 10DE / 0E22, Rev A1) GPU Clock (Geometric Domain) 405 MHz (original: 720 MHz) GPU Clock (Shader Domain) 810 MHz (original: 1440 MHz) Memory Clock 900 MHz (original: 900 MHz) --------[ Power Management ]-------------------------------------------------------------------------------------------- Power Management Properties: Current Power Source AC Line Battery Status No Battery Full Battery Lifetime Unknown Remaining Battery Lifetime Unknown --------[ Portable Computer ]------------------------------------------------------------------------------------------- Centrino (Carmel) Platform Compliancy: CPU: Intel Pentium M (Banias/Dothan) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Intel i855GM/PM No (AMD 970, AMD K10) WLAN: Intel PRO/Wireless No System: Centrino Compliant No Centrino (Sonoma) Platform Compliancy: CPU: Intel Pentium M (Dothan) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Intel i915GM/PM No (AMD 970, AMD K10) WLAN: Intel PRO/Wireless 2200/2915 No System: Centrino Compliant No Centrino (Napa) Platform Compliancy: CPU: Intel Core (Yonah) / Core 2 (Merom) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Intel i945GM/PM No (AMD 970, AMD K10) WLAN: Intel PRO/Wireless 3945/3965 No System: Centrino Compliant No Centrino (Santa Rosa) Platform Compliancy: CPU: Intel Core 2 (Merom/Penryn) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Intel GM965/PM965 No (AMD 970, AMD K10) WLAN: Intel Wireless WiFi Link 4965 No System: Centrino Compliant No Centrino 2 (Montevina) Platform Compliancy: CPU: Intel Core 2 (Penryn) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Mobile Intel 4 Series No (AMD 970, AMD K10) WLAN: Intel WiFi Link 5000 Series No System: Centrino 2 Compliant No Centrino (Calpella) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Mobile Intel 5 Series No (AMD 970, AMD K10) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No Centrino (Huron River) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Mobile Intel 6 Series No (AMD 970, AMD K10) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No Centrino (Chief River) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Mobile Intel 7 Series No (AMD 970, AMD K10) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No Centrino (Shark Bay-MB) Platform Compliancy: CPU: Intel Core i3/i5/i7 (Haswell-MB) No (AMD Phenom II X6 Black Edition 1100T) Chipset: Mobile Intel 8 Series No (AMD 970, AMD K10) WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-NNo System: Centrino Compliant No --------[ Sensor ]------------------------------------------------------------------------------------------------------ Sensor Properties: Sensor Type ITE IT8720F (ISA 228h) GPU Sensor Type Diode (NV-Diode) Motherboard Name Gigabyte 890GPA-UD3H / 970A / 990FXA / 990XA / A55 / A75 Series Chassis Intrusion Detected Yes Temperatures: Motherboard 34 °C (93 °F) CPU 41 °C (106 °F) CPU #1 / Core #1 37 °C (99 °F) CPU #1 / Core #2 37 °C (99 °F) CPU #1 / Core #3 37 °C (99 °F) CPU #1 / Core #4 37 °C (99 °F) CPU #1 / Core #5 37 °C (99 °F) CPU #1 / Core #6 37 °C (99 °F) GPU Diode 73 °C (163 °F) Hitachi HDS721050CLA362 25 °C (77 °F) WDC WD6400AAKS-22A7B2 28 °C (82 °F) Cooling Fans: CPU 1223 RPM Chassis #1 944 RPM Chassis #2 1467 RPM GPU 930 RPM (53%) Voltage Values: CPU Core 1.552 V +3.3 V 3.312 V +12 V 12.176 V VBAT Battery 3.360 V DIMM 1.488 V GPU Core 0.962 V Debug Info F 0228 02CB 01CC 0000 FFFF Debug Info T 34 41 49 Debug Info V 61 5D CF BD C0 88 FF 87 D2 --------[ CPU ]--------------------------------------------------------------------------------------------------------- CPU Properties: CPU Type HexaCore AMD Phenom II X6 Black Edition 1100T, 3725 MHz (18.5 x 201) CPU Alias Thuban CPU Stepping PH-E0 Instruction Set x86, x86-64, MMX, 3DNow!, SSE, SSE2, SSE3, SSE4A Original Clock 3300 MHz Min / Max CPU Multiplier 4.0x / 39.5x Engineering Sample No L1 Code Cache 64 KB per core L1 Data Cache 64 KB per core L2 Cache 512 KB per core (On-Die, ECC, Full-Speed) L3 Cache 6 MB (On-Die, ECC, NB-Speed) CPU Physical Info: Package Type 938 Pin uOPGA Package Size 40 mm x 40 mm Transistors 904 million Process Technology 45 nm, CMOS, Cu, Low-K, DSL SOI, Immersion Lithography Die Size 346 mm2 I/O Voltage 1.2 V + 2.5 V CPU Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/processors Driver Update http://www.aida64.com/driver-updates Multi CPU: Motherboard ID OEM00000 PROD00000000 CPU #1 AMD Phenom(tm) II X6 1100T Processor, 3725 MHz CPU #2 AMD Phenom(tm) II X6 1100T Processor, 3725 MHz CPU #3 AMD Phenom(tm) II X6 1100T Processor, 3725 MHz CPU #4 AMD Phenom(tm) II X6 1100T Processor, 3725 MHz CPU #5 AMD Phenom(tm) II X6 1100T Processor, 3725 MHz CPU #6 AMD Phenom(tm) II X6 1100T Processor, 3725 MHz CPU Utilization: CPU #1 / Core #1 0 % CPU #1 / Core #2 0 % CPU #1 / Core #3 0 % CPU #1 / Core #4 0 % CPU #1 / Core #5 0 % CPU #1 / Core #6 100 % --------[ CPUID ]------------------------------------------------------------------------------------------------------- CPUID Properties: CPUID Manufacturer AuthenticAMD CPUID CPU Name AMD Phenom(tm) II X6 1100T Processor CPUID Revision 00100FA0h Extended CPUID Revision 00100FA0h AMD Brand ID 00A1h (Phenom II X6 1100T) Platform ID D7h (Socket AM3) Microcode Update Revision 010000BFh HTT / CMP Units 0 / 6 Instruction Set: 64-bit x86 Extension (AMD64, Intel64) Supported AMD 3DNow! Supported AMD 3DNow! Professional Supported AMD 3DNowPrefetch Supported AMD Enhanced 3DNow! Supported AMD Extended MMX Supported AMD FMA4 Not Supported AMD MisAligned SSE Supported AMD SSE4A Supported AMD XOP Not Supported Cyrix Extended MMX Not Supported Enhanced REP MOVSB/STOSB Not Supported Float-16 Conversion Instructions Not Supported IA-64 Not Supported IA BMI1 Not Supported IA BMI2 Not Supported IA MMX Supported IA SSE Supported IA SSE2 Supported IA SSE3 Supported IA Supplemental SSE3 Not Supported IA SSE4.1 Not Supported IA SSE4.2 Not Supported IA AVX Not Supported IA AVX2 Not Supported IA FMA Not Supported IA AES Extensions Not Supported VIA Alternate Instruction Set Not Supported ADCX / ADOX Instruction Not Supported CLFLUSH Instruction Supported CMPXCHG8B Instruction Supported CMPXCHG16B Instruction Supported Conditional Move Instruction Supported INVPCID Instruction Not Supported LZCNT Instruction Supported MONITOR / MWAIT Instruction Supported MOVBE Instruction Not Supported PCLMULQDQ Instruction Not Supported POPCNT Instruction Supported RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE InstructionNot Supported RDRAND Instruction Not Supported RDSEED Instruction Not Supported RDTSCP Instruction Supported SKINIT / STGI Instruction Supported SYSCALL / SYSRET Instruction Supported SYSENTER / SYSEXIT Instruction Supported Trailing Bit Manipulation Instructions Not Supported VIA FEMMS Instruction Not Supported Security Features: Advanced Cryptography Engine (ACE) Not Supported Advanced Cryptography Engine 2 (ACE2) Not Supported Data Execution Prevention (DEP, NX, EDB) Supported Hardware Random Number Generator (RNG) Not Supported Hardware Random Number Generator 2 (RNG2) Not Supported PadLock Hash Engine (PHE) Not Supported PadLock Hash Engine 2 (PHE2) Not Supported PadLock Montgomery Multiplier (PMM) Not Supported PadLock Montgomery Multiplier 2 (PMM2) Not Supported Processor Serial Number (PSN) Not Supported Power Management Features: Application Power Management (APM) Not Supported Automatic Clock Control Not Supported Core C6 State (CC6) Not Supported Digital Thermometer Supported Dynamic FSB Frequency Switching Not Supported Enhanced Halt State (C1E) Supported, Enabled Enhanced SpeedStep Technology (EIST, ESS) Not Supported Frequency ID Control Not Supported Hardware P-State Control Supported LongRun Not Supported LongRun Table Interface Not Supported Overstress Not Supported Package C6 State (PC6) Not Supported Parallax Not Supported PowerSaver 1.0 Not Supported PowerSaver 2.0 Not Supported PowerSaver 3.0 Not Supported Processor Duty Cycle Control Not Supported Software Thermal Control Supported Temperature Sensing Diode Supported Thermal Monitor 1 Not Supported Thermal Monitor 2 Not Supported Thermal Monitor 3 Not Supported Thermal Monitoring Supported Thermal Trip Supported Voltage ID Control Not Supported Virtualization Features: Extended Page Table (EPT) Not Supported Hypervisor Not Present INVEPT Instruction Not Supported INVVPID Instruction Not Supported Nested Paging (NPT, RVI) Supported Secure Virtual Machine (SVM, Pacifica) Supported Virtual Machine Extensions (VMX, Vanderpool) Not Supported Virtual Processor ID (VPID) Not Supported CPUID Features: 1 GB Page Size Supported 36-bit Page Size Extension Supported Adaptive Overclocking Not Supported Address Region Registers (ARR) Not Supported Configurable TDP (cTDP) Not Supported Core Performance Boost (CPB) Supported, Enabled Core Performance Counters Not Supported CPL Qualified Debug Store Not Supported Debug Trace Store Not Supported Debugging Extension Supported Deprecated FPU CS and FPU DS Not Supported Direct Cache Access Not Supported Dynamic Acceleration Technology (IDA) Not Supported Dynamic Configurable TDP (DcTDP) Not Supported Fast Save & Restore Supported Hardware Lock Elision (HLE) Not Supported Hybrid Boost Not Supported Hyper-Threading Technology (HTT) Not Supported Instruction Based Sampling Supported Invariant Time Stamp Counter Supported L1 Context ID Not Supported L2I Performance Counters Not Supported Lightweight Profiling Not Supported Local APIC On Chip Supported Machine Check Architecture (MCA) Supported Machine Check Exception (MCE) Supported Memory Configuration Registers (MCR) Not Supported Memory Type Range Registers (MTRR) Supported Model Specific Registers (MSR) Supported NB Performance Counters Not Supported Page Attribute Table (PAT) Supported Page Global Extension Supported Page Size Extension (PSE) Supported Pending Break Event Not Supported Performance Time Stamp Counter (PTSC) Not Supported Physical Address Extension (PAE) Supported Quality of Service Monitoring (QM) Not Supported Restricted Transactional Memory (RTM) Not Supported Safer Mode Extensions (SMX) Not Supported Self-Snoop Not Supported Supervisor Mode Access Prevention (SMAP) Not Supported Supervisor Mode Execution Protection (SMEP) Not Supported Time Stamp Counter (TSC) Supported Turbo Boost Not Supported Virtual Mode Extension Supported Watchdog Timer Supported x2APIC Not Supported XGETBV / XSETBV OS Enabled Not Supported XSAVE / XRSTOR / XSETBV / XGETBV Extended States Not Supported XSAVEOPT Not Supported CPUID Registers (CPU #1): CPUID 00000000 00000006-68747541-444D4163-69746E65 CPUID 00000001 00100FA0-00060800-00802009-178BFBFF CPUID 00000002 00000000-00000000-00000000-00000000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000005 00000040-00000040-00000003-00000000 CPUID 00000006 00000000-00000000-00000001-00000000 CPUID 80000000 8000001B-68747541-444D4163-69746E65 CPUID 80000001 00100FA0-100000A1-000037FF-EFD3FBFF CPUID 80000002 20444D41-6E656850-74286D6F-4920296D CPUID 80000003 36582049-30313120-50205430-65636F72 CPUID 80000004 726F7373-00000000-00000000-00000000 CPUID 80000005 FF30FF10-FF30FF20-40020140-40020140 CPUID 80000006 20800000-42004200-02008140-0030B140 CPUID 80000007 00000000-00000000-00000000-000003F9 CPUID 80000008 00003030-00000000-00003005-00000000 CPUID 80000009 00000000-00000000-00000000-00000000 CPUID 8000000A 00000001-00000040-00000000-0000040F CPUID 8000000B 00000000-00000000-00000000-00000000 CPUID 8000000C 00000000-00000000-00000000-00000000 CPUID 8000000D 00000000-00000000-00000000-00000000 CPUID 8000000E 00000000-00000000-00000000-00000000 CPUID 8000000F 00000000-00000000-00000000-00000000 CPUID 80000010 00000000-00000000-00000000-00000000 CPUID 80000011 00000000-00000000-00000000-00000000 CPUID 80000012 00000000-00000000-00000000-00000000 CPUID 80000013 00000000-00000000-00000000-00000000 CPUID 80000014 00000000-00000000-00000000-00000000 CPUID 80000015 00000000-00000000-00000000-00000000 CPUID 80000016 00000000-00000000-00000000-00000000 CPUID 80000017 00000000-00000000-00000000-00000000 CPUID 80000018 00000000-00000000-00000000-00000000 CPUID 80000019 F0300000-60100000-00000000-00000000 CPUID 8000001A 00000003-00000000-00000000-00000000 CPUID 8000001B 0000001F-00000000-00000000-00000000 CPUID Registers (CPU #2): CPUID 00000000 00000006-68747541-444D4163-69746E65 CPUID 00000001 00100FA0-01060800-00802009-178BFBFF CPUID 00000002 00000000-00000000-00000000-00000000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000005 00000040-00000040-00000003-00000000 CPUID 00000006 00000000-00000000-00000001-00000000 CPUID 80000000 8000001B-68747541-444D4163-69746E65 CPUID 80000001 00100FA0-100000A1-000037FF-EFD3FBFF CPUID 80000002 20444D41-6E656850-74286D6F-4920296D CPUID 80000003 36582049-30313120-50205430-65636F72 CPUID 80000004 726F7373-00000000-00000000-00000000 CPUID 80000005 FF30FF10-FF30FF20-40020140-40020140 CPUID 80000006 20800000-42004200-02008140-0030B140 CPUID 80000007 00000000-00000000-00000000-000003F9 CPUID 80000008 00003030-00000000-00003005-00000000 CPUID 80000009 00000000-00000000-00000000-00000000 CPUID 8000000A 00000001-00000040-00000000-0000040F CPUID 8000000B 00000000-00000000-00000000-00000000 CPUID 8000000C 00000000-00000000-00000000-00000000 CPUID 8000000D 00000000-00000000-00000000-00000000 CPUID 8000000E 00000000-00000000-00000000-00000000 CPUID 8000000F 00000000-00000000-00000000-00000000 CPUID 80000010 00000000-00000000-00000000-00000000 CPUID 80000011 00000000-00000000-00000000-00000000 CPUID 80000012 00000000-00000000-00000000-00000000 CPUID 80000013 00000000-00000000-00000000-00000000 CPUID 80000014 00000000-00000000-00000000-00000000 CPUID 80000015 00000000-00000000-00000000-00000000 CPUID 80000016 00000000-00000000-00000000-00000000 CPUID 80000017 00000000-00000000-00000000-00000000 CPUID 80000018 00000000-00000000-00000000-00000000 CPUID 80000019 F0300000-60100000-00000000-00000000 CPUID 8000001A 00000003-00000000-00000000-00000000 CPUID 8000001B 0000001F-00000000-00000000-00000000 CPUID Registers (CPU #3): CPUID 00000000 00000006-68747541-444D4163-69746E65 CPUID 00000001 00100FA0-03060800-00802009-178BFBFF CPUID 00000002 00000000-00000000-00000000-00000000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000005 00000040-00000040-00000003-00000000 CPUID 00000006 00000000-00000000-00000001-00000000 CPUID 80000000 8000001B-68747541-444D4163-69746E65 CPUID 80000001 00100FA0-100000A1-000037FF-EFD3FBFF CPUID 80000002 20444D41-6E656850-74286D6F-4920296D CPUID 80000003 36582049-30313120-50205430-65636F72 CPUID 80000004 726F7373-00000000-00000000-00000000 CPUID 80000005 FF30FF10-FF30FF20-40020140-40020140 CPUID 80000006 20800000-42004200-02008140-0030B140 CPUID 80000007 00000000-00000000-00000000-000003F9 CPUID 80000008 00003030-00000000-00003005-00000000 CPUID 80000009 00000000-00000000-00000000-00000000 CPUID 8000000A 00000001-00000040-00000000-0000040F CPUID 8000000B 00000000-00000000-00000000-00000000 CPUID 8000000C 00000000-00000000-00000000-00000000 CPUID 8000000D 00000000-00000000-00000000-00000000 CPUID 8000000E 00000000-00000000-00000000-00000000 CPUID 8000000F 00000000-00000000-00000000-00000000 CPUID 80000010 00000000-00000000-00000000-00000000 CPUID 80000011 00000000-00000000-00000000-00000000 CPUID 80000012 00000000-00000000-00000000-00000000 CPUID 80000013 00000000-00000000-00000000-00000000 CPUID 80000014 00000000-00000000-00000000-00000000 CPUID 80000015 00000000-00000000-00000000-00000000 CPUID 80000016 00000000-00000000-00000000-00000000 CPUID 80000017 00000000-00000000-00000000-00000000 CPUID 80000018 00000000-00000000-00000000-00000000 CPUID 80000019 F0300000-60100000-00000000-00000000 CPUID 8000001A 00000003-00000000-00000000-00000000 CPUID 8000001B 0000001F-00000000-00000000-00000000 CPUID Registers (CPU #4): CPUID 00000000 00000006-68747541-444D4163-69746E65 CPUID 00000001 00100FA0-04060800-00802009-178BFBFF CPUID 00000002 00000000-00000000-00000000-00000000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000005 00000040-00000040-00000003-00000000 CPUID 00000006 00000000-00000000-00000001-00000000 CPUID 80000000 8000001B-68747541-444D4163-69746E65 CPUID 80000001 00100FA0-100000A1-000037FF-EFD3FBFF CPUID 80000002 20444D41-6E656850-74286D6F-4920296D CPUID 80000003 36582049-30313120-50205430-65636F72 CPUID 80000004 726F7373-00000000-00000000-00000000 CPUID 80000005 FF30FF10-FF30FF20-40020140-40020140 CPUID 80000006 20800000-42004200-02008140-0030B140 CPUID 80000007 00000000-00000000-00000000-000003F9 CPUID 80000008 00003030-00000000-00003005-00000000 CPUID 80000009 00000000-00000000-00000000-00000000 CPUID 8000000A 00000001-00000040-00000000-0000040F CPUID 8000000B 00000000-00000000-00000000-00000000 CPUID 8000000C 00000000-00000000-00000000-00000000 CPUID 8000000D 00000000-00000000-00000000-00000000 CPUID 8000000E 00000000-00000000-00000000-00000000 CPUID 8000000F 00000000-00000000-00000000-00000000 CPUID 80000010 00000000-00000000-00000000-00000000 CPUID 80000011 00000000-00000000-00000000-00000000 CPUID 80000012 00000000-00000000-00000000-00000000 CPUID 80000013 00000000-00000000-00000000-00000000 CPUID 80000014 00000000-00000000-00000000-00000000 CPUID 80000015 00000000-00000000-00000000-00000000 CPUID 80000016 00000000-00000000-00000000-00000000 CPUID 80000017 00000000-00000000-00000000-00000000 CPUID 80000018 00000000-00000000-00000000-00000000 CPUID 80000019 F0300000-60100000-00000000-00000000 CPUID 8000001A 00000003-00000000-00000000-00000000 CPUID 8000001B 0000001F-00000000-00000000-00000000 CPUID Registers (CPU #5): CPUID 00000000 00000006-68747541-444D4163-69746E65 CPUID 00000001 00100FA0-05060800-00802009-178BFBFF CPUID 00000002 00000000-00000000-00000000-00000000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000005 00000040-00000040-00000003-00000000 CPUID 00000006 00000000-00000000-00000001-00000000 CPUID 80000000 8000001B-68747541-444D4163-69746E65 CPUID 80000001 00100FA0-100000A1-000037FF-EFD3FBFF CPUID 80000002 20444D41-6E656850-74286D6F-4920296D CPUID 80000003 36582049-30313120-50205430-65636F72 CPUID 80000004 726F7373-00000000-00000000-00000000 CPUID 80000005 FF30FF10-FF30FF20-40020140-40020140 CPUID 80000006 20800000-42004200-02008140-0030B140 CPUID 80000007 00000000-00000000-00000000-000003F9 CPUID 80000008 00003030-00000000-00003005-00000000 CPUID 80000009 00000000-00000000-00000000-00000000 CPUID 8000000A 00000001-00000040-00000000-0000040F CPUID 8000000B 00000000-00000000-00000000-00000000 CPUID 8000000C 00000000-00000000-00000000-00000000 CPUID 8000000D 00000000-00000000-00000000-00000000 CPUID 8000000E 00000000-00000000-00000000-00000000 CPUID 8000000F 00000000-00000000-00000000-00000000 CPUID 80000010 00000000-00000000-00000000-00000000 CPUID 80000011 00000000-00000000-00000000-00000000 CPUID 80000012 00000000-00000000-00000000-00000000 CPUID 80000013 00000000-00000000-00000000-00000000 CPUID 80000014 00000000-00000000-00000000-00000000 CPUID 80000015 00000000-00000000-00000000-00000000 CPUID 80000016 00000000-00000000-00000000-00000000 CPUID 80000017 00000000-00000000-00000000-00000000 CPUID 80000018 00000000-00000000-00000000-00000000 CPUID 80000019 F0300000-60100000-00000000-00000000 CPUID 8000001A 00000003-00000000-00000000-00000000 CPUID 8000001B 0000001F-00000000-00000000-00000000 CPUID Registers (CPU #6): CPUID 00000000 00000006-68747541-444D4163-69746E65 CPUID 00000001 00100FA0-02060800-00802009-178BFBFF CPUID 00000002 00000000-00000000-00000000-00000000 CPUID 00000003 00000000-00000000-00000000-00000000 CPUID 00000005 00000040-00000040-00000003-00000000 CPUID 00000006 00000000-00000000-00000001-00000000 CPUID 80000000 8000001B-68747541-444D4163-69746E65 CPUID 80000001 00100FA0-100000A1-000037FF-EFD3FBFF CPUID 80000002 20444D41-6E656850-74286D6F-4920296D CPUID 80000003 36582049-30313120-50205430-65636F72 CPUID 80000004 726F7373-00000000-00000000-00000000 CPUID 80000005 FF30FF10-FF30FF20-40020140-40020140 CPUID 80000006 20800000-42004200-02008140-0030B140 CPUID 80000007 00000000-00000000-00000000-000003F9 CPUID 80000008 00003030-00000000-00003005-00000000 CPUID 80000009 00000000-00000000-00000000-00000000 CPUID 8000000A 00000001-00000040-00000000-0000040F CPUID 8000000B 00000000-00000000-00000000-00000000 CPUID 8000000C 00000000-00000000-00000000-00000000 CPUID 8000000D 00000000-00000000-00000000-00000000 CPUID 8000000E 00000000-00000000-00000000-00000000 CPUID 8000000F 00000000-00000000-00000000-00000000 CPUID 80000010 00000000-00000000-00000000-00000000 CPUID 80000011 00000000-00000000-00000000-00000000 CPUID 80000012 00000000-00000000-00000000-00000000 CPUID 80000013 00000000-00000000-00000000-00000000 CPUID 80000014 00000000-00000000-00000000-00000000 CPUID 80000015 00000000-00000000-00000000-00000000 CPUID 80000016 00000000-00000000-00000000-00000000 CPUID 80000017 00000000-00000000-00000000-00000000 CPUID 80000018 00000000-00000000-00000000-00000000 CPUID 80000019 F0300000-60100000-00000000-00000000 CPUID 8000001A 00000003-00000000-00000000-00000000 CPUID 8000001B 0000001F-00000000-00000000-00000000 MSR Registers: CPB PStates 1 CPU Clock (Normal) 4027 MHz CPU Clock (TSC) 3725 MHz CPU Multiplier 20.0x MSR 0000001B 0000-0000-FEE0-0900 MSR 0000008B 0000-0000-0100-00BF MSR 000000E7 0000-0000-0053-40AF MSR 000000E8 0000-0000-005A-1D4A MSR C0010015 0000-0000-0100-0010 MSR C001001F 0058-4000-0000-0008 MSR C0010055 0000-0000-14C1-0815 MSR C0010058 0000-0000-E000-0001 MSR C0010061 0000-0000-0000-0030 MSR C0010062 0000-0000-0000-0000 MSR C0010063 0000-0000-0000-0000 MSR C0010064 8000-019E-4000-0C18 [20.00x] [1.4750 V] [15.80 A] [PState Pb0] MSR C0010065 8000-019F-4000-1C15 [18.50x] [1.3750 V] [15.90 A] [PState P0] MSR C0010066 8000-0175-4000-2409 [12.50x] [1.3250 V] [11.70 A] [PState P1] MSR C0010067 8000-0155-4000-2C01 [ 8.50x] [1.2750 V] [ 8.50 A] [PState P2] MSR C0010068 8000-0133-4000-3440 [ 4.00x] [1.2250 V] [ 5.10 A] [PState P3] MSR C0010070 0000-0000-4000-0C18 MSR C0010071 0000-0001-4000-0C18 [20.00x] [1.4750V] MSR C0010071 0000-0001-4000-0C18 [20.00x] [1.4750V] MSR C0010071 0000-0001-4000-0C18 [20.00x] [1.4750V] MSR C0010071 0180-0001-4001-1C15 [18.50x] [1.3750V] MSR C0010071 0180-0001-4001-1C15 [18.50x] [1.3750V] MSR C0010140 0000-0000-0000-0004 MSR C0010141 0000-0000-0000-000E MSR C0011023 0000-0000-1020-0020 --------[ Motherboard ]------------------------------------------------------------------------------------------------- Motherboard Properties: Motherboard ID 10/13/2011-RD970-SB950-7A66FG05C-00 Motherboard Name Gigabyte GA-970A-UD3 Front Side Bus Properties: Bus Type AMD K10 Real Clock 201 MHz Effective Clock 201 MHz HyperTransport Clock 2014 MHz North Bridge Clock 2014 MHz Memory Bus Properties: Bus Type Ganged Dual DDR3 SDRAM Bus Width 128-bit DRAM:FSB Ratio 24:6 Real Clock 805 MHz (DDR) Effective Clock 1611 MHz Bandwidth 25773 MB/s Motherboard Physical Info: CPU Sockets/Slots 1 Socket AM3+ Expansion Slots 2 PCI, 3 PCI-E x1, 2 PCI-E x16 RAM Slots 4 DDR3 DIMM Integrated Devices Audio, Gigabit LAN, IEEE-1394 Form Factor ATX Motherboard Size 240 mm x 300 mm Motherboard Chipset AMD970 Extra Features DualBIOS, Easy Energy Saver Motherboard Manufacturer: Company Name Gigabyte Technology Co., Ltd. Product Information http://www.giga-byte.com/products/main.aspx?s=42 BIOS Download http://www.giga-byte.com/support-downloads/download-center.aspx Driver Update http://www.aida64.com/driver-updates BIOS Upgrades http://www.aida64.com/bios-updates --------[ Memory ]------------------------------------------------------------------------------------------------------ Physical Memory: Total 12285 MB Used 2741 MB Free 9544 MB Utilization 22 % Swap Space: Total 24569 MB Used 3136 MB Free 21433 MB Utilization 13 % Virtual Memory: Total 36854 MB Used 5877 MB Free 30977 MB Utilization 16 % Paging File: Paging File C:\pagefile.sys Current Size 12285 MB Current / Peak Usage 0 MB / 0 MB Utilization 0 % Physical Address Extension (PAE): Supported by Operating System Yes Supported by CPU Yes Active Yes --------[ SPD ]--------------------------------------------------------------------------------------------------------- [ DIMM1: Mushkin 991782 (996782) ] Memory Module Properties: Module Name Mushkin 991782 (996782) Serial Number None Module Size 2 GB (2 ranks, 8 banks) Module Type Unbuffered DIMM Memory Type DDR3 SDRAM Memory Speed DDR3-1333 (667 MHz) Module Width 64 bit Module Voltage 1.5 V Error Detection Method None Refresh Rate Normal (7.8 us) Memory Timings: @ 666 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 33-74-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 592 MHz 8-8-8-22 (CL-RCD-RP-RAS) / 30-66-4-9-5-5-18 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 444 MHz 6-6-6-16 (CL-RCD-RP-RAS) / 22-49-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW) Extreme Memory Profile v1.2: Profile Name Enthusiast (Certified) Memory Speed DDR3-1600 (800 MHz) Voltage 1.65 V Refresh Period (tREF) 7.9 us Recommended DIMMs Per Channel 1 @ 800 MHz 7-9-7-24 (CL-RCD-RP-RAS) / 32-74-0-4-10-6-6-24-0 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL) @ 685 MHz 6-8-6-21 (CL-RCD-RP-RAS) / 28-64-0-4-9-6-6-21-0 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL) Memory Module Features: Auto Self Refresh Supported Extended Temperature Range Supported Extended Temperature Refresh Rate Not Supported On-Die Thermal Sensor Readout Not Supported [ DIMM2: Mushkin 991782 (996782) ] Memory Module Properties: Module Name Mushkin 991782 (996782) Serial Number None Module Size 2 GB (2 ranks, 8 banks) Module Type Unbuffered DIMM Memory Type DDR3 SDRAM Memory Speed DDR3-1333 (667 MHz) Module Width 64 bit Module Voltage 1.5 V Error Detection Method None Refresh Rate Normal (7.8 us) Memory Timings: @ 666 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 33-74-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 592 MHz 8-8-8-22 (CL-RCD-RP-RAS) / 30-66-4-9-5-5-18 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 444 MHz 6-6-6-16 (CL-RCD-RP-RAS) / 22-49-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW) Extreme Memory Profile v1.2: Profile Name Enthusiast (Certified) Memory Speed DDR3-1600 (800 MHz) Voltage 1.65 V Refresh Period (tREF) 7.9 us Recommended DIMMs Per Channel 1 @ 800 MHz 7-9-7-24 (CL-RCD-RP-RAS) / 32-74-0-4-10-6-6-24-0 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL) @ 685 MHz 6-8-6-21 (CL-RCD-RP-RAS) / 28-64-0-4-9-6-6-21-0 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL) Memory Module Features: Auto Self Refresh Supported Extended Temperature Range Supported Extended Temperature Refresh Rate Not Supported On-Die Thermal Sensor Readout Not Supported [ DIMM3: G Skill F3-12800CL9-4GBRL ] Memory Module Properties: Module Name G Skill F3-12800CL9-4GBRL Serial Number None Module Size 4 GB (2 ranks, 8 banks) Module Type Unbuffered DIMM Memory Type DDR3 SDRAM Memory Speed DDR3-1600 (800 MHz) Module Width 64 bit Module Voltage 1.5 V Error Detection Method None Refresh Rate Normal (7.8 us) DRAM Manufacturer G Skill Memory Timings: @ 800 MHz 11-11-11-28 (CL-RCD-RP-RAS) / 39-128-5-12-6-6-24 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 761 MHz 10-10-10-27 (CL-RCD-RP-RAS) / 37-122-5-12-6-6-23 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 685 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 33-110-5-11-6-6-21 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 609 MHz 8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 533 MHz 7-7-7-19 (CL-RCD-RP-RAS) / 26-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 457 MHz 6-6-6-16 (CL-RCD-RP-RAS) / 22-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW) Extreme Memory Profile v1.2: Profile Name Enthusiast (Certified) Memory Speed DDR3-1600 (800 MHz) Voltage 1.50 V Refresh Period (tREF) 7.8 us Recommended DIMMs Per Channel 1 @ 800 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 40-110-2-5-12-6-6-50-9 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL) Memory Module Features: Auto Self Refresh Supported Extended Temperature Range Supported Extended Temperature Refresh Rate Not Supported On-Die Thermal Sensor Readout Not Supported Memory Module Manufacturer: Company Name G.Skill International Enterprise Product Information http://en.gskill.com/en/series/desktop-memory [ DIMM4: G Skill F3-12800CL9-4GBRL ] Memory Module Properties: Module Name G Skill F3-12800CL9-4GBRL Serial Number None Module Size 4 GB (2 ranks, 8 banks) Module Type Unbuffered DIMM Memory Type DDR3 SDRAM Memory Speed DDR3-1600 (800 MHz) Module Width 64 bit Module Voltage 1.5 V Error Detection Method None Refresh Rate Normal (7.8 us) DRAM Manufacturer G Skill Memory Timings: @ 800 MHz 11-11-11-28 (CL-RCD-RP-RAS) / 39-128-5-12-6-6-24 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 761 MHz 10-10-10-27 (CL-RCD-RP-RAS) / 37-122-5-12-6-6-23 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 685 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 33-110-5-11-6-6-21 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 609 MHz 8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 533 MHz 7-7-7-19 (CL-RCD-RP-RAS) / 26-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW) @ 457 MHz 6-6-6-16 (CL-RCD-RP-RAS) / 22-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW) Extreme Memory Profile v1.2: Profile Name Enthusiast (Certified) Memory Speed DDR3-1600 (800 MHz) Voltage 1.50 V Refresh Period (tREF) 7.8 us Recommended DIMMs Per Channel 1 @ 800 MHz 9-9-9-24 (CL-RCD-RP-RAS) / 40-110-2-5-12-6-6-50-9 (RC-RFC-CR-RRD-WR-WTR-RTP-FAW-WCL) Memory Module Features: Auto Self Refresh Supported Extended Temperature Range Supported Extended Temperature Refresh Rate Not Supported On-Die Thermal Sensor Readout Not Supported Memory Module Manufacturer: Company Name G.Skill International Enterprise Product Information http://en.gskill.com/en/series/desktop-memory --------[ Chipset ]----------------------------------------------------------------------------------------------------- [ North Bridge: AMD RX980 ] North Bridge Properties: North Bridge AMD RX980 Revision 02 Package Type 692 Pin FC-BGA Package Size 29 mm x 29 mm Process Technology 65 nm Core Voltage 1.1 V TDP 13.6 W PCI Express Controller: PCI-E 2.0 x16 port #0 In Use @ x16 (EVGA e-GeForce GTX 460 Video Adapter, nVIDIA GF104 - High Definition Audio Controller) PCI-E 2.0 x2 port #0 In Use @ x1 (Etron EJ168 USB 3.0 xHCI Controller) PCI-E 2.0 x1 port #4 In Use @ x1 (Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter) PCI-E 2.0 x1 port #5 In Use @ x1 (Etron EJ168 USB 3.0 xHCI Controller) Chipset Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/chipsets Driver Download http://support.amd.com BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ North Bridge: AMD K10 IMC ] North Bridge Properties: North Bridge AMD K10 IMC Supported Memory Types DDR2-400, DDR2-533, DDR2-667, DDR2-800, DDR2-1066, DDR3-800, DDR3-1066, DDR3-1333, DDR3-1600 SDRAM Revision 00 Process Technology 45 nm Probe Filter Not Supported Memory Controller: Type Dual Channel (128-bit) Active Mode Dual Channel (128-bit) - Ganged Memory Timings: CAS Latency (CL) 11T RAS To CAS Delay (tRCD) 11T RAS Precharge (tRP) 11T RAS Active Time (tRAS) 29T Row Cycle Time (tRC) 40T Command Rate (CR) 2T RAS To RAS Delay (tRRD) 5T Write Recovery Time (tWR) 12T Read To Read Delay (tRTR) Different Rank: 4T Write To Read Delay (tWTR) 6T, Different DIMM: 10T Write To Write Delay (tWTW) Different Rank: 3T Read To Precharge Delay (tRTP) 6T Four Activate Window Delay (tFAW) 24T Write CAS Latency (tWCL) 8T Refresh Period (tREF) 7.8 us DRAM Drive Strength 1.25x DRAM Data Drive Strength 1.25x Clock Drive Strength 1.5x CKE Drive Strength 2.0x Idle Cycle Limit 16 Burst Length (BL) 64 Error Correction: ECC Supported, Disabled ChipKill ECC Supported, Disabled RAID Not Supported DRAM Scrub Rate Disabled L1 Data Cache Scrub Rate Disabled L2 Cache Scrub Rate Disabled L3 Cache Scrub Rate Disabled Memory Slots: DRAM Slot #1 2 GB (DDR3 SDRAM) DRAM Slot #2 2 GB (DDR3 SDRAM) DRAM Slot #3 4 GB (DDR3 SDRAM) DRAM Slot #4 4 GB (DDR3 SDRAM) Chipset Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/chipsets Driver Download http://support.amd.com BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ South Bridge: AMD SB950 ] South Bridge Properties: South Bridge AMD SB950 Revision 40 Package Type 605 Pin FC-BGA Package Size 23 mm x 23 mm Process Technology 65 nm Core Voltage 1.1 V TDP 6 W High Definition Audio: Codec Name Realtek ALC889 Codec ID 10EC0889h / 1458A002h Codec Revision 1000h Codec Type Audio PCI Express Controller: PCI-E 2.0 x4 port #247 In Use @ x16 Chipset Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/chipsets Driver Download http://support.amd.com BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates --------[ BIOS ]-------------------------------------------------------------------------------------------------------- BIOS Properties: BIOS Type Award Modular BIOS Version F4 Award BIOS Type Award Modular BIOS v6.00PG Award BIOS Message GA-970A-UD3 F4 System BIOS Date 10/13/11 Video BIOS Date 11/16/10 BIOS Manufacturer: Company Name Phoenix Technologies Ltd. Product Information http://www.phoenix.com/pages/products BIOS Upgrades http://www.aida64.com/bios-updates --------[ ACPI ]-------------------------------------------------------------------------------------------------------- [ APIC: Multiple APIC Description Table ] ACPI Table Properties: ACPI Signature APIC Table Description Multiple APIC Description Table Memory Address CFDD8A40h Table Length 188 bytes OEM ID GBT OEM Table ID GBTUACPI OEM Revision 42302E31h Creator ID GBTU Creator Revision 01010101h Local APIC Address FEE00000h Processor Local APIC: ACPI Processor ID 00h APIC ID 00h Status Enabled Processor Local APIC: ACPI Processor ID 01h APIC ID 01h Status Enabled Processor Local APIC: ACPI Processor ID 02h APIC ID 02h Status Enabled Processor Local APIC: ACPI Processor ID 03h APIC ID 03h Status Enabled Processor Local APIC: ACPI Processor ID 04h APIC ID 04h Status Enabled Processor Local APIC: ACPI Processor ID 05h APIC ID 05h Status Enabled Processor Local APIC: ACPI Processor ID 06h APIC ID 06h Status Disabled Processor Local APIC: ACPI Processor ID 07h APIC ID 07h Status Disabled I/O APIC: I/O APIC ID 08h I/O APIC Address FEC00000h Global System Interrupt Base 00000000h Interrupt Source Override: Bus ISA Source IRQ0 Global System Interrupt 00000002h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Interrupt Source Override: Bus ISA Source IRQ9 Global System Interrupt 00000009h Polarity Active Low Trigger Mode Level-Triggered Local APIC NMI: ACPI Processor ID 00h Local ACPI LINT# 01h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Local APIC NMI: ACPI Processor ID 01h Local ACPI LINT# 01h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Local APIC NMI: ACPI Processor ID 02h Local ACPI LINT# 01h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Local APIC NMI: ACPI Processor ID 03h Local ACPI LINT# 01h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Local APIC NMI: ACPI Processor ID 04h Local ACPI LINT# 01h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Local APIC NMI: ACPI Processor ID 05h Local ACPI LINT# 01h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Local APIC NMI: ACPI Processor ID 06h Local ACPI LINT# 01h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus Local APIC NMI: ACPI Processor ID 07h Local ACPI LINT# 01h Polarity Conforms to the specifications of the bus Trigger Mode Conforms to the specifications of the bus [ BSTL: Gigabyte BSTL ] ACPI Table Properties: ACPI Signature BSTL Table Description Gigabyte BSTL Memory Address CFDD9DF4h Table Length 25033 bytes [ DSDT: Differentiated System Description Table ] ACPI Table Properties: ACPI Signature DSDT Table Description Differentiated System Description Table Memory Address CFDD1100h Table Length 31018 bytes OEM ID GBT OEM Table ID GBTUACPI OEM Revision 00001000h Creator ID MSFT Creator Revision 03000000h nVIDIA SLI: SLI Certification Not Present PCI 0-0-0-0 (Direct I/O) 1002-5A14 PCI 0-0-0-0 (HAL) 1002-5A14 Lucid Virtu: Virtu Certification Not Present [ FACP: Fixed ACPI Description Table ] ACPI Table Properties: ACPI Signature FACP Table Description Fixed ACPI Description Table Memory Address CFDD1080h Table Length 116 bytes OEM ID GBT OEM Table ID GBTUACPI OEM Revision 42302E31h Creator ID GBTU Creator Revision 01010101h FACS Address CFDA0000h DSDT Address CFDD1100h SMI Command Port 000000B0h PM Timer 00000808h [ FACS: Firmware ACPI Control Structure ] ACPI Table Properties: ACPI Signature FACS Table Description Firmware ACPI Control Structure Memory Address CFDA0000h Table Length 64 bytes Hardware Signature 00000000h Waking Vector 00000000h Global Lock 00000000h [ HPET: IA-PC High Precision Event Timer Table ] ACPI Table Properties: ACPI Signature HPET Table Description IA-PC High Precision Event Timer Table Memory Address CFDD9A80h Table Length 56 bytes OEM ID GBT OEM Table ID GBTUACPI OEM Revision 42302E31h Creator ID GBTU Creator Revision 00000098h HPET Address 00000000-FED00000h Vendor ID 10B9h Revision ID 01h Number of Timers 3 Counter Size 64-bit Minimum Clock Ticks 16 Page Protection No Guarantee OEM Attribute 0h LegacyReplacement IRQ Routing Supported [ MATS: Gigabyte MATS ] ACPI Table Properties: ACPI Signature MATS Table Description Gigabyte MATS Memory Address CFDD9B40h Table Length 52 bytes OEM ID GBT OEM Revision 00000000h Creator Revision 00000000h UCCA Address CFDD9B74h [ MATS: Gigabyte MATS ] ACPI Table Properties: ACPI Signature MATS Table Description Gigabyte MATS Memory Address CFDD9DC0h Table Length 25085 bytes OEM Table ID MATS RCM OEM Revision 80000001h Creator ID INTL Creator Revision 20061109h BSTL Address CFDD9DF4h [ MCFG: Memory Mapped Configuration Space Base Address Description Table ] ACPI Table Properties: ACPI Signature MCFG Table Description Memory Mapped Configuration Space Base Address Description Table Memory Address CFDD9AC0h Table Length 60 bytes OEM ID GBT OEM Table ID GBTUACPI OEM Revision 42302E31h Creator ID GBTU Creator Revision 01010101h Config Space Address 00000000-E0000000h PCI Segment 0000h Start Bus Number 00h End Bus Number FFh [ MSDM: Microsoft Data Management Table ] ACPI Table Properties: ACPI Signature MSDM Table Description Microsoft Data Management Table Memory Address CFDD9A00h Table Length 85 bytes OEM ID GBT OEM Table ID GBTUACPI OEM Revision 42302E31h Creator ID GBTU Creator Revision 01010101h [ RSD PTR: Root System Description Pointer ] ACPI Table Properties: ACPI Signature RSD PTR Table Description Root System Description Pointer Memory Address 000F6A50h Table Length 20 bytes OEM ID GBT RSDP Revision 0 (ACPI 1.0) RSDT Address CFDD1000h [ RSDT: Root System Description Table ] ACPI Table Properties: ACPI Signature RSDT Table Description Root System Description Table Memory Address CFDD1000h Table Length 76 bytes OEM ID DELL OEM Table ID PE_SC3 OEM Revision 42302E31h Creator ID GBTU Creator Revision 01010101h RSDT Entry #0 CFDD1080h (FACP) RSDT Entry #1 CFDD8B00h (SSDT) RSDT Entry #2 CFDD9A00h (MSDM) RSDT Entry #3 CFDD9A80h (HPET) RSDT Entry #4 CFDD9AC0h (MCFG) RSDT Entry #5 CFDD9B40h (MATS) RSDT Entry #6 CFDD9BB0h (TAMG) RSDT Entry #7 CFDD8A40h (APIC) RSDT Entry #8 CFDD9DC0h (MATS) RSDT Entry #9 CFDDFFBDh (SLIC) [ SLIC: Software Licensing Description Table ] ACPI Table Properties: ACPI Signature SLIC Table Description Software Licensing Description Table Memory Address CFDDFFBDh Table Length 374 bytes OEM ID DELL OEM Table ID PE_SC3 OEM Revision 00000001h Creator ID DELL Creator Revision 00000001h SLIC Version v2.1 OEM Public Key: Key Type 06h Version 02h Algorithm 00002400h Magic RSA1 Bit Length 1024 Exponent 65537 SLIC Marker: Version 00020001h OEM ID DELL OEM Table ID PE_SC3 Windows Flag WINDOWS [ SSDT: Secondary System Description Table ] ACPI Table Properties: ACPI Signature SSDT Table Description Secondary System Description Table Memory Address CFDD8B00h Table Length 3804 bytes OEM ID PTLTD OEM Table ID POWERNOW OEM Revision 00000001h Creator ID LTP Creator Revision 00000001h [ TAMG: Gigabyte TAMG ] ACPI Table Properties: ACPI Signature TAMG Table Description Gigabyte TAMG Memory Address CFDD9BB0h Table Length 514 bytes OEM ID GBT OEM Table ID GBT B0 OEM Revision 5455312Eh Creator ID BG Creator Revision 53450101h [ UCCA: Gigabyte UCCA ] ACPI Table Properties: ACPI Signature UCCA Table Description Gigabyte UCCA Memory Address CFDD9B74h Table Length 52 bytes --------[ Operating System ]-------------------------------------------------------------------------------------------- Operating System Properties: OS Name Microsoft Windows 7 Ultimate OS Language English (United States) OS Installer Language English (United States) OS Kernel Type Multiprocessor Free (64-bit) OS Version 6.1.7601.18247 (Win7 RTM) OS Service Pack Service Pack 1 OS Installation Date 10/20/2013 OS Root C:\Windows License Information: Registered Owner Devihaka Registered Organization Product ID 00426-OEM-8992662-00400 Product Key 342DG-6YJR8-X92GV-V7DCV-P4K27 Product Activation (WPA) Not Required Current Session: Computer Name SPRINGFOREST User Name Devihaka Logon Domain SpringForest UpTime 434 sec (0 days, 0 hours, 7 min, 14 sec) Components Version: Common Controls 6.16 Windows Mail 6.1.7600.16385 (win7_rtm.090713-1255) Windows Media Player 12.0.7600.16385 (win7_rtm.090713-1255) Windows Messenger - MSN Messenger - Internet Information Services (IIS) - .NET Framework 4.0.30319.18408 built by: FX451RTMGREL Novell Client - DirectX DirectX 11.0 OpenGL 6.1.7600.16385 (win7_rtm.090713-1255) ASPI - Operating System Features: Debug Version No DBCS Version No Domain Controller No Security Present No Network Present Yes Remote Session No Safe Mode No Slow Processor No Terminal Services Yes --------[ Processes ]--------------------------------------------------------------------------------------------------- acrotray.exe C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe 32-bit 7440 KB 2 KB ActualMultipleMonitorsCenter.exe C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe 32-bit 2324 KB 7 KB ActualMultipleMonitorsCenter64.exe C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe 64-bit 7492 KB 4 KB ActualMultipleMonitorsShellCenter64.exe C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe 64-bit 3840 KB 10 KB aida64.exe C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe 32-bit 42936 KB 34 KB armsvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 32-bit 3936 KB 1 KB audiodg.exe 64-bit 18452 KB 18 KB c2c_service.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 32-bit 7916 KB 2 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 32-bit 58144 KB 51 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 32-bit 126 MB 115 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 32-bit 70328 KB 56 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 32-bit 72356 KB 77 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 32-bit 61488 KB 55 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 32-bit 64940 KB 61 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 32-bit 22848 KB 22 KB chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 32-bit 40832 KB 34 KB ComUpdatus.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe 64-bit 10580 KB 4 KB conhost.exe C:\Windows\system32\conhost.exe 64-bit 5040 KB 1 KB consent.exe C:\Windows\system32\consent.exe 64-bit 12632 KB 5 KB csrss.exe C:\Windows\system32\csrss.exe 64-bit 4792 KB 2 KB csrss.exe C:\Windows\system32\csrss.exe 64-bit 31980 KB 22 KB daemonu.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 32-bit 9264 KB 3 KB dwm.exe C:\Windows\system32\Dwm.exe 64-bit 50188 KB 43 KB explorer.exe C:\Windows\Explorer.EXE 64-bit 85840 KB 59 KB flux.exe C:\Users\Devihaka\AppData\Local\FluxSoftware\Flux\flux.exe 32-bit 27508 KB 36 KB googledrivesync.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe 32-bit 3392 KB 1 KB googledrivesync.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe 32-bit 59564 KB 46 KB HPNetworkCommunicator.exe C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe 64-bit 8596 KB 3 KB jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 32-bit 4492 KB 1 KB LCDClock.exe C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe 64-bit 14000 KB 8 KB LCDCountdown.exe C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe 64-bit 14688 KB 8 KB LCDMedia.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe 32-bit 12380 KB 9 KB LCDPOP3.exe C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe 64-bit 13908 KB 7 KB LCDRSS.exe C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe 64-bit 19216 KB 9 KB LCore.exe C:\Program Files\Logitech Gaming Software\LCore.exe 64-bit 57876 KB 55 KB lsass.exe C:\Windows\system32\lsass.exe 64-bit 12272 KB 4 KB lsm.exe C:\Windows\system32\lsm.exe 64-bit 4864 KB 3 KB mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 32-bit 9088 KB 3 KB mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 32-bit 6008 KB 2 KB mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 32-bit 64428 KB 125 KB MsMpEng.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe 64-bit 82976 KB 71 KB msseces.exe C:\Program Files\Microsoft Security Client\msseces.exe 64-bit 17420 KB 8 KB netsession_win.exe C:\Users\Devihaka\AppData\Local\Akamai\netsession_win.exe 32-bit 17748 KB 8 KB netsession_win.exe C:\Users\Devihaka\AppData\Local\Akamai\netsession_win.exe 32-bit 9876 KB 3 KB NisSrv.exe c:\Program Files\Microsoft Security Client\NisSrv.exe 64-bit 4668 KB 8 KB nvSCPAPISvr.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 32-bit 5864 KB 2 KB nvstreamsvc.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe 64-bit 9468 KB 3 KB nvstreamsvc.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe 64-bit 10288 KB 5 KB NvTmru.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe 32-bit 9108 KB 4 KB nvtray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 64-bit 15992 KB 8 KB nvvsvc.exe C:\Windows\system32\nvvsvc.exe 64-bit 13628 KB 6 KB nvvsvc.exe C:\Windows\system32\nvvsvc.exe 64-bit 7912 KB 3 KB nvxdsync.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 64-bit 20776 KB 9 KB OSPPSVC.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 64-bit 14252 KB 5 KB Plex Media Server.exe C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe 32-bit 32212 KB 24 KB puush.exe C:\Program Files (x86)\puush\puush.exe 32-bit 968 KB 24 KB RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 64-bit 14336 KB 12 KB ScanToPCActivationApp.exe C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe 64-bit 15984 KB 7 KB SearchFilterHost.exe C:\Windows\system32\SearchFilterHost.exe 64-bit 7188 KB 3 KB SearchIndexer.exe C:\Windows\system32\SearchIndexer.exe 64-bit 21460 KB 28 KB SearchProtocolHost.exe C:\Windows\system32\SearchProtocolHost.exe 64-bit 8912 KB 4 KB services.exe C:\Windows\system32\services.exe 64-bit 9660 KB 5 KB smss.exe 64-bit 1292 KB 0 KB Snagit32.exe C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe 32-bit 45652 KB 46 KB SnagitEditor.exe C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe 32-bit 51996 KB 29 KB SnagPriv.exe C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe 32-bit 5404 KB 1 KB splwow64.exe C:\Windows\splwow64.exe 64-bit 5212 KB 1 KB splwow64.exe C:\Windows\splwow64.exe 64-bit 4956 KB 1 KB spoolsv.exe C:\Windows\System32\spoolsv.exe 64-bit 15272 KB 8 KB SpotifyWebHelper.exe C:\Users\Devihaka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe 32-bit 7900 KB 3 KB sppsvc.exe C:\Windows\system32\sppsvc.exe 64-bit 8848 KB 3 KB sqlwriter.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 64-bit 6496 KB 2 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 36764 KB 31 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 6004 KB 2 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 17360 KB 15 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 50948 KB 48 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 9912 KB 5 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 15200 KB 8 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 14052 KB 11 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 166 MB 158 KB svchost.exe C:\Windows\System32\svchost.exe 64-bit 26664 KB 28 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 10776 KB 5 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 19484 KB 10 KB svchost.exe C:\Windows\system32\svchost.exe 64-bit 8352 KB 4 KB System Idle Process 24 KB 0 KB System 64-bit 1060 KB 0 KB taskeng.exe C:\Windows\system32\taskeng.exe 64-bit 5632 KB 2 KB taskhost.exe C:\Windows\system32\taskhost.exe 64-bit 15228 KB 11 KB TscHelp.exe C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe 32-bit 5780 KB 2 KB wininit.exe C:\Windows\system32\wininit.exe 64-bit 4824 KB 1 KB winlogon.exe C:\Windows\system32\winlogon.exe 64-bit 8276 KB 3 KB WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 32-bit 6816 KB 3 KB WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 64-bit 10108 KB 4 KB WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe 64-bit 7344 KB 3 KB wmpnetwk.exe C:\Program Files\Windows Media Player\wmpnetwk.exe 64-bit 29900 KB 12 KB --------[ System Drivers ]---------------------------------------------------------------------------------------------- 1394ohci 1394 OHCI Compliant Host Controller 1394ohci.sys 6.1.7601.17514 Kernel Driver Running ACPI Microsoft ACPI Driver ACPI.sys 6.1.7601.17514 Kernel Driver Running AcpiPmi ACPI Power Meter Driver acpipmi.sys 6.1.7601.17514 Kernel Driver Stopped adp94xx adp94xx adp94xx.sys 1.6.6.4 Kernel Driver Stopped adpahci adpahci adpahci.sys 1.6.6.1 Kernel Driver Stopped adpu320 adpu320 adpu320.sys 7.2.0.0 Kernel Driver Stopped AFD Ancillary Function Driver for Winsock afd.sys 6.1.7601.18272 Kernel Driver Running agp440 Intel AGP Bus Filter agp440.sys 6.1.7600.16385 Kernel Driver Stopped AIDA64Driver FinalWire AIDA64 Kernel Driver kerneld.x64 Kernel Driver Running aliide aliide aliide.sys 1.2.0.0 Kernel Driver Stopped amdide amdide amdide.sys 6.1.7600.16385 Kernel Driver Stopped AmdK8 AMD K8 Processor Driver amdk8.sys 6.1.7600.16385 Kernel Driver Stopped AmdPPM AMD Processor Driver amdppm.sys 6.1.7600.16385 Kernel Driver Running amdsata amdsata amdsata.sys 1.1.2.5 Kernel Driver Stopped amdsbs amdsbs amdsbs.sys 3.6.1540.127 Kernel Driver Stopped amdxata amdxata amdxata.sys 1.1.2.5 Kernel Driver Running AppID AppID Driver appid.sys 6.1.7601.17514 Kernel Driver Stopped AppleCharger AppleCharger AppleCharger.sys Kernel Driver Running arc arc arc.sys 5.2.0.10384 Kernel Driver Stopped arcsas arcsas arcsas.sys 5.2.0.16119 Kernel Driver Stopped AsyncMac RAS Asynchronous Media Driver asyncmac.sys 6.1.7600.16385 Kernel Driver Running atapi IDE Channel atapi.sys 6.1.7600.16385 Kernel Driver Running b06bdrv Broadcom NetXtreme II VBD bxvbda.sys 4.8.2.0 Kernel Driver Stopped b57nd60a Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 b57nd60a.sys 10.100.4.0 Kernel Driver Stopped Beep Beep Kernel Driver Running blbdrive blbdrive blbdrive.sys 6.1.7600.16385 Kernel Driver Running bowser Browser Support Driver bowser.sys 6.1.7601.17565 File System Driver Running BrFiltLo Brother USB Mass-Storage Lower Filter Driver BrFiltLo.sys 1.10.0.2 Kernel Driver Stopped BrFiltUp Brother USB Mass-Storage Upper Filter Driver BrFiltUp.sys 1.4.0.1 Kernel Driver Stopped Brserid Brother MFC Serial Port Interface Driver (WDM) Brserid.sys 1.0.1.6 Kernel Driver Stopped BrSerWdm Brother WDM Serial driver BrSerWdm.sys 1.0.0.20 Kernel Driver Stopped BrUsbMdm Brother MFC USB Fax Only Modem BrUsbMdm.sys 1.0.0.12 Kernel Driver Stopped BrUsbSer Brother MFC USB Serial WDM Driver BrUsbSer.sys 1.0.1.3 Kernel Driver Stopped BTHMODEM Bluetooth Serial Communications Driver bthmodem.sys 6.1.7600.16385 Kernel Driver Stopped cdfs CD/DVD File System Reader cdfs.sys 6.1.7600.16385 File System Driver Running cdrom CD-ROM Driver cdrom.sys 6.1.7601.17514 Kernel Driver Running circlass Consumer IR Devices circlass.sys 6.1.7600.16385 Kernel Driver Stopped CLFS Common Log (CLFS) CLFS.sys 6.1.7600.16385 Kernel Driver Running CmBatt Microsoft ACPI Control Method Battery Driver CmBatt.sys 6.1.7600.16385 Kernel Driver Stopped cmdide cmdide cmdide.sys 2.0.7.0 Kernel Driver Stopped CNG CNG cng.sys 6.1.7601.17919 Kernel Driver Running Compbatt Compbatt compbatt.sys 6.1.7600.16385 Kernel Driver Stopped CompositeBus Composite Bus Enumerator Driver CompositeBus.sys 6.1.7601.17514 Kernel Driver Running crcdisk Crcdisk Filter Driver crcdisk.sys 6.1.7600.16385 Kernel Driver Stopped CSC Offline Files Driver csc.sys 6.1.7601.17514 Kernel Driver Running DfsC DFS Namespace Client Driver dfsc.sys 6.1.7601.17514 File System Driver Running discache System Attribute Cache discache.sys 6.1.7600.16385 Kernel Driver Running Disk Disk Driver disk.sys 6.1.7600.16385 Kernel Driver Running drmkaud Microsoft Trusted Audio Drivers drmkaud.sys 6.1.7600.16385 Kernel Driver Stopped DXGKrnl LDDM Graphics Subsystem dxgkrnl.sys 6.1.7601.18228 Kernel Driver Running ebdrv Broadcom NetXtreme II 10 GigE VBD evbda.sys 4.8.13.0 Kernel Driver Stopped elxstor elxstor elxstor.sys 7.2.10.211 Kernel Driver Stopped ErrDev Microsoft Hardware Error Device Driver errdev.sys 6.1.7600.16385 Kernel Driver Stopped EtronHub3 Etron USB 3.0 Extensible Hub Driver EtronHub3.sys 0.0.0.104 Kernel Driver Running EtronXHCI Etron USB 3.0 Extensible Host Controller Driver EtronXHCI.sys 0.0.0.104 Kernel Driver Running exfat exFAT File System Driver File System Driver Stopped fastfat FAT12/16/32 File System Driver File System Driver Stopped fdc Floppy Disk Controller Driver fdc.sys 6.1.7600.16385 Kernel Driver Stopped FileInfo File Information FS MiniFilter fileinfo.sys 6.1.7600.16385 File System Driver Running Filetrace Filetrace filetrace.sys 6.1.7600.16385 File System Driver Stopped flpydisk Floppy Disk Driver flpydisk.sys 6.1.7600.16385 Kernel Driver Stopped FltMgr FltMgr fltmgr.sys 6.1.7601.17514 File System Driver Running FsDepends File System Dependency Minifilter FsDepends.sys 6.1.7600.16385 File System Driver Stopped fvevol Bitlocker Drive Encryption Filter Driver fvevol.sys 6.1.7601.18062 Kernel Driver Running gagp30kx Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms gagp30kx.sys 6.1.7600.16385 Kernel Driver Stopped gdrv gdrv gdrv.sys 5.2.3790.1830 Kernel Driver Stopped hcw85cir Hauppauge Consumer Infrared Receiver hcw85cir.sys 1.31.27127.0 Kernel Driver Stopped HdAudAddService Microsoft 1.1 UAA Function Driver for High Definition Audio Service HdAudio.sys 6.1.7601.17514 Kernel Driver Stopped HDAudBus Microsoft UAA Bus Driver for High Definition Audio HDAudBus.sys 6.1.7601.17514 Kernel Driver Running HidBatt HID UPS Battery Driver HidBatt.sys 6.1.7600.16385 Kernel Driver Stopped HidBth Microsoft Bluetooth HID Miniport hidbth.sys 6.1.7600.16385 Kernel Driver Stopped HidIr Microsoft Infrared HID Driver hidir.sys 6.1.7600.16385 Kernel Driver Stopped HidUsb Microsoft HID Class Driver hidusb.sys 6.1.7601.17514 Kernel Driver Running HpSAMD HpSAMD HpSAMD.sys 6.12.6.64 Kernel Driver Stopped HTCAND64 HTC Device Driver ANDROIDUSB.sys 2.0.7.1 Kernel Driver Stopped HTTP HTTP HTTP.sys 6.1.7601.17514 Kernel Driver Running hwpolicy Hardware Policy Driver hwpolicy.sys 6.1.7601.17514 Kernel Driver Running i8042prt i8042 Keyboard and PS/2 Mouse Port Driver i8042prt.sys 6.1.7600.16385 Kernel Driver Stopped iaStorV Intel RAID Controller Windows 7 iaStorV.sys 8.6.2.1014 Kernel Driver Stopped iirsp iirsp iirsp.sys 5.4.22.0 Kernel Driver Stopped IntcAzAudAddService Service for Realtek HD Audio (WDM) RTKVHD64.sys 6.0.1.6433 Kernel Driver Running intelide intelide intelide.sys 6.1.7600.16385 Kernel Driver Stopped intelppm Intel Processor Driver intelppm.sys 6.1.7600.16385 Kernel Driver Stopped IpFilterDriver IP Traffic Filter Driver ipfltdrv.sys 6.1.7601.17514 Kernel Driver Stopped IPMIDRV IPMIDRV IPMIDrv.sys 6.1.7601.17514 Kernel Driver Stopped IPNAT IP Network Address Translator ipnat.sys 6.1.7600.16385 Kernel Driver Stopped IRENUM IR Bus Enumerator irenum.sys 6.1.7600.16385 Kernel Driver Stopped isapnp isapnp isapnp.sys 6.1.7600.16385 Kernel Driver Stopped iScsiPrt iScsiPort Driver msiscsi.sys 6.1.7601.17514 Kernel Driver Stopped kbdclass Keyboard Class Driver kbdclass.sys 6.1.7600.16385 Kernel Driver Running kbdhid Keyboard HID Driver kbdhid.sys 6.1.7601.17514 Kernel Driver Running KSecDD KSecDD ksecdd.sys 6.1.7601.18270 Kernel Driver Running KSecPkg KSecPkg ksecpkg.sys 6.1.7601.18270 Kernel Driver Running ksthunk Kernel Streaming Thunks ksthunk.sys 6.1.7600.16385 Kernel Driver Running LGBusEnum Logitech GamePanel Virtual Bus Enumerator Driver LGBusEnum.sys 3.4.131.0 Kernel Driver Running LGSHidFilt Logitech Gaming KMDF HID Filter Driver LGSHidFilt.Sys 8.45.35.0 Kernel Driver Running LGVirHid Logitech Gamepanel Virtual HID Device Driver LGVirHid.sys 3.4.131.0 Kernel Driver Running lltdio Link-Layer Topology Discovery Mapper I/O Driver lltdio.sys 6.1.7600.16385 Kernel Driver Running LSI_FC LSI_FC lsi_fc.sys 1.28.3.52 Kernel Driver Stopped LSI_SAS LSI_SAS lsi_sas.sys 1.28.3.52 Kernel Driver Stopped LSI_SAS2 LSI_SAS2 lsi_sas2.sys 2.0.2.71 Kernel Driver Stopped LSI_SCSI LSI_SCSI lsi_scsi.sys 1.28.3.67 Kernel Driver Stopped luafv UAC File Virtualization luafv.sys 6.1.7600.16385 File System Driver Running MBAMProtector MBAMProtector mbam.sys 1.60.2.0 File System Driver Running megasas megasas megasas.sys 4.5.1.64 Kernel Driver Stopped MegaSR MegaSR MegaSR.sys 13.5.409.2009 Kernel Driver Stopped Modem Modem modem.sys 6.1.7600.16385 Kernel Driver Stopped monitor Microsoft Monitor Class Function Driver Service monitor.sys 6.1.7600.16385 Kernel Driver Running mouclass Mouse Class Driver mouclass.sys 6.1.7600.16385 Kernel Driver Running mouhid Mouse HID Driver mouhid.sys 6.1.7600.16385 Kernel Driver Running mountmgr Mount Point Manager mountmgr.sys 6.1.7601.17514 Kernel Driver Running MpFilter Microsoft Malware Protection Driver MpFilter.sys 4.4.300.0 File System Driver Running mpio Microsoft Multi-Path Bus Driver mpio.sys 6.1.7601.17514 Kernel Driver Stopped mpsdrv Windows Firewall Authorization Driver mpsdrv.sys 6.1.7600.16385 Kernel Driver Running MRxDAV WebDav Client Redirector Driver mrxdav.sys 6.1.7601.18201 File System Driver Stopped mrxsmb SMB MiniRedirector Wrapper and Engine mrxsmb.sys 6.1.7601.17605 File System Driver Running mrxsmb10 SMB 1.x MiniRedirector mrxsmb10.sys 6.1.7601.17647 File System Driver Running mrxsmb20 SMB 2.0 MiniRedirector mrxsmb20.sys 6.1.7601.17605 File System Driver Running msahci msahci msahci.sys 6.1.7601.17514 Kernel Driver Stopped msdsm Microsoft Multi-Path Device Specific Module msdsm.sys 6.1.7601.17514 Kernel Driver Stopped Msfs Msfs File System Driver Running mshidkmdf Pass-through HID to KMDF Filter Driver mshidkmdf.sys 6.1.7600.16385 Kernel Driver Stopped msisadrv msisadrv msisadrv.sys 6.1.7600.16385 Kernel Driver Running MSKSSRV Microsoft Streaming Service Proxy MSKSSRV.sys 6.1.7600.16385 Kernel Driver Stopped MSPCLOCK Microsoft Streaming Clock Proxy MSPCLOCK.sys 6.1.7600.16385 Kernel Driver Stopped MSPQM Microsoft Streaming Quality Manager Proxy MSPQM.sys 6.1.7600.16385 Kernel Driver Stopped MsRPC MsRPC Kernel Driver Stopped mssmbios Microsoft System Management BIOS Driver mssmbios.sys 6.1.7600.16385 Kernel Driver Running MSTEE Microsoft Streaming Tee/Sink-to-Sink Converter MSTEE.sys 6.1.7600.16385 Kernel Driver Stopped MTConfig Microsoft Input Configuration Driver MTConfig.sys 6.1.7600.16385 Kernel Driver Stopped Mup Mup mup.sys 6.1.7600.16385 File System Driver Running NativeWifiP NativeWiFi Filter nwifi.sys 6.1.7600.16385 Kernel Driver Stopped NDIS NDIS System Driver ndis.sys 6.1.7601.17939 Kernel Driver Running NdisCap NDIS Capture LightWeight Filter ndiscap.sys 6.1.7600.16385 Kernel Driver Stopped NdisTapi Remote Access NDIS TAPI Driver ndistapi.sys 6.1.7600.16385 Kernel Driver Running Ndisuio NDIS Usermode I/O Protocol ndisuio.sys 6.1.7601.17514 Kernel Driver Stopped NdisWan Remote Access NDIS WAN Driver ndiswan.sys 6.1.7601.17514 Kernel Driver Running NDProxy NDIS Proxy Kernel Driver Running NetBIOS NetBIOS Interface netbios.sys 6.1.7600.16385 File System Driver Running NetBT NetBT netbt.sys 6.1.7601.17514 Kernel Driver Running nfrd960 nfrd960 nfrd960.sys 7.10.0.0 Kernel Driver Stopped NisDrv Microsoft Network Inspection System NisDrvWFP.sys 4.4.300.0 Kernel Driver Running Npfs Npfs File System Driver Running nsiproxy NSI proxy service driver. nsiproxy.sys 6.1.7600.16385 Kernel Driver Running Ntfs Ntfs File System Driver Running Null Null Kernel Driver Running nv_agp NVIDIA nForce AGP Bus Filter nv_agp.sys 6.1.7600.16385 Kernel Driver Stopped NVHDA Service for NVIDIA High Definition Audio Driver nvhda64v.sys 1.3.26.4 Kernel Driver Running nvlddmkm nvlddmkm nvlddmkm.sys 9.18.13.3182 Kernel Driver Running nvraid nvraid nvraid.sys 10.6.0.18 Kernel Driver Running nvrd64 nvrd64 nvrd64.sys 11.1.0.30 Kernel Driver Stopped nvsmu nvsmu nvsmu.sys 5.10.2600.171 Kernel Driver Stopped nvstor nvstor nvstor.sys 10.6.0.18 Kernel Driver Stopped nvstor64 nvstor64 nvstor64.sys 11.1.0.30 Kernel Driver Stopped nvvad_WaveExtensible NVIDIA Virtual Audio Device (Wave Extensible) (WDM) nvvad64v.sys 1.2.9.0 Kernel Driver Running ohci1394 1394 OHCI Compliant Host Controller (Legacy) ohci1394.sys 6.1.7600.16385 Kernel Driver Stopped Parport Parallel port driver parport.sys 6.1.7600.16385 Kernel Driver Stopped partmgr Partition Manager partmgr.sys 6.1.7601.17796 Kernel Driver Running pci PCI Bus Driver pci.sys 6.1.7601.17514 Kernel Driver Running pciide pciide pciide.sys 6.1.7600.16385 Kernel Driver Running pcmcia pcmcia pcmcia.sys 6.1.7600.16385 Kernel Driver Stopped pcw Performance Counters for Windows Driver pcw.sys 6.1.7600.16385 Kernel Driver Running PEAUTH PEAUTH peauth.sys 6.1.7600.16385 Kernel Driver Running PptpMiniport WAN Miniport (PPTP) raspptp.sys 6.1.7601.17514 Kernel Driver Running Processor Processor Driver processr.sys 6.1.7600.16385 Kernel Driver Stopped Psched QoS Packet Scheduler pacer.sys 6.1.7601.17514 Kernel Driver Running ql2300 ql2300 ql2300.sys 9.1.8.6 Kernel Driver Stopped ql40xx ql40xx ql40xx.sys 2.1.3.20 Kernel Driver Stopped QWAVEdrv QWAVE driver qwavedrv.sys 6.1.7600.16385 Kernel Driver Stopped RasAcd Remote Access Auto Connection Driver rasacd.sys 6.1.7600.16385 Kernel Driver Stopped RasAgileVpn WAN Miniport (IKEv2) AgileVpn.sys 6.1.7600.16385 Kernel Driver Running Rasl2tp WAN Miniport (L2TP) rasl2tp.sys 6.1.7601.17514 Kernel Driver Running RasPppoe Remote Access PPPOE Driver raspppoe.sys 6.1.7600.16385 Kernel Driver Running RasSstp WAN Miniport (SSTP) rassstp.sys 6.1.7600.16385 Kernel Driver Running rdbss Redirected Buffering Sub Sysytem rdbss.sys 6.1.7601.17514 File System Driver Running rdpbus Remote Desktop Device Redirector Bus Driver rdpbus.sys 6.1.7600.16385 Kernel Driver Running RDPCDD RDPCDD RDPCDD.sys 6.1.7600.16385 Kernel Driver Running RDPDR Terminal Server Device Redirector Driver rdpdr.sys 6.1.7601.17514 Kernel Driver Stopped RDPENCDD RDP Encoder Mirror Driver rdpencdd.sys 6.1.7600.16385 Kernel Driver Running RDPREFMP Reflector Display Driver used to gain access to graphics data rdprefmp.sys 6.1.7600.16385 Kernel Driver Running RdpVideoMiniport Remote Desktop Video Miniport Driver rdpvideominiport.sys 6.2.9200.16398 Kernel Driver Stopped RDPWD RDP Winstation Driver Kernel Driver Stopped rdyboost ReadyBoost rdyboost.sys 6.1.7601.17514 Kernel Driver Running rspndr Link-Layer Topology Discovery Responder rspndr.sys 6.1.7600.16385 Kernel Driver Running RTL8167 Realtek 8167 NT Driver Rt64win7.sys 7.38.113.2011 Kernel Driver Running s3cap s3cap vms3cap.sys 6.1.7601.17514 Kernel Driver Stopped sbp2port SBP-2 Transport/Protocol Bus Driver sbp2port.sys 6.1.7601.17514 Kernel Driver Stopped scfilter Smart card PnP Class Filter Driver scfilter.sys 6.1.7601.17514 Kernel Driver Stopped secdrv Security Driver Kernel Driver Running Serenum Serenum Filter Driver serenum.sys 6.1.7600.16385 Kernel Driver Running Serial Serial port driver serial.sys 6.1.7600.16385 Kernel Driver Running sermouse Serial Mouse Driver sermouse.sys 6.1.7600.16385 Kernel Driver Stopped sffdisk SFF Storage Class Driver sffdisk.sys 6.1.7600.16385 Kernel Driver Stopped sffp_mmc SFF Storage Protocol Driver for MMC sffp_mmc.sys 6.1.7600.16385 Kernel Driver Stopped sffp_sd SFF Storage Protocol Driver for SDBus sffp_sd.sys 6.1.7601.17514 Kernel Driver Stopped sfloppy High-Capacity Floppy Disk Drive sfloppy.sys 6.1.7600.16385 Kernel Driver Stopped SiSRaid2 SiSRaid2 SiSRaid2.sys 5.1.1039.2600 Kernel Driver Stopped SiSRaid4 SiSRaid4 sisraid4.sys 5.1.1039.3600 Kernel Driver Stopped Smb Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) smb.sys 6.1.7600.16385 Kernel Driver Stopped spldr Security Processor Loader Driver Kernel Driver Running srv Server SMB 1.xxx Driver srv.sys 6.1.7601.17608 File System Driver Running srv2 Server SMB 2.xxx Driver srv2.sys 6.1.7601.17608 File System Driver Running srvnet srvnet srvnet.sys 6.1.7601.17608 File System Driver Running stexstor stexstor stexstor.sys 5.0.1.1 Kernel Driver Stopped StillCam Still Serial Digital Camera Driver serscan.sys 6.1.7600.16385 Kernel Driver Running storflt Disk Virtual Machine Bus Acceleration Filter Driver vmstorfl.sys 6.1.7601.17514 Kernel Driver Running storvsc storvsc storvsc.sys 6.1.7601.17514 Kernel Driver Stopped swenum Software Bus Driver swenum.sys 6.1.7600.16385 Kernel Driver Running Synth3dVsc Synth3dVsc synth3dvsc.sys Kernel Driver Stopped Tcpip TCP/IP Protocol Driver tcpip.sys 6.1.7601.18254 Kernel Driver Running TCPIP6 Microsoft IPv6 Protocol Driver tcpip.sys 6.1.7601.18254 Kernel Driver Stopped tcpipreg TCP/IP Registry Compatibility tcpipreg.sys 6.1.7601.17964 Kernel Driver Running TDPIPE TDPIPE tdpipe.sys 6.1.7600.16385 Kernel Driver Stopped TDTCP TDTCP tdtcp.sys 6.1.7601.17779 Kernel Driver Stopped tdx NetIO Legacy TDI Support Driver tdx.sys 6.1.7601.17514 Kernel Driver Running TermDD Terminal Device Driver termdd.sys 6.1.7601.17514 Kernel Driver Running tssecsrv Remote Desktop Services Security Filter Driver tssecsrv.sys 6.1.7601.18186 Kernel Driver Stopped TsUsbFlt TsUsbFlt tsusbflt.sys 6.2.9200.16398 Kernel Driver Stopped tsusbhub tsusbhub tsusbhub.sys Kernel Driver Stopped tunnel Microsoft Tunnel Miniport Adapter Driver tunnel.sys 6.1.7601.17514 Kernel Driver Running uagp35 Microsoft AGPv3.5 Filter uagp35.sys 6.1.7600.16385 Kernel Driver Stopped udfs udfs udfs.sys 6.1.7601.17514 File System Driver Stopped uliagpkx Uli AGP Bus Filter uliagpkx.sys 6.1.7600.16385 Kernel Driver Stopped umbus UMBus Enumerator Driver umbus.sys 6.1.7601.17514 Kernel Driver Running UmPass Microsoft UMPass Driver umpass.sys 6.1.7600.16385 Kernel Driver Stopped usbccgp Microsoft USB Generic Parent Driver usbccgp.sys 6.1.7601.18251 Kernel Driver Running usbcir eHome Infrared Receiver (USBCIR) usbcir.sys 6.1.7601.18208 Kernel Driver Stopped usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver usbehci.sys 6.1.7601.18251 Kernel Driver Running usbhub Microsoft USB Standard Hub Driver usbhub.sys 6.1.7601.18251 Kernel Driver Running usbohci Microsoft USB Open Host Controller Miniport Driver usbohci.sys 6.1.7601.18251 Kernel Driver Running usbprint Microsoft USB PRINTER Class usbprint.sys 6.1.7600.16385 Kernel Driver Stopped USBSTOR USB Mass Storage Driver USBSTOR.SYS 6.1.7601.17577 Kernel Driver Stopped usbuhci Microsoft USB Universal Host Controller Miniport Driver usbuhci.sys 6.1.7601.18251 Kernel Driver Stopped usj usj ussjcs64.sys Kernel Driver Stopped VBoxDrv VirtualBox Service VBoxDrv.sys 4.3.0.0 Kernel Driver Running VBoxNetAdp VirtualBox Host-Only Ethernet Adapter VBoxNetAdp.sys 4.3.0.0 Kernel Driver Running VBoxNetFlt VirtualBox Bridged Networking Service VBoxNetFlt.sys 4.3.0.0 Kernel Driver Running VBoxUSBMon VirtualBox USB Monitor Driver VBoxUSBMon.sys 4.3.0.0 Kernel Driver Running vdrvroot Microsoft Virtual Drive Enumerator Driver vdrvroot.sys 6.1.7600.16385 Kernel Driver Running vga vga vgapnp.sys 6.1.7600.16385 Kernel Driver Stopped VgaSave VgaSave vga.sys 6.1.7600.16385 Kernel Driver Running VGPU VGPU rdvgkmd.sys Kernel Driver Stopped vhdmp vhdmp vhdmp.sys 6.1.7601.17514 Kernel Driver Stopped viaide viaide viaide.sys 6.0.6000.170 Kernel Driver Stopped vmbus Virtual Machine Bus vmbus.sys 6.1.7601.17514 Kernel Driver Running VMBusHID VMBusHID VMBusHID.sys 6.1.7601.17514 Kernel Driver Stopped volmgr Volume Manager Driver volmgr.sys 6.1.7601.17514 Kernel Driver Running volmgrx Dynamic Volume Manager volmgrx.sys 6.1.7601.17514 Kernel Driver Running volsnap Storage volumes volsnap.sys 6.1.7601.17514 Kernel Driver Running vpcbus Virtual PC Host Bus Service vpchbus.sys 6.1.7084.0 Kernel Driver Running vpcnfltr Virtual PC Network Filter Driver vpcnfltr.sys 6.1.7084.0 Kernel Driver Running vpcusb USB Virtualization Connector Service vpcusb.sys 6.1.7084.0 Kernel Driver Running vpcvmm Virtual PC Virtual Machine Monitor vpcvmm.sys 6.1.7084.0 Kernel Driver Running vsmraid vsmraid vsmraid.sys 6.0.6000.6210 Kernel Driver Stopped VSPerfDrv110 Performance Tools Driver 11.0 VSPerfDrv110.sys 11.0.50702.1 Kernel Driver Stopped vwifibus Virtual WiFi Bus Driver vwifibus.sys 6.1.7600.16385 Kernel Driver Stopped WacomPen Wacom Serial Pen HID Driver wacompen.sys 6.1.7600.16385 Kernel Driver Stopped WANARP Remote Access IP ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Stopped Wanarpv6 Remote Access IPv6 ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Running Wd Wd wd.sys 6.1.7600.16385 Kernel Driver Stopped Wdf01000 Kernel Mode Driver Frameworks service Wdf01000.sys 1.11.9200.16648 Kernel Driver Running WfpLwf WFP Lightweight Filter wfplwf.sys 6.1.7600.16385 Kernel Driver Running WIMMount WIMMount wimmount.sys 6.1.7600.16385 File System Driver Stopped WinUsb WinUsb WinUsb.sys 6.1.7601.17514 Kernel Driver Stopped WmiAcpi Microsoft Windows Management Interface for ACPI wmiacpi.sys 6.1.7600.16385 Kernel Driver Running ws2ifsl Winsock IFS Driver ws2ifsl.sys 6.1.7600.16385 Kernel Driver Stopped WSDPrintDevice WSD Print Support via UMB WSDPrint.sys 6.1.7600.16385 Kernel Driver Stopped WudfPf User Mode Driver Frameworks Platform Driver WudfPf.sys 6.2.9200.16384 Kernel Driver Stopped WUDFRd WUDFRd WUDFRd.sys 6.2.9200.16384 Kernel Driver Stopped xnacc XBOX 360 Controller For Windows Driver Service xnacc.sys 6.1.7600.16385 Kernel Driver Stopped xusb21 Xbox 360 Wireless Receiver Driver Service 21 xusb21.sys 9.18.1034.0 Kernel Driver Stopped --------[ Services ]---------------------------------------------------------------------------------------------------- AdobeARMservice Adobe Acrobat Update Service armsvc.exe 1.7.4.0 Own Process Running LocalSystem AdobeFlashPlayerUpdateSvc Adobe Flash Player Update Service FlashPlayerUpdateService.exe 11.9.900.170 Own Process Stopped LocalSystem AeLookupSvc Application Experience svchost.exe 6.1.7600.16385 Share Process Running localSystem ALG Application Layer Gateway Service alg.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService AppIDSvc Application Identity svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService Appinfo Application Information svchost.exe 6.1.7600.16385 Share Process Running LocalSystem AppleChargerSrv AppleChargerSrv AppleChargerSrv.exe Own Process Stopped localSystem AppMgmt Application Management svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem aspnet_state ASP.NET State Service aspnet_state.exe 4.0.30319.18408 Own Process Stopped NT AUTHORITY\NetworkService AudioEndpointBuilder Windows Audio Endpoint Builder svchost.exe 6.1.7600.16385 Share Process Running LocalSystem AudioSrv Windows Audio svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService AxInstSV ActiveX Installer (AxInstSV) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem BDESVC BitLocker Drive Encryption Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem BFE Base Filtering Engine svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService BITS Background Intelligent Transfer Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem Browser Computer Browser svchost.exe 6.1.7600.16385 Share Process Running LocalSystem bthserv Bluetooth Support Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService CertPropSvc Certificate Propagation svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem clr_optimization_v2.0.50727_32 Microsoft .NET Framework NGEN v2.0.50727_X86 mscorsvw.exe 2.0.50727.4927 Own Process Stopped LocalSystem clr_optimization_v2.0.50727_64 Microsoft .NET Framework NGEN v2.0.50727_X64 mscorsvw.exe 2.0.50727.4927 Own Process Stopped LocalSystem clr_optimization_v4.0.30319_32 Microsoft .NET Framework NGEN v4.0.30319_X86 mscorsvw.exe 4.0.30319.18408 Own Process Stopped LocalSystem clr_optimization_v4.0.30319_64 Microsoft .NET Framework NGEN v4.0.30319_X64 mscorsvw.exe 4.0.30319.18408 Own Process Stopped LocalSystem COMSysApp COM+ System Application dllhost.exe 6.1.7600.16385 Own Process Stopped LocalSystem CryptSvc Cryptographic Services svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService CscService Offline Files svchost.exe 6.1.7600.16385 Share Process Running LocalSystem DcomLaunch DCOM Server Process Launcher svchost.exe 6.1.7600.16385 Share Process Running LocalSystem defragsvc Disk Defragmenter svchost.exe 6.1.7600.16385 Own Process Stopped localSystem Dhcp DHCP Client svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService Dnscache DNS Client svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService dot3svc Wired AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped localSystem DPS Diagnostic Policy Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService EapHost Extensible Authentication Protocol svchost.exe 6.1.7600.16385 Share Process Stopped localSystem EFS Encrypting File System (EFS) lsass.exe 6.1.7601.18270 Share Process Stopped LocalSystem ehRecvr Windows Media Center Receiver Service ehRecvr.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\networkService ehSched Windows Media Center Scheduler Service ehsched.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\networkService eventlog Windows Event Log svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService EventSystem COM+ Event System svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService Fax Fax fxssvc.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\NetworkService fdPHost Function Discovery Provider Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FDResPub Function Discovery Resource Publication svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FontCache Windows Font Cache Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService FontCache3.0.0.0 Windows Presentation Foundation Font Cache 3.0.0.0 PresentationFontCache.exe 3.0.6920.5011 Own Process Stopped NT Authority\LocalService fussvc Windows App Certification Kit Fast User Switching Utility Service fussvc.exe 2.0.9200.16384 Own Process Stopped LocalSystem gpsvc Group Policy Client svchost.exe 6.1.7600.16385 Own Process Running LocalSystem gupdate Google Update Service (gupdate) GoogleUpdate.exe 1.3.21.103 Own Process Stopped LocalSystem gupdatem Google Update Service (gupdatem) GoogleUpdate.exe 1.3.21.103 Own Process Stopped LocalSystem hidserv Human Interface Device Access svchost.exe 6.1.7600.16385 Share Process Running LocalSystem hkmsvc Health Key and Certificate Management svchost.exe 6.1.7600.16385 Share Process Stopped localSystem HomeGroupListener HomeGroup Listener svchost.exe 6.1.7600.16385 Share Process Running LocalSystem HomeGroupProvider HomeGroup Provider svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService idsvc Windows CardSpace infocard.exe 3.0.4506.5420 Share Process Stopped LocalSystem IEEtwCollectorService Internet Explorer ETW Collector Service IEEtwCollector.exe 11.0.9600.16476 Own Process Stopped LocalSystem IKEEXT IKE and AuthIP IPsec Keying Modules svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem IPBusEnum PnP-X IP Bus Enumerator svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem iphlpsvc IP Helper svchost.exe 6.1.7600.16385 Share Process Running LocalSystem KeyIso CNG Key Isolation lsass.exe 6.1.7601.18270 Share Process Running LocalSystem KtmRm KtmRm for Distributed Transaction Coordinator svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService LanmanServer Server svchost.exe 6.1.7600.16385 Share Process Running LocalSystem LanmanWorkstation Workstation svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService lltdsvc Link-Layer Topology Discovery Mapper svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService lmhosts TCP/IP NetBIOS Helper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService MBAMScheduler MBAMScheduler mbamscheduler.exe 1.70.0.0 Own Process Running LocalSystem MBAMService MBAMService mbamservice.exe 1.70.0.0 Own Process Running LocalSystem Mcx2Svc Media Center Extender Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService MMCSS Multimedia Class Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem MozillaMaintenance Mozilla Maintenance Service maintenanceservice.exe 25.0.0.5046 Own Process Stopped LocalSystem MpsSvc Windows Firewall svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService MSDTC Distributed Transaction Coordinator msdtc.exe 2001.12.8530.16385 Own Process Stopped NT AUTHORITY\NetworkService MSiSCSI Microsoft iSCSI Initiator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem msiserver Windows Installer msiexec.exe 5.0.7601.17514 Own Process Stopped LocalSystem MsMpSvc Microsoft Antimalware Service MsMpEng.exe 4.4.304.0 Own Process Running LocalSystem napagent Network Access Protection Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService Netlogon Netlogon lsass.exe 6.1.7601.18270 Share Process Stopped LocalSystem Netman Network Connections svchost.exe 6.1.7600.16385 Share Process Running LocalSystem NetMsmqActivator Net.Msmq Listener Adapter SMSvcHost.exe 4.0.30319.18408 Share Process Stopped NT AUTHORITY\NetworkService NetPipeActivator Net.Pipe Listener Adapter SMSvcHost.exe 4.0.30319.18408 Share Process Stopped NT AUTHORITY\LocalService netprofm Network List Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService NetTcpActivator Net.Tcp Listener Adapter SMSvcHost.exe 4.0.30319.18408 Share Process Stopped NT AUTHORITY\LocalService NetTcpPortSharing Net.Tcp Port Sharing Service SMSvcHost.exe 4.0.30319.18408 Share Process Stopped NT AUTHORITY\LocalService NisSrv Microsoft Network Inspection NisSrv.exe 4.4.304.0 Own Process Running NT AUTHORITY\LocalService NlaSvc Network Location Awareness svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService nsi Network Store Interface Service svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService NvStreamSvc NVIDIA Streamer Service nvstreamsvc.exe 1.6.53.0 Own Process Running LocalSystem nvsvc NVIDIA Display Driver Service nvvsvc.exe 8.17.13.3182 Own Process Running LocalSystem nvUpdatusService NVIDIA Update Service Daemon daemonu.exe 9.3.21.0 Own Process Running .\UpdatusUser ose64 Office 64 Source Engine OSE.EXE 15.0.4420.1017 Own Process Stopped LocalSystem osppsvc Office Software Protection Platform OSPPSVC.EXE 15.0.169.500 Own Process Running NT AUTHORITY\NetworkService p2pimsvc Peer Networking Identity Manager svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService p2psvc Peer Networking Grouping svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService PcaSvc Program Compatibility Assistant Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem PeerDistSvc BranchCache svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService PerfHost Performance Counter DLL Host perfhost.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService PinnacleUpdateSvc PinnacleUpdate Service pinnacle_updater.exe 21.0.0.0 Own Process Stopped LocalSystem pla Performance Logs & Alerts svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PlugPlay Plug and Play svchost.exe 6.1.7600.16385 Share Process Running LocalSystem PNRPAutoReg PNRP Machine Name Publication Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService PNRPsvc Peer Name Resolution Protocol svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService PolicyAgent IPsec Policy Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService Power Power svchost.exe 6.1.7600.16385 Share Process Running LocalSystem ProfSvc User Profile Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem ProtectedStorage Protected Storage lsass.exe 6.1.7601.18270 Share Process Stopped LocalSystem QWAVE Quality Windows Audio Video Experience svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService RasAuto Remote Access Auto Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RasMan Remote Access Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RemoteAccess Routing and Remote Access svchost.exe 6.1.7600.16385 Share Process Stopped localSystem RemoteRegistry Remote Registry svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService RpcEptMapper RPC Endpoint Mapper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService RpcLocator Remote Procedure Call (RPC) Locator locator.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\NetworkService RpcSs Remote Procedure Call (RPC) svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService SamSs Security Accounts Manager lsass.exe 6.1.7601.18270 Share Process Running LocalSystem SCardSvr Smart Card svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Schedule Task Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SCPolicySvc Smart Card Removal Policy svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SDRSVC Windows Backup svchost.exe 6.1.7600.16385 Own Process Stopped localSystem seclogon Secondary Logon svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem SENS System Event Notification Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem SensrSvc Adaptive Brightness svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService SessionEnv Remote Desktop Configuration svchost.exe 6.1.7600.16385 Share Process Stopped localSystem SharedAccess Internet Connection Sharing (ICS) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem ShellHWDetection Shell Hardware Detection svchost.exe 6.1.7600.16385 Share Process Running LocalSystem Skype C2C Service Skype C2C Service c2c_service.exe 6.13.0.13771 Own Process Running LocalSystem SkypeUpdate Skype Updater Updater.exe 6.3.1.53353 Own Process Stopped LocalSystem SNMPTRAP SNMP Trap snmptrap.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService Spooler Print Spooler spoolsv.exe 6.1.7601.17777 Own Process Running LocalSystem sppsvc Software Protection sppsvc.exe 6.1.7601.17514 Own Process Running NT AUTHORITY\NetworkService sppuinotify SPP Notification Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService SQLWriter SQL Server VSS Writer sqlwriter.exe 2011.110.2100.60 Own Process Running LocalSystem SSDPSRV SSDP Discovery svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService SstpSvc Secure Socket Tunneling Protocol Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService Steam Client Service Steam Client Service SteamService.exe 2.4.35.50 Own Process Stopped LocalSystem Stereo Service NVIDIA Stereoscopic 3D Driver Service nvSCPAPISvr.exe 7.17.13.3182 Own Process Running LocalSystem stisvc Windows Image Acquisition (WIA) svchost.exe 6.1.7600.16385 Own Process Running NT Authority\LocalService SwitchBoard Adobe SwitchBoard SwitchBoard.exe 2.0.13.7486 Own Process Stopped LocalSystem swprv Microsoft Software Shadow Copy Provider svchost.exe 6.1.7600.16385 Own Process Stopped LocalSystem SysMain Superfetch svchost.exe 6.1.7600.16385 Share Process Running LocalSystem TabletInputService Tablet PC Input Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem TapiSrv Telephony svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService TBS TPM Base Services svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Te.Service Te.Service Wex.Services.exe 6.2.9200.16384 Share Process Stopped LocalSystem TermService Remote Desktop Services svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService Themes Themes svchost.exe 6.1.7600.16385 Share Process Running LocalSystem THREADORDER Thread Ordering Server svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService TrkWks Distributed Link Tracking Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem TrustedInstaller Windows Modules Installer TrustedInstaller.exe 6.1.7601.17514 Own Process Stopped localSystem UI0Detect Interactive Services Detection UI0Detect.exe 6.1.7600.16385 Own Process Stopped LocalSystem UmRdpService Remote Desktop Services UserMode Port Redirector svchost.exe 6.1.7600.16385 Share Process Stopped localSystem upnphost UPnP Device Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService UxSms Desktop Window Manager Session Manager svchost.exe 6.1.7600.16385 Share Process Running localSystem VaultSvc Credential Manager lsass.exe 6.1.7601.18270 Share Process Stopped LocalSystem vds Virtual Disk vds.exe 6.1.7601.17514 Own Process Stopped LocalSystem VSS Volume Shadow Copy vssvc.exe 6.1.7601.17514 Own Process Stopped LocalSystem W32Time Windows Time svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WatAdminSvc Windows Activation Technologies Service WatAdminSvc.exe 7.1.7600.16395 Own Process Stopped LocalSystem wbengine Block Level Backup Engine Service wbengine.exe 6.1.7601.17514 Own Process Stopped localSystem WbioSrvc Windows Biometric Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wcncsvc Windows Connect Now - Config Registrar svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WcsPlugInService Windows Color System svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService WdiServiceHost Diagnostic Service Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService WdiSystemHost Diagnostic System Host svchost.exe 6.1.7600.16385 Share Process Running LocalSystem WebClient WebClient svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService Wecsvc Windows Event Collector svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService wercplsupport Problem Reports and Solutions Control Panel Support svchost.exe 6.1.7600.16385 Share Process Stopped localSystem WerSvc Windows Error Reporting Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem WinDefend Windows Defender svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService Winmgmt Windows Management Instrumentation svchost.exe 6.1.7600.16385 Share Process Running localSystem WinRM Windows Remote Management (WS-Management) svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService Wlansvc WLAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wmiApSrv WMI Performance Adapter WmiApSrv.exe 6.1.7600.16385 Own Process Stopped localSystem WMPNetworkSvc Windows Media Player Network Sharing Service wmpnetwk.exe Own Process Running NT AUTHORITY\NetworkService WPCSvc Parental Controls svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService WPDBusEnum Portable Device Enumerator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem wscsvc Security Center svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService WSearch Windows Search SearchIndexer.exe 7.0.7601.17610 Own Process Running LocalSystem wuauserv Windows Update svchost.exe 6.1.7600.16385 Share Process Running LocalSystem wudfsvc Windows Driver Foundation - User-mode Driver Framework svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem WwanSvc WWAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService --------[ AX Files ]---------------------------------------------------------------------------------------------------- bdaplgin.ax 6.1.7600.16385 Microsoft BDA Device Control Plug-in for MPEG2 based networks. g711codc.ax 6.1.7601.17514 Intel G711 CODEC iac25_32.ax 2.0.5.53 Indeo® audio software ir41_32.ax 4.51.16.3 Intel Indeo® Video 4.5 ivfsrc.ax 5.10.2.51 Intel Indeo® video IVF Source Filter 5.10 ksproxy.ax 6.1.7601.17514 WDM Streaming ActiveMovie Proxy kstvtune.ax 6.1.7601.17514 WDM Streaming TvTuner kswdmcap.ax 6.1.7601.17514 WDM Streaming Video Capture ksxbar.ax 6.1.7601.17514 WDM Streaming Crossbar mpeg2data.ax 6.6.7601.17514 Microsoft MPEG-2 Section and Table Acquisition Module mpg2splt.ax 6.6.7601.17528 DirectShow MPEG-2 Splitter. msdvbnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks. msnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks. psisrndr.ax 6.6.7601.17669 Microsoft Transport Information Filter for MPEG2 based networks. vbicodec.ax 6.6.7601.17514 Microsoft VBI Codec vbisurf.ax 6.1.7601.17514 VBI Surface Allocator Filter vidcap.ax 6.1.7600.16385 Video Capture Interface Server wstpager.ax 6.6.7601.17514 Microsoft Teletext Server --------[ DLL Files ]--------------------------------------------------------------------------------------------------- aaclient.dll 6.2.9200.16398 Anywhere access client accessibilitycpl.dll 6.1.7601.17514 Ease of access control panel acctres.dll 6.1.7600.16385 Microsoft Internet Account Manager Resources acledit.dll 6.1.7600.16385 Access Control List Editor aclui.dll 6.1.7600.16385 Security Descriptor Editor acppage.dll 6.1.7601.17514 Compatibility Tab Shell Extension Library actioncenter.dll 6.1.7601.17514 Action Center actioncentercpl.dll 6.1.7601.17514 Action Center Control Panel activeds.dll 6.1.7601.17514 ADs Router Layer DLL actxprxy.dll 6.1.7601.17514 ActiveX Interface Marshaling Library admtmpl.dll 6.1.7601.17514 Administrative Templates Extension adprovider.dll 6.1.7600.16385 adprovider DLL adsldp.dll 6.1.7601.17514 ADs LDAP Provider DLL adsldpc.dll 6.1.7600.16385 ADs LDAP Provider C DLL adsmsext.dll 6.1.7600.16385 ADs LDAP Provider DLL adsnt.dll 6.1.7600.16385 ADs Windows NT Provider DLL adssecurity.dll 1.0.0.1 ADsSecurity Module adtschema.dll 6.1.7600.16385 Security Audit Schema DLL advapi32.dll 6.1.7601.18247 Advanced Windows 32 Base API advpack.dll 8.0.7600.16385 ADVPACK aecache.dll 6.1.7600.16385 AECache Sysprep Plugin aeevts.dll 6.1.7600.16385 Application Experience Event Resources alttab.dll 6.1.7600.16385 Windows Shell Alt Tab amstream.dll 6.6.7601.17514 DirectShow Runtime. amxread.dll 6.1.7600.16385 API Tracing Manifest Read Library apds.dll 6.1.7600.16385 Microsoft® Help Data Services Module apilogen.dll 6.1.7600.16385 API Tracing Log Engine api-ms-win-core-console-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-datetime-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-debug-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-delayload-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-errorhandling-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-fibers-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-file-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-handle-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-heap-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-interlocked-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-io-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-libraryloader-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-localization-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-localregistry-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-memory-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-misc-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-namedpipe-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-processenvironment-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-processthreads-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-profile-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-rtlsupport-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-string-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-synch-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-sysinfo-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-threadpool-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-util-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-core-xstate-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-downlevel-advapi32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-advapi32-l2-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-normaliz-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-ole32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shell32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shlwapi-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-shlwapi-l2-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-user32-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-downlevel-version-l1-1-0.dll 6.2.9200.16492 ApiSet Stub DLL api-ms-win-security-base-l1-1-0.dll 6.1.7601.18229 ApiSet Stub DLL api-ms-win-security-lsalookup-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-security-sddl-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-core-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-management-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-management-l2-1-0.dll 6.1.7600.16385 ApiSet Stub DLL api-ms-win-service-winsvc-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL apircl.dll 6.1.7600.16385 Microsoft® InfoTech IR Local DLL apisetschema.dll 6.1.7601.18229 ApiSet Schema DLL apomngr.dll 1.0.170.0 apphelp.dll 6.1.7601.17514 Application Compatibility Client Library apphlpdm.dll 6.1.7600.16385 Application Compatibility Help Module appidapi.dll 6.1.7600.16385 Application Identity APIs Dll appidpolicyengineapi.dll 6.1.7600.16385 AppId Policy Engine API Module appmgmts.dll 6.1.7600.16385 Software installation Service appmgr.dll 6.1.7601.17514 Software Installation Snapin Extenstion apss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library asferror.dll 12.0.7600.16385 ASF Error Definitions aspnet_counters.dll 4.0.30319.18408 Microsoft ASP.NET Performance Counter Shim DLL asycfilt.dll 6.1.7601.17514 atl.dll 3.5.2284.0 ATL Module for Windows XP (Unicode) atl100.dll 10.0.40219.325 ATL Module for Windows atl110.dll 11.0.60610.1 ATL Module for Windows atl71.dll 7.10.3077.0 ATL Module for Windows (Unicode) atmfd.dll 5.1.2.238 Windows NT OpenType/Type 1 Font Driver atmlib.dll 5.1.2.238 Windows NT OpenType/Type 1 API Library. audiodev.dll 6.1.7601.17514 Portable Media Devices Shell Extension audioeng.dll 6.1.7600.16385 Audio Engine audiokse.dll 6.1.7600.16385 Audio Ks Endpoint audioses.dll 6.1.7601.17514 Audio Session auditnativesnapin.dll 6.1.7600.16385 Audit Policy Group Policy Editor Extension auditpolicygpinterop.dll 6.1.7600.16385 Audit Policy GP Module auditpolmsg.dll 6.1.7600.16385 Audit Policy MMC SnapIn Messages authfwcfg.dll 6.1.7600.16385 Windows Firewall with Advanced Security Configuration Helper authfwgp.dll 6.1.7600.16385 Windows Firewall with Advanced Security Group Policy Editor Extension authfwsnapin.dll 6.1.7601.17514 Microsoft.WindowsFirewall.SnapIn authfwwizfwk.dll 6.1.7600.16385 Wizard Framework authui.dll 6.1.7601.18276 Windows Authentication UI authz.dll 6.1.7600.16385 Authorization Framework autoplay.dll 6.1.7601.17514 AutoPlay Control Panel auxiliarydisplayapi.dll 6.1.7600.16385 Microsoft Windows SideShow API auxiliarydisplaycpl.dll 6.1.7601.17514 Microsoft Windows SideShow Control Panel avicap32.dll 6.1.7600.16385 AVI Capture window class avifil32.dll 6.1.7601.17514 Microsoft AVI File support library avrt.dll 6.1.7600.16385 Multimedia Realtime Runtime azroles.dll 6.1.7601.17514 azroles Module azroleui.dll 6.1.7601.17514 Authorization Manager azsqlext.dll 6.1.7601.17514 AzMan Sql Audit Extended Stored Procedures Dll basecsp.dll 6.1.7601.17514 Microsoft Base Smart Card Crypto Provider batmeter.dll 6.1.7601.17514 Battery Meter Helper DLL bcrypt.dll 6.1.7600.16385 Windows Cryptographic Primitives Library (Wow64) bcryptprimitives.dll 6.1.7600.16385 Windows Cryptographic Primitives Library bidispl.dll 6.1.7600.16385 Bidispl DLL biocredprov.dll 6.1.7600.16385 WinBio Credential Provider bitsperf.dll 7.5.7601.17514 Perfmon Counter Access bitsprx2.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy bitsprx3.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.0 Proxy bitsprx4.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.5 Proxy bitsprx5.dll 7.5.7600.16385 Background Intelligent Transfer Service 3.0 Proxy bitsprx6.dll 7.5.7600.16385 Background Intelligent Transfer Service 4.0 Proxy blackbox.dll 11.0.7601.17514 BlackBox DLL bootvid.dll 6.1.7600.16385 VGA Boot Driver browcli.dll 6.1.7601.17887 Browser Service Client DLL browseui.dll 6.1.7601.17514 Shell Browser UI Library btpanui.dll 6.1.7600.16385 Bluetooth PAN User Interface bwcontexthandler.dll 1.0.0.1 ContextH Application bwunpairelevated.dll 6.1.7600.16385 BWUnpairElevated Proxy Dll c_g18030.dll 6.1.7600.16385 GB18030 DBCS-Unicode Conversion DLL c_is2022.dll 6.1.7600.16385 ISO-2022 Code Page Translation DLL c_iscii.dll 6.1.7601.17514 ISCII Code Page Translation DLL cabinet.dll 6.1.7601.17514 Microsoft® Cabinet File API cabview.dll 6.1.7601.17514 Cabinet File Viewer Shell Extension capicom.dll 2.1.0.2 CAPICOM Module capiprovider.dll 6.1.7600.16385 capiprovider DLL capisp.dll 6.1.7600.16385 Sysprep cleanup dll for CAPI catsrv.dll 2001.12.8530.16385 COM+ Configuration Catalog Server catsrvps.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Proxy/Stub catsrvut.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Utilities cca.dll 6.6.7601.17514 CCA DirectShow Filter. cddbcontrol.dll 2.5.0.104 CDDBControl Core Module cddblangde.dll 2.5.0.104 CddbLangDE cddblanges.dll 2.5.0.104 CddbLangES cddblangfr.dll 2.5.0.104 CddbLangFR cddblangja.dll 2.5.0.104 CddbLangJA cddblangru.dll 2.5.0.104 CddbLangRU cddbui.dll 2.5.0.104 CDDBUIControl Module cdosys.dll 6.6.7601.17857 Microsoft CDO for Windows Library certcli.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Client certcredprovider.dll 6.1.7600.16385 Cert Credential Provider certenc.dll 6.1.7601.18151 Active Directory Certificate Services Encoding certenroll.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Enrollment Client certenrollui.dll 6.1.7600.16385 X509 Certificate Enrollment UI certmgr.dll 6.1.7601.17514 Certificates snap-in certpoleng.dll 6.1.7601.17514 Certificate Policy Engine cewmdm.dll 12.0.7600.16385 Windows CE WMDM Service Provider cfgbkend.dll 6.1.7600.16385 Configuration Backend Interface cfgmgr32.dll 6.1.7601.17621 Configuration Manager DLL chsbrkr.dll 6.1.7600.16385 Simplified Chinese Word Breaker chtbrkr.dll 6.1.7600.16385 Chinese Traditional Word Breaker chxreadingstringime.dll 6.1.7600.16385 CHxReadingStringIME cic.dll 6.1.7600.16385 CIC - MMC controls for Taskpad clb.dll 6.1.7600.16385 Column List Box clbcatq.dll 2001.12.8530.16385 COM+ Configuration Catalog clfsw32.dll 6.1.7600.16385 Common Log Marshalling Win32 DLL cliconfg.dll 6.1.7600.16385 SQL Client Configuration Utility DLL clusapi.dll 6.1.7601.17514 Cluster API Library cmcfg32.dll 7.2.7600.16385 Microsoft Connection Manager Configuration Dll cmdial32.dll 7.2.7600.16385 Microsoft Connection Manager cmdrtr.dll 1.0.50.0 cmicryptinstall.dll 6.1.7600.16385 Installers for cryptographic elements of CMI objects cmifw.dll 6.1.7600.16385 Windows Firewall rule configuration plug-in cmipnpinstall.dll 6.1.7600.16385 PNP plugin installer for CMI cmlua.dll 7.2.7600.16385 Connection Manager Admin API Helper cmpbk32.dll 7.2.7600.16385 Microsoft Connection Manager Phonebook cmstplua.dll 7.2.7600.16385 Connection Manager Admin API Helper for Setup cmutil.dll 7.2.7600.16385 Microsoft Connection Manager Utility Lib cngaudit.dll 6.1.7600.16385 Windows Cryptographic Next Generation audit library cngprovider.dll 6.1.7600.16385 cngprovider DLL cnvfat.dll 6.1.7600.16385 FAT File System Conversion Utility DLL colbact.dll 2001.12.8530.16385 COM+ colorcnv.dll 6.1.7600.16385 Windows Media Color Conversion colorui.dll 6.1.7600.16385 Microsoft Color Control Panel comcat.dll 6.1.7600.16385 Microsoft Component Category Manager Library comctl32.dll 5.82.7601.18201 User Experience Controls Library comdlg32.dll 6.1.7601.17514 Common Dialogs DLL compobj.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library compstui.dll 6.1.7600.16385 Common Property Sheet User Interface DLL comrepl.dll 2001.12.8530.16385 COM+ comres.dll 2001.12.8530.16385 COM+ Resources comsnap.dll 2001.12.8530.16385 COM+ Explorer MMC Snapin comsvcs.dll 2001.12.8530.16385 COM+ Services comuid.dll 2001.12.8530.16385 COM+ Explorer UI connect.dll 6.1.7600.16385 Get Connected Wizards console.dll 6.1.7600.16385 Control Panel Console Applet cpfilters.dll 6.6.7601.17528 PTFilter & Encypter/Decrypter Tagger Filters. credssp.dll 6.1.7601.17514 Credential Delegation Security Package credui.dll 6.1.7601.18276 Credential Manager User Interface crtdll.dll 4.0.1183.1 Microsoft C Runtime Library crypt32.dll 6.1.7601.18277 Crypto API32 cryptbase.dll 6.1.7600.16385 Base cryptographic API DLL cryptdlg.dll 6.1.7601.18150 Microsoft Common Certificate Dialogs cryptdll.dll 6.1.7600.16385 Cryptography Manager cryptext.dll 6.1.7600.16385 Crypto Shell Extensions cryptnet.dll 6.1.7601.18205 Crypto Network Related API cryptsp.dll 6.1.7600.16385 Cryptographic Service Provider API cryptsvc.dll 6.1.7601.18205 Cryptographic Services cryptui.dll 6.1.7601.17514 Microsoft Trust UI Provider cryptxml.dll 6.1.7600.16385 XML DigSig API cscapi.dll 6.1.7601.17514 Offline Files Win32 API cscdll.dll 6.1.7601.17514 Offline Files Temporary Shim cscobj.dll 6.1.7601.17514 In-proc COM object used by clients of CSC API ctl3d32.dll 2.31.0.0 Ctl3D 3D Windows Controls cuzzapi.dll 6.2.9200.16384 Application Verifier Provider - Cuzz API Provider d2d1.dll 6.2.9200.16492 Microsoft D2D Library d2d1debug1.dll 6.2.9200.16384 Microsoft Direct2D Debug Layer Library d3d10.dll 6.2.9200.16492 Direct3D 10 Runtime d3d10_1.dll 6.2.9200.16492 Direct3D 10.1 Runtime d3d10_1core.dll 6.2.9200.16492 Direct3D 10.1 Runtime d3d10core.dll 6.2.9200.16492 Direct3D 10 Runtime d3d10level9.dll 6.2.9200.16492 Direct3D 10 to Direct3D9 Translation Runtime d3d10ref.dll 9.30.960.9200 Direct3D 10.1 Reference Device d3d10sdklayers.dll 9.30.960.9200 Direct3D 10.1 SDK Layers d3d10warp.dll 6.2.9200.16492 Direct3D 10 Rasterizer d3d11.dll 6.2.9200.16570 Direct3D 11 Runtime d3d11_1sdklayers.dll 9.30.960.9200 Direct3D 11.1 SDK Layers d3d11ref.dll 9.30.960.9200 Direct3D 11 Reference Device d3d11sdklayers.dll 9.30.960.9200 Direct3D 11 SDK Layers d3d8.dll 6.1.7600.16385 Microsoft Direct3D d3d8thk.dll 6.1.7600.16385 Microsoft Direct3D OS Thunk Layer d3d9.dll 6.1.7601.17514 Direct3D 9 Runtime d3dcompiler_33.dll 9.18.904.15 Microsoft Direct3D d3dcompiler_34.dll 9.19.949.46 Microsoft Direct3D d3dcompiler_35.dll 9.19.949.1104 Microsoft Direct3D d3dcompiler_36.dll 9.19.949.2111 Microsoft Direct3D d3dcompiler_37.dll 9.22.949.2248 Microsoft Direct3D d3dcompiler_38.dll 9.23.949.2378 Microsoft Direct3D d3dcompiler_39.dll 9.24.949.2307 Microsoft Direct3D d3dcompiler_40.dll 9.24.950.2656 Direct3D HLSL Compiler d3dcompiler_41.dll 9.26.952.2844 Direct3D HLSL Compiler d3dcompiler_42.dll 9.27.952.3022 Direct3D HLSL Compiler d3dcompiler_43.dll 9.29.952.3111 Direct3D HLSL Compiler d3dcsx_42.dll 9.27.952.3022 Direct3D 10.1 Extensions d3dcsx_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dim.dll 6.1.7600.16385 Microsoft Direct3D d3dim700.dll 6.1.7600.16385 Microsoft Direct3D d3dramp.dll 6.1.7600.16385 Microsoft Direct3D d3dref9.dll 6.2.9200.16384 Direct3D 9 Reference Device d3dx10.dll 9.16.843.0 Microsoft Direct3D d3dx10_33.dll 9.18.904.21 Microsoft Direct3D d3dx10_34.dll 9.19.949.46 Microsoft Direct3D d3dx10_35.dll 9.19.949.1104 Microsoft Direct3D d3dx10_36.dll 9.19.949.2009 Microsoft Direct3D d3dx10_37.dll 9.19.949.2187 Microsoft Direct3D d3dx10_38.dll 9.23.949.2378 Microsoft Direct3D d3dx10_39.dll 9.24.949.2307 Microsoft Direct3D d3dx10_40.dll 9.24.950.2656 Direct3D 10.1 Extensions d3dx10_41.dll 9.26.952.2844 Direct3D 10.1 Extensions d3dx10_42.dll 9.27.952.3001 Direct3D 10.1 Extensions d3dx10_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dx11_42.dll 9.27.952.3022 Direct3D 10.1 Extensions d3dx11_43.dll 9.29.952.3111 Direct3D 10.1 Extensions d3dx9_24.dll 9.5.132.0 Microsoft® DirectX for Windows® d3dx9_25.dll 9.6.168.0 Microsoft® DirectX for Windows® d3dx9_26.dll 9.7.239.0 Microsoft® DirectX for Windows® d3dx9_27.dll 9.8.299.0 Microsoft® DirectX for Windows® d3dx9_28.dll 9.10.455.0 Microsoft® DirectX for Windows® d3dx9_29.dll 9.11.519.0 Microsoft® DirectX for Windows® d3dx9_30.dll 9.12.589.0 Microsoft® DirectX for Windows® d3dx9_31.dll 9.15.779.0 Microsoft® DirectX for Windows® d3dx9_32.dll 9.16.843.0 Microsoft® DirectX for Windows® d3dx9_33.dll 9.18.904.15 Microsoft® DirectX for Windows® d3dx9_34.dll 9.19.949.46 Microsoft® DirectX for Windows® d3dx9_35.dll 9.19.949.1104 Microsoft® DirectX for Windows® d3dx9_36.dll 9.19.949.2111 Microsoft® DirectX for Windows® d3dx9_37.dll 9.22.949.2248 Microsoft® DirectX for Windows® d3dx9_38.dll 9.23.949.2378 Microsoft® DirectX for Windows® d3dx9_39.dll 9.24.949.2307 Microsoft® DirectX for Windows® d3dx9_40.dll 9.24.950.2656 Direct3D 9 Extensions d3dx9_41.dll 9.26.952.2844 Direct3D 9 Extensions d3dx9_42.dll 9.27.952.3001 Direct3D 9 Extensions d3dx9_43.dll 9.29.952.3111 Direct3D 9 Extensions d3dxof.dll 6.1.7600.16385 DirectX Files DLL dataclen.dll 6.1.7600.16385 Disk Space Cleaner for Windows davclnt.dll 6.1.7601.18201 Web DAV Client DLL davhlpr.dll 6.1.7600.16385 DAV Helper DLL dbgeng.dll 6.1.7601.17514 Windows Symbolic Debugger Engine dbghelp.dll 6.1.7601.17514 Windows Image Helper dbnetlib.dll 6.1.7600.16385 Winsock Oriented Net DLL for SQL Clients dbnmpntw.dll 6.1.7600.16385 Named Pipes Net DLL for SQL Clients dciman32.dll 6.1.7601.18177 DCI Manager ddaclsys.dll 6.1.7600.16385 SysPrep module for Reseting Data Drive ACL ddoiproxy.dll 6.1.7600.16385 DDOI Interface Proxy ddores.dll 6.1.7600.16385 Device Category information and resources ddraw.dll 6.1.7600.16385 Microsoft DirectDraw ddrawex.dll 6.1.7600.16385 Direct Draw Ex defaultlocationcpl.dll 6.1.7601.17514 Default Location Control Panel deskadp.dll 6.1.7600.16385 Advanced display adapter properties deskmon.dll 6.1.7600.16385 Advanced display monitor properties deskperf.dll 6.1.7600.16385 Advanced display performance properties devenum.dll 6.6.7600.16385 Device enumeration. devicecenter.dll 6.1.7601.17514 Device Center devicedisplaystatusmanager.dll 6.1.7600.16385 Device Display Status Manager devicemetadataparsers.dll 6.1.7600.16385 Common Device Metadata parsers devicepairing.dll 6.1.7600.16385 Shell extensions for Device Pairing devicepairingfolder.dll 6.1.7601.17514 Device Pairing Folder devicepairinghandler.dll 6.1.7600.16385 Device Pairing Handler Dll devicepairingproxy.dll 6.1.7600.16385 Device Pairing Proxy Dll deviceuxres.dll 6.1.7600.16385 Windows Device User Experience Resource File devmgr.dll 6.1.7600.16385 Device Manager MMC Snapin devobj.dll 6.1.7601.17621 Device Information Set DLL devrtl.dll 6.1.7601.17621 Device Management Run Time Library dfscli.dll 6.1.7600.16385 Windows NT Distributed File System Client DLL dfshim.dll 4.0.40305.0 ClickOnce Application Deployment Support Library dfsshlex.dll 6.1.7600.16385 Distributed File System shell extension dhcpcmonitor.dll 6.1.7600.16385 DHCP Client Monitor Dll dhcpcore.dll 6.1.7601.17514 DHCP Client Service dhcpcore6.dll 6.1.7601.17970 DHCPv6 Client dhcpcsvc.dll 6.1.7600.16385 DHCP Client Service dhcpcsvc6.dll 6.1.7601.17970 DHCPv6 Client dhcpqec.dll 6.1.7600.16385 Microsoft DHCP NAP Enforcement Client dhcpsapi.dll 6.1.7600.16385 DHCP Server API Stub DLL difxapi.dll 2.1.0.0 Driver Install Frameworks for API library module dimsjob.dll 6.1.7600.16385 DIMS Job DLL dimsroam.dll 6.1.7600.16385 Key Roaming DIMS Provider DLL dinput.dll 6.1.7600.16385 Microsoft DirectInput dinput8.dll 6.1.7600.16385 Microsoft DirectInput directdb.dll 6.1.7600.16385 Microsoft Direct Database API diskcopy.dll 6.1.7600.16385 Windows DiskCopy dispex.dll 5.8.7600.16385 Microsoft ® DispEx display.dll 6.1.7601.17514 Display Control Panel dmband.dll 6.1.7600.16385 Microsoft DirectMusic Band dmcompos.dll 6.1.7600.16385 Microsoft DirectMusic Composer dmdlgs.dll 6.1.7600.16385 Disk Management Snap-in Dialogs dmdskmgr.dll 6.1.7600.16385 Disk Management Snap-in Support Library dmdskres.dll 6.1.7600.16385 Disk Management Snap-in Resources dmdskres2.dll 6.1.7600.16385 Disk Management Snap-in Resources dmime.dll 6.1.7600.16385 Microsoft DirectMusic Interactive Engine dmintf.dll 6.1.7600.16385 Disk Management DCOM Interface Stub dmloader.dll 6.1.7600.16385 Microsoft DirectMusic Loader dmocx.dll 6.1.7600.16385 TreeView OCX dmrc.dll 6.1.7600.16385 Windows MRC dmscript.dll 6.1.7600.16385 Microsoft DirectMusic Scripting dmstyle.dll 6.1.7600.16385 Microsoft DirectMusic Style Engline dmsynth.dll 6.1.7600.16385 Microsoft DirectMusic Software Synthesizer dmusic.dll 6.1.7600.16385 Microsoft DirectMusic Core Services dmutil.dll 6.1.7600.16385 Logical Disk Manager Utility Library dmvdsitf.dll 6.1.7600.16385 Disk Management Snap-in Support Library dnsapi.dll 6.1.7601.17570 DNS Client API DLL dnscmmc.dll 6.1.7601.17514 DNS Client MMC Snap-in DLL docprop.dll 6.1.7600.16385 OLE DocFile Property Page dot3api.dll 6.1.7601.17514 802.3 Autoconfiguration API dot3cfg.dll 6.1.7601.17514 802.3 Netsh Helper dot3dlg.dll 6.1.7600.16385 802.3 UI Helper dot3gpclnt.dll 6.1.7600.16385 802.3 Group Policy Client dot3gpui.dll 6.1.7600.16385 802.3 Network Policy Management Snap-in dot3hc.dll 6.1.7600.16385 Dot3 Helper Class dot3msm.dll 6.1.7601.17514 802.3 Media Specific Module dot3ui.dll 6.1.7601.17514 802.3 Advanced UI dpapiprovider.dll 6.1.7600.16385 dpapiprovider DLL dplayx.dll 6.1.7600.16385 Microsoft DirectPlay dpmodemx.dll 6.1.7600.16385 Modem and Serial Connection For DirectPlay dpnaddr.dll 6.1.7601.17514 Microsoft DirectPlay8 Address dpnathlp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPnP dpnet.dll 6.1.7601.17989 Microsoft DirectPlay dpnhpast.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper PAST dpnhupnp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPNP dpnlobby.dll 6.1.7600.16385 Microsoft DirectPlay8 Lobby dpwsockx.dll 6.1.7600.16385 Internet TCP/IP and IPX Connection For DirectPlay dpx.dll 6.1.7601.17514 Microsoft(R) Delta Package Expander drmmgrtn.dll 11.0.7601.17514 DRM Migration DLL drmv2clt.dll 11.0.7600.16385 DRMv2 Client DLL drprov.dll 6.1.7600.16385 Microsoft Remote Desktop Session Host Server Network Provider drt.dll 6.1.7600.16385 Distributed Routing Table drtprov.dll 6.1.7600.16385 Distributed Routing Table Providers drttransport.dll 6.1.7600.16385 Distributed Routing Table Transport Provider drvstore.dll 6.1.7601.17514 Driver Store API ds32gt.dll 6.1.7600.16385 ODBC Driver Setup Generic Thunk dsauth.dll 6.1.7601.17514 DS Authorization for Services dsdmo.dll 6.1.7600.16385 DirectSound Effects dshowrdpfilter.dll 1.0.0.0 RDP Renderer Filter (redirector) dskquota.dll 6.1.7600.16385 Windows Shell Disk Quota Support DLL dskquoui.dll 6.1.7601.17514 Windows Shell Disk Quota UI DLL dsofile.dll 2.1.2841.0 DSO OLE Document Properties Reader 2.1 dsound.dll 6.1.7600.16385 DirectSound dsprop.dll 6.1.7600.16385 Windows Active Directory Property Pages dsquery.dll 6.1.7600.16385 Directory Service Find dsrole.dll 6.1.7600.16385 DS Role Client DLL dssec.dll 6.1.7600.16385 Directory Service Security UI dssenh.dll 6.1.7600.16385 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider dsuiext.dll 6.1.7601.17514 Directory Service Common UI dswave.dll 6.1.7600.16385 Microsoft DirectMusic Wave dtsh.dll 6.1.7600.16385 Detection and Sharing Status API dui70.dll 6.1.7600.16385 Windows DirectUI Engine duser.dll 6.1.7600.16385 Windows DirectUser Engine dwmapi.dll 6.1.7600.16385 Microsoft Desktop Window Manager API dwmcore.dll 6.1.7601.17514 Microsoft DWM Core Library dwrite.dll 6.2.9200.16492 Microsoft DirectX Typography Services dx7vb.dll 5.3.2600.5512 Microsoft DirectX for Visual Basic dxdiagn.dll 6.1.7601.17514 Microsoft DirectX Diagnostic Tool dxgi.dll 6.2.9200.16492 DirectX Graphics Infrastructure dxgidebug.dll 9.30.960.9200 DXGI Debug Binary dxinputdll.dll dxmasf.dll 12.0.7601.17514 Microsoft Windows Media Component Removal File. dxptaskringtone.dll 6.1.7601.17514 Microsoft Ringtone Editor dxptasksync.dll 6.1.7601.17514 Microsoft Windows DXP Sync. dxtmsft.dll 11.0.9600.16428 DirectX Media -- Image DirectX Transforms dxtrans.dll 11.0.9600.16428 DirectX Media -- DirectX Transform Core dxva2.dll 6.1.7600.16385 DirectX Video Acceleration 2.0 DLL eapp3hst.dll 6.1.7601.17514 Microsoft ThirdPartyEapDispatcher eappcfg.dll 6.1.7600.16385 Eap Peer Config eappgnui.dll 6.1.7601.17514 EAP Generic UI eapphost.dll 6.1.7601.17514 Microsoft EAPHost Peer service eappprxy.dll 6.1.7600.16385 Microsoft EAPHost Peer Client DLL eapqec.dll 6.1.7600.16385 Microsoft EAP NAP Enforcement Client efsadu.dll 6.1.7600.16385 File Encryption Utility efscore.dll 6.1.7601.17514 EFS Core Library efsutil.dll 6.1.7600.16385 EFS Utility Library ehstorapi.dll 6.1.7601.17514 Windows Enhanced Storage API ehstorpwdmgr.dll 6.1.7600.16385 Windows Enhanced Storage Password Manager ehstorshell.dll 6.1.7600.16385 Windows Enhanced Storage Shell Extension DLL els.dll 6.1.7600.16385 Event Viewer Snapin elscore.dll 6.1.7600.16385 Els Core Platform DLL elshyph.dll 6.3.9600.16428 ELS Hyphenation Service elslad.dll 6.1.7600.16385 ELS Language Detection elstrans.dll 6.1.7601.17514 ELS Transliteration Service encapi.dll 6.1.7600.16385 Encoder API encdec.dll 6.6.7601.17708 XDSCodec & Encypter/Decrypter Tagger Filters. eqossnap.dll 6.1.7600.16385 EQoS Snapin extension es.dll 2001.12.8530.16385 COM+ esent.dll 6.1.7601.17577 Extensible Storage Engine for Microsoft(R) Windows(R) esentprf.dll 6.1.7600.16385 Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R) eventcls.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service event class evr.dll 6.1.7601.17514 Enhanced Video Renderer DLL explorerframe.dll 6.1.7601.17514 ExplorerFrame expsrv.dll 6.0.72.9589 Visual Basic for Applications Runtime - Expression Service f3ahvoas.dll 6.1.7600.16385 JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard faultrep.dll 6.1.7601.17514 Windows User Mode Crash Reporting DLL fdbth.dll 6.1.7600.16385 Function Discovery Bluetooth Provider Dll fdbthproxy.dll 6.1.7600.16385 Bluetooth Provider Proxy Dll fde.dll 6.1.7601.17514 Folder Redirection Snapin Extension fdeploy.dll 6.1.7601.17514 Folder Redirection Group Policy Extension fdpnp.dll 6.1.7600.16385 Pnp Provider Dll fdproxy.dll 6.1.7600.16385 Function Discovery Proxy Dll fdssdp.dll 6.1.7600.16385 Function Discovery SSDP Provider Dll fdwcn.dll 6.1.7600.16385 Windows Connect Now - Config Function Discovery Provider DLL fdwnet.dll 6.1.7600.16385 Function Discovery WNet Provider Dll fdwsd.dll 6.1.7600.16385 Function Discovery WS Discovery Provider Dll feclient.dll 6.1.7600.16385 Windows NT File Encryption Client Interfaces filemgmt.dll 6.1.7600.16385 Services and Shared Folders findnetprinters.dll 6.1.7600.16385 Find Network Printers COM Component firewallapi.dll 6.1.7600.16385 Windows Firewall API firewallcontrolpanel.dll 6.1.7601.17514 Windows Firewall Control Panel fltlib.dll 6.1.7600.16385 Filter Library fmifs.dll 6.1.7600.16385 FM IFS Utility DLL fms.dll 1.1.6000.16384 Font Management Services fontext.dll 6.1.7601.17514 Windows Font Folder fontsub.dll 6.1.7601.18177 Font Subsetting DLL fphc.dll 6.1.7601.17514 Filtering Platform Helper Class fpimage.dll 7.0.0.7 FarPoint Spread 7.0 Image Library framedyn.dll 6.1.7601.17514 WMI SDK Provider Framework framedynos.dll 6.1.7601.17514 WMI SDK Provider Framework frapsvid.dll 3.5.99.15618 Fraps fthsvc.dll 6.1.7600.16385 Microsoft Windows Fault Tolerant Heap Diagnostic Module fundisc.dll 6.1.7600.16385 Function Discovery Dll fwcfg.dll 6.1.7600.16385 Windows Firewall Configuration Helper fwpuclnt.dll 6.1.7601.18283 FWP/IPsec User-Mode API fwremotesvr.dll 6.1.7600.16385 Windows Firewall Remote APIs Server fxsapi.dll 6.1.7600.16385 Microsoft Fax API Support DLL fxscom.dll 6.1.7600.16385 Microsoft Fax Server COM Client Interface fxscomex.dll 6.1.7600.16385 Microsoft Fax Server Extended COM Client Interface fxsext32.dll 6.1.7600.16385 Microsoft Fax Exchange Command Extension fxsresm.dll 6.1.7600.16385 Microsoft Fax Resource DLL fxsxp32.dll 6.1.7600.16385 Microsoft Fax Transport Provider gameux.dll 6.1.7601.18020 Games Explorer gameuxlegacygdfs.dll 1.0.0.1 Legacy GDF resource DLL gcdef.dll 6.1.7600.16385 Game Controllers Default Sheets gdi32.dll 6.1.7601.18275 GDI Client DLL gdiplus.dll 6.1.7601.18120 Microsoft GDI+ getuname.dll 6.1.7600.16385 Unicode name Dll for UCE glmf32.dll 6.1.7600.16385 OpenGL Metafiling DLL glu32.dll 6.1.7600.16385 OpenGL Utility Library DLL gpapi.dll 6.1.7600.16385 Group Policy Client API gpedit.dll 6.1.7600.16385 GPEdit gpprefcl.dll 6.1.7601.17514 Group Policy Preference Client gpprnext.dll 6.1.7600.16385 Group Policy Printer Extension gpscript.dll 6.1.7600.16385 Script Client Side Extension gptext.dll 6.1.7600.16385 GPTExt hbaapi.dll 6.1.7601.17514 HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc hcproviders.dll 6.1.7600.16385 Action Center Providers helppaneproxy.dll 6.1.7600.16385 Microsoft® Help Proxy hgcpl.dll 6.1.7601.17514 HomeGroup Control Panel hha.dll 4.74.8702.0 Microsoft® HTML Help Author hhsetup.dll 6.1.7600.16385 Microsoft® HTML Help hid.dll 6.1.7600.16385 Hid User Library hidserv.dll 6.1.7600.16385 HID Service hlink.dll 6.1.7600.16385 Microsoft Office 2000 component hnetcfg.dll 6.1.7600.16385 Home Networking Configuration Manager hnetmon.dll 6.1.7600.16385 Home Networking Monitor DLL httpapi.dll 6.1.7601.17514 HTTP Protocol Stack API htui.dll 6.1.7600.16385 Common halftone Color Adjustment Dialogs ias.dll 6.1.7600.16385 Network Policy Server iasacct.dll 6.1.7601.17514 NPS Accounting Provider iasads.dll 6.1.7600.16385 NPS Active Directory Data Store iasdatastore.dll 6.1.7600.16385 NPS Datastore server iashlpr.dll 6.1.7600.16385 NPS Surrogate Component iasmigplugin.dll 6.1.7600.16385 NPS Migration DLL iasnap.dll 6.1.7600.16385 NPS NAP Provider iaspolcy.dll 6.1.7600.16385 NPS Pipeline iasrad.dll 6.1.7601.17514 NPS RADIUS Protocol Component iasrecst.dll 6.1.7601.17514 NPS XML Datastore Access iassam.dll 6.1.7600.16385 NPS NT SAM Provider iassdo.dll 6.1.7600.16385 NPS SDO Component iassvcs.dll 6.1.7600.16385 NPS Services Component icardie.dll 11.0.9600.16428 Microsoft Information Card IE Helper icardres.dll 3.0.4506.4926 Windows CardSpace iccvid.dll 1.10.0.13 Cinepak® Codec icm32.dll 6.1.7600.16385 Microsoft Color Management Module (CMM) icmp.dll 6.1.7600.16385 ICMP DLL icmui.dll 6.1.7600.16385 Microsoft Color Matching System User Interface DLL iconcodecservice.dll 6.1.7600.16385 Converts a PNG part of the icon to a legacy bmp icon icsigd.dll 6.1.7600.16385 Internet Gateway Device properties idndl.dll 6.1.7600.16385 Downlevel DLL idstore.dll 6.1.7600.16385 Identity Store ieadvpack.dll 11.0.9600.16428 ADVPACK ieapfltr.dll 11.0.9600.16476 Microsoft SmartScreen Filter iedkcs32.dll 18.0.9600.16428 IEAK branding ieetwproxystub.dll 11.0.9600.16428 IE ETW Collector Proxy Stub Resources ieframe.dll 11.0.9600.16476 Internet Browser iepeers.dll 11.0.9600.16428 Internet Explorer Peer Objects iernonce.dll 11.0.9600.16428 Extended RunOnce processing with UI iertutil.dll 11.0.9600.16476 Run time utility for Internet Explorer iesetup.dll 11.0.9600.16428 IOD Version Map iesysprep.dll 11.0.9600.16428 IE Sysprep Provider ieui.dll 11.0.9600.16476 Internet Explorer UI Engine ifmon.dll 6.1.7600.16385 IF Monitor DLL ifsutil.dll 6.1.7601.17514 IFS Utility DLL ifsutilx.dll 6.1.7600.16385 IFS Utility Extension DLL imagehlp.dll 6.1.7601.18288 Windows NT Image Helper imageres.dll 6.1.7600.16385 Windows Image Resource imagesp1.dll 6.1.7600.16385 Windows SP1 Image Resource imapi.dll 6.1.7600.16385 Image Mastering API imapi2.dll 6.1.7601.17514 Image Mastering API v2 imapi2fs.dll 6.1.7601.17514 Image Mastering File System Imaging API v2 imgutil.dll 11.0.9600.16428 IE plugin image decoder support DLL imjp10k.dll 10.1.7600.16385 Microsoft IME imm32.dll 6.1.7601.17514 Multi-User Windows IMM32 API Client DLL inetcomm.dll 6.1.7601.17609 Microsoft Internet Messaging API Resources inetmib1.dll 6.1.7601.17514 Microsoft MIB-II subagent inetres.dll 6.1.7600.16385 Microsoft Internet Messaging API Resources infocardapi.dll 3.0.4506.4926 Microsoft InfoCards inked.dll 6.1.7600.16385 Microsoft Tablet PC InkEdit Control input.dll 6.1.7601.17514 InputSetting DLL inseng.dll 11.0.9600.16428 Install engine iologmsg.dll 6.1.7600.16385 IO Logging DLL ipbusenumproxy.dll 6.1.7600.16385 Associated Device Presence Proxy Dll iphlpapi.dll 6.1.7601.17514 IP Helper API iprop.dll 6.1.7600.16385 OLE PropertySet Implementation iprtprio.dll 6.1.7600.16385 IP Routing Protocol Priority DLL iprtrmgr.dll 6.1.7601.17514 IP Router Manager ipsecsnp.dll 6.1.7600.16385 IP Security Policy Management Snap-in ipsmsnap.dll 6.1.7601.17514 IP Security Monitor Snap-in ir32_32.dll 3.24.15.3 Intel Indeo(R) Video R3.2 32-bit Driver ir41_qc.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor ir41_qcx.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor ir50_32.dll 5.2562.15.55 Intel Indeo® video 5.10 ir50_qc.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor ir50_qcx.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor irclass.dll 6.1.7600.16385 Infrared Class Coinstaller iscsicpl.dll 5.2.3790.1830 iSCSI Initiator Control Panel Applet iscsidsc.dll 6.1.7600.16385 iSCSI Discovery api iscsied.dll 6.1.7600.16385 iSCSI Extension DLL iscsium.dll 6.1.7601.17514 iSCSI Discovery api iscsiwmi.dll 6.1.7600.16385 MS iSCSI Initiator WMI Provider itircl.dll 6.1.7601.17514 Microsoft® InfoTech IR Local DLL itss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library itvdata.dll 6.6.7601.17514 iTV Data Filters. iyuv_32.dll 6.1.7601.17514 Intel Indeo(R) Video YUV Codec javascriptcollectionagent.dll 11.0.9600.16428 JavaScript Performance Collection Agent jscript.dll 5.8.9600.16428 Microsoft ® JScript jscript9.dll 11.0.9600.16476 Microsoft ® JScript jscript9diag.dll 11.0.9600.16476 Microsoft ® JScript Diagnostics jsintl.dll 6.3.9600.16428 Windows Globalization jsproxy.dll 11.0.9600.16476 JScript Proxy Auto-Configuration kbd101.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 101 kbd101a.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101 (Type A) kbd101b.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type B) kbd101c.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type C) kbd103.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 103 kbd106.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106 kbd106n.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106 kbda1.dll 6.1.7600.16385 Arabic_English_101 Keyboard Layout kbda2.dll 6.1.7600.16385 Arabic_2 Keyboard Layout kbda3.dll 6.1.7600.16385 Arabic_French_102 Keyboard Layout kbdal.dll 6.1.7600.16385 Albania Keyboard Layout kbdarme.dll 6.1.7600.16385 Eastern Armenian Keyboard Layout kbdarmw.dll 6.1.7600.16385 Western Armenian Keyboard Layout kbdax2.dll 6.1.7600.16385 JP Japanese Keyboard Layout for AX2 kbdaze.dll 6.1.7600.16385 Azerbaijan_Cyrillic Keyboard Layout kbdazel.dll 6.1.7600.16385 Azeri-Latin Keyboard Layout kbdbash.dll 6.1.7601.17514 Bashkir Keyboard Layout kbdbe.dll 6.1.7600.16385 Belgian Keyboard Layout kbdbene.dll 6.1.7600.16385 Belgian Dutch Keyboard Layout kbdbgph.dll 6.1.7600.16385 Bulgarian Phonetic Keyboard Layout kbdbgph1.dll 6.1.7600.16385 Bulgarian (Phonetic Traditional) Keyboard Layout kbdbhc.dll 6.1.7600.16385 Bosnian (Cyrillic) Keyboard Layout kbdblr.dll 6.1.7601.17514 Belarusian Keyboard Layout kbdbr.dll 6.1.7600.16385 Brazilian Keyboard Layout kbdbu.dll 6.1.7600.16385 Bulgarian (Typewriter) Keyboard Layout kbdbulg.dll 6.1.7601.17514 Bulgarian Keyboard Layout kbdca.dll 6.1.7600.16385 Canadian Multilingual Keyboard Layout kbdcan.dll 6.1.7600.16385 Canadian Multilingual Standard Keyboard Layout kbdcr.dll 6.1.7600.16385 Croatian/Slovenian Keyboard Layout kbdcz.dll 6.1.7600.16385 Czech Keyboard Layout kbdcz1.dll 6.1.7601.17514 Czech_101 Keyboard Layout kbdcz2.dll 6.1.7600.16385 Czech_Programmer's Keyboard Layout kbdda.dll 6.1.7600.16385 Danish Keyboard Layout kbddiv1.dll 6.1.7600.16385 Divehi Phonetic Keyboard Layout kbddiv2.dll 6.1.7600.16385 Divehi Typewriter Keyboard Layout kbddv.dll 6.1.7600.16385 Dvorak US English Keyboard Layout kbdes.dll 6.1.7600.16385 Spanish Alernate Keyboard Layout kbdest.dll 6.1.7600.16385 Estonia Keyboard Layout kbdfa.dll 6.1.7600.16385 Persian Keyboard Layout kbdfc.dll 6.1.7600.16385 Canadian French Keyboard Layout kbdfi.dll 6.1.7600.16385 Finnish Keyboard Layout kbdfi1.dll 6.1.7600.16385 Finnish-Swedish with Sami Keyboard Layout kbdfo.dll 6.1.7600.16385 Færoese Keyboard Layout kbdfr.dll 6.1.7600.16385 French Keyboard Layout kbdgae.dll 6.1.7600.16385 Gaelic Keyboard Layout kbdgeo.dll 6.1.7601.17514 Georgian Keyboard Layout kbdgeoer.dll 6.1.7600.16385 Georgian (Ergonomic) Keyboard Layout kbdgeoqw.dll 6.1.7600.16385 Georgian (QWERTY) Keyboard Layout kbdgkl.dll 6.1.7601.17514 Greek_Latin Keyboard Layout kbdgr.dll 6.1.7600.16385 German Keyboard Layout kbdgr1.dll 6.1.7601.17514 German_IBM Keyboard Layout kbdgrlnd.dll 6.1.7600.16385 Greenlandic Keyboard Layout kbdhau.dll 6.1.7600.16385 Hausa Keyboard Layout kbdhe.dll 6.1.7600.16385 Greek Keyboard Layout kbdhe220.dll 6.1.7600.16385 Greek IBM 220 Keyboard Layout kbdhe319.dll 6.1.7600.16385 Greek IBM 319 Keyboard Layout kbdheb.dll 6.1.7600.16385 KBDHEB Keyboard Layout kbdhela2.dll 6.1.7600.16385 Greek IBM 220 Latin Keyboard Layout kbdhela3.dll 6.1.7600.16385 Greek IBM 319 Latin Keyboard Layout kbdhept.dll 6.1.7600.16385 Greek_Polytonic Keyboard Layout kbdhu.dll 6.1.7600.16385 Hungarian Keyboard Layout kbdhu1.dll 6.1.7600.16385 Hungarian 101-key Keyboard Layout kbdibm02.dll 6.1.7600.16385 JP Japanese Keyboard Layout for IBM 5576-002/003 kbdibo.dll 6.1.7600.16385 Igbo Keyboard Layout kbdic.dll 6.1.7600.16385 Icelandic Keyboard Layout kbdinasa.dll 6.1.7600.16385 Assamese (Inscript) Keyboard Layout kbdinbe1.dll 6.1.7600.16385 Bengali - Inscript (Legacy) Keyboard Layout kbdinbe2.dll 6.1.7600.16385 Bengali (Inscript) Keyboard Layout kbdinben.dll 6.1.7601.17514 Bengali Keyboard Layout kbdindev.dll 6.1.7600.16385 Devanagari Keyboard Layout kbdinguj.dll 6.1.7600.16385 Gujarati Keyboard Layout kbdinhin.dll 6.1.7601.17514 Hindi Keyboard Layout kbdinkan.dll 6.1.7601.17514 Kannada Keyboard Layout kbdinmal.dll 6.1.7600.16385 Malayalam Keyboard Layout Keyboard Layout kbdinmar.dll 6.1.7601.17514 Marathi Keyboard Layout kbdinori.dll 6.1.7601.17514 Oriya Keyboard Layout kbdinpun.dll 6.1.7600.16385 Punjabi/Gurmukhi Keyboard Layout kbdintam.dll 6.1.7601.17514 Tamil Keyboard Layout kbdintel.dll 6.1.7601.17514 Telugu Keyboard Layout kbdinuk2.dll 6.1.7600.16385 Inuktitut Naqittaut Keyboard Layout kbdir.dll 6.1.7600.16385 Irish Keyboard Layout kbdit.dll 6.1.7600.16385 Italian Keyboard Layout kbdit142.dll 6.1.7600.16385 Italian 142 Keyboard Layout kbdiulat.dll 6.1.7600.16385 Inuktitut Latin Keyboard Layout kbdjpn.dll 6.1.7600.16385 JP Japanese Keyboard Layout Stub driver kbdkaz.dll 6.1.7600.16385 Kazak_Cyrillic Keyboard Layout kbdkhmr.dll 6.1.7600.16385 Cambodian Standard Keyboard Layout kbdkor.dll 6.1.7600.16385 KO Hangeul Keyboard Layout Stub driver kbdkyr.dll 6.1.7600.16385 Kyrgyz Keyboard Layout kbdla.dll 6.1.7600.16385 Latin-American Spanish Keyboard Layout kbdlao.dll 6.1.7600.16385 Lao Standard Keyboard Layout kbdlk41a.dll 6.1.7601.17514 DEC LK411-AJ Keyboard Layout kbdlt.dll 6.1.7600.16385 Lithuania Keyboard Layout kbdlt1.dll 6.1.7601.17514 Lithuanian Keyboard Layout kbdlt2.dll 6.1.7600.16385 Lithuanian Standard Keyboard Layout kbdlv.dll 6.1.7600.16385 Latvia Keyboard Layout kbdlv1.dll 6.1.7600.16385 Latvia-QWERTY Keyboard Layout kbdmac.dll 6.1.7600.16385 Macedonian (FYROM) Keyboard Layout kbdmacst.dll 6.1.7600.16385 Macedonian (FYROM) - Standard Keyboard Layout kbdmaori.dll 6.1.7601.17514 Maori Keyboard Layout kbdmlt47.dll 6.1.7600.16385 Maltese 47-key Keyboard Layout kbdmlt48.dll 6.1.7600.16385 Maltese 48-key Keyboard Layout kbdmon.dll 6.1.7601.17514 Mongolian Keyboard Layout kbdmonmo.dll 6.1.7600.16385 Mongolian (Mongolian Script) Keyboard Layout kbdne.dll 6.1.7600.16385 Dutch Keyboard Layout kbdnec.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800) kbdnec95.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95) kbdnecat.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX) kbdnecnt.dll 6.1.7600.16385 JP Japanese NEC PC-9800 Keyboard Layout kbdnepr.dll 6.1.7601.17514 Nepali Keyboard Layout kbdno.dll 6.1.7600.16385 Norwegian Keyboard Layout kbdno1.dll 6.1.7600.16385 Norwegian with Sami Keyboard Layout kbdnso.dll 6.1.7600.16385 Sesotho sa Leboa Keyboard Layout kbdpash.dll 6.1.7600.16385 Pashto (Afghanistan) Keyboard Layout kbdpl.dll 6.1.7600.16385 Polish Keyboard Layout kbdpl1.dll 6.1.7600.16385 Polish Programmer's Keyboard Layout kbdpo.dll 6.1.7601.17514 Portuguese Keyboard Layout kbdro.dll 6.1.7600.16385 Romanian (Legacy) Keyboard Layout kbdropr.dll 6.1.7600.16385 Romanian (Programmers) Keyboard Layout kbdrost.dll 6.1.7600.16385 Romanian (Standard) Keyboard Layout kbdru.dll 6.1.7600.16385 Russian Keyboard Layout kbdru1.dll 6.1.7600.16385 Russia(Typewriter) Keyboard Layout kbdsf.dll 6.1.7601.17514 Swiss French Keyboard Layout kbdsg.dll 6.1.7601.17514 Swiss German Keyboard Layout kbdsl.dll 6.1.7600.16385 Slovak Keyboard Layout kbdsl1.dll 6.1.7600.16385 Slovak(QWERTY) Keyboard Layout kbdsmsfi.dll 6.1.7600.16385 Sami Extended Finland-Sweden Keyboard Layout kbdsmsno.dll 6.1.7600.16385 Sami Extended Norway Keyboard Layout kbdsn1.dll 6.1.7600.16385 Sinhala Keyboard Layout kbdsorex.dll 6.1.7600.16385 Sorbian Extended Keyboard Layout kbdsors1.dll 6.1.7600.16385 Sorbian Standard Keyboard Layout kbdsorst.dll 6.1.7600.16385 Sorbian Standard (Legacy) Keyboard Layout kbdsp.dll 6.1.7600.16385 Spanish Keyboard Layout kbdsw.dll 6.1.7600.16385 Swedish Keyboard Layout kbdsw09.dll 6.1.7600.16385 Sinhala - Wij 9 Keyboard Layout kbdsyr1.dll 6.1.7600.16385 Syriac Standard Keyboard Layout kbdsyr2.dll 6.1.7600.16385 Syriac Phoenetic Keyboard Layout kbdtajik.dll 6.1.7601.17514 Tajik Keyboard Layout kbdtat.dll 6.1.7600.16385 Tatar_Cyrillic Keyboard Layout kbdth0.dll 6.1.7600.16385 Thai Kedmanee Keyboard Layout kbdth1.dll 6.1.7600.16385 Thai Pattachote Keyboard Layout kbdth2.dll 6.1.7600.16385 Thai Kedmanee (non-ShiftLock) Keyboard Layout kbdth3.dll 6.1.7600.16385 Thai Pattachote (non-ShiftLock) Keyboard Layout kbdtiprc.dll 6.1.7600.16385 Tibetan (PRC) Keyboard Layout kbdtuf.dll 6.1.7601.17514 Turkish F Keyboard Layout kbdtuq.dll 6.1.7601.17514 Turkish Q Keyboard Layout kbdturme.dll 6.1.7601.17514 Turkmen Keyboard Layout kbdughr.dll 6.1.7600.16385 Uyghur (Legacy) Keyboard Layout kbdughr1.dll 6.1.7601.17514 Uyghur Keyboard Layout kbduk.dll 6.1.7600.16385 United Kingdom Keyboard Layout kbdukx.dll 6.1.7600.16385 United Kingdom Extended Keyboard Layout kbdur.dll 6.1.7600.16385 Ukrainian Keyboard Layout kbdur1.dll 6.1.7600.16385 Ukrainian (Enhanced) Keyboard Layout kbdurdu.dll 6.1.7600.16385 Urdu Keyboard Layout kbdus.dll 6.1.7601.17514 United States Keyboard Layout kbdusa.dll 6.1.7600.16385 US IBM Arabic 238_L Keyboard Layout kbdusl.dll 6.1.7600.16385 Dvorak Left-Hand US English Keyboard Layout kbdusr.dll 6.1.7600.16385 Dvorak Right-Hand US English Keyboard Layout kbdusx.dll 6.1.7600.16385 US Multinational Keyboard Layout kbduzb.dll 6.1.7600.16385 Uzbek_Cyrillic Keyboard Layout kbdvntc.dll 6.1.7600.16385 Vietnamese Keyboard Layout kbdwol.dll 6.1.7600.16385 Wolof Keyboard Layout kbdyak.dll 6.1.7600.16385 Yakut - Russia Keyboard Layout kbdyba.dll 6.1.7600.16385 Yoruba Keyboard Layout kbdycc.dll 6.1.7600.16385 Serbian (Cyrillic) Keyboard Layout kbdycl.dll 6.1.7600.16385 Serbian (Latin) Keyboard Layout kerberos.dll 6.1.7601.17926 Kerberos Security Package kernel32.dll 6.1.7601.18229 Windows NT BASE API Client DLL kernelbase.dll 6.1.7601.18229 Windows NT BASE API Client DLL keyiso.dll 6.1.7600.16385 CNG Key Isolation Service keymgr.dll 6.1.7600.16385 Stored User Names and Passwords korwbrkr.dll 6.1.7600.16385 korwbrkr ksuser.dll 6.1.7600.16385 User CSA Library ktmw32.dll 6.1.7600.16385 Windows KTM Win32 Client DLL l2gpstore.dll 6.1.7600.16385 Policy Storage dll l2nacp.dll 6.1.7600.16385 Windows Onex Credential Provider l2sechc.dll 6.1.7600.16385 Layer 2 Security Diagnostics Helper Classes laprxy.dll 12.0.7600.16385 Windows Media Logagent Proxy licmgr10.dll 11.0.9600.16428 Microsoft® License Manager DLL linkinfo.dll 6.1.7600.16385 Windows Volume Tracking loadperf.dll 6.1.7600.16385 Load & Unload Performance Counters localsec.dll 6.1.7601.17514 Local Users and Groups MMC Snapin locationapi.dll 6.1.7600.16385 Microsoft Windows Location API loghours.dll 6.1.7600.16385 Schedule Dialog logoncli.dll 6.1.7601.17514 Net Logon Client DLL lpk.dll 6.1.7601.18177 Language Pack lsmproxy.dll 6.1.7601.17514 LSM interfaces proxy Dll luainstall.dll 6.1.7601.17514 Lua manifest install lz32.dll 6.1.7600.16385 LZ Expand/Compress API DLL magnification.dll 6.1.7600.16385 Microsoft Magnification API mapi32.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT mapistub.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT mbapo32.dll 1.0.48.0 Creative Audio Processing Object Module mcewmdrmndbootstrap.dll 1.3.2302.0 Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL mciavi32.dll 6.1.7601.17514 Video For Windows MCI driver mcicda.dll 6.1.7600.16385 MCI driver for cdaudio devices mciqtz32.dll 6.6.7601.17514 DirectShow MCI Driver mciseq.dll 6.1.7600.16385 MCI driver for MIDI sequencer mciwave.dll 6.1.7600.16385 MCI driver for waveform audio mctres.dll 6.1.7600.16385 MCT resource DLL mdminst.dll 6.1.7600.16385 Modem Class Installer mediametadatahandler.dll 6.1.7601.17514 Media Metadata Handler mf.dll 12.0.7601.17514 Media Foundation DLL mf3216.dll 6.1.7600.16385 32-bit to 16-bit Metafile Conversion DLL mfaacenc.dll 6.1.7600.16385 Media Foundation AAC Encoder mfc100.dll 10.0.40219.325 MFCDLL Shared Library - Retail Version mfc100chs.dll 10.0.40219.325 MFC Language Specific Resources mfc100cht.dll 10.0.40219.325 MFC Language Specific Resources mfc100deu.dll 10.0.40219.325 MFC Language Specific Resources mfc100enu.dll 10.0.40219.325 MFC Language Specific Resources mfc100esn.dll 10.0.40219.325 MFC Language Specific Resources mfc100fra.dll 10.0.40219.325 MFC Language Specific Resources mfc100ita.dll 10.0.40219.325 MFC Language Specific Resources mfc100jpn.dll 10.0.40219.325 MFC Language Specific Resources mfc100kor.dll 10.0.40219.325 MFC Language Specific Resources mfc100rus.dll 10.0.40219.325 MFC Language Specific Resources mfc100u.dll 10.0.40219.325 MFCDLL Shared Library - Retail Version mfc110.dll 11.0.60610.1 MFCDLL Shared Library - Retail Version mfc110chs.dll 11.0.60610.1 MFC Language Specific Resources mfc110cht.dll 11.0.60610.1 MFC Language Specific Resources mfc110d.dll 11.0.50727.1 MFCDLL Shared Library - Debug Version mfc110deu.dll 11.0.60610.1 MFC Language Specific Resources mfc110enu.dll 11.0.60610.1 MFC Language Specific Resources mfc110esn.dll 11.0.60610.1 MFC Language Specific Resources mfc110fra.dll 11.0.60610.1 MFC Language Specific Resources mfc110ita.dll 11.0.60610.1 MFC Language Specific Resources mfc110jpn.dll 11.0.60610.1 MFC Language Specific Resources mfc110kor.dll 11.0.60610.1 MFC Language Specific Resources mfc110rus.dll 11.0.60610.1 MFC Language Specific Resources mfc110u.dll 11.0.60610.1 MFCDLL Shared Library - Retail Version mfc110ud.dll 11.0.50727.1 MFCDLL Shared Library - Debug Version mfc40.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version mfc40u.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version mfc42.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version mfc42u.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version mfc71.dll 7.10.3077.0 MFCDLL Shared Library - Retail Version mfc71chs.dll 7.10.3077.0 MFC Language Specific Resources mfc71cht.dll 7.10.3077.0 MFC Language Specific Resources mfc71deu.dll 7.10.3077.0 MFC Language Specific Resources mfc71enu.dll 7.10.3077.0 MFC Language Specific Resources mfc71esp.dll 7.10.3077.0 MFC Language Specific Resources mfc71fra.dll 7.10.3077.0 MFC Language Specific Resources mfc71ita.dll 7.10.3077.0 MFC Language Specific Resources mfc71jpn.dll 7.10.3077.0 MFC Language Specific Resources mfc71kor.dll 7.10.3077.0 MFC Language Specific Resources mfc71u.dll 7.10.3077.0 MFCDLL Shared Library - Retail Version mfcm100.dll 10.0.40219.325 MFC Managed Library - Retail Version mfcm100u.dll 10.0.40219.325 MFC Managed Library - Retail Version mfcm110.dll 11.0.60610.1 MFC Managed Library - Retail Version mfcm110d.dll 11.0.50727.1 MFC Managed Library - Debug Version mfcm110u.dll 11.0.60610.1 MFC Managed Library - Retail Version mfcm110ud.dll 11.0.50727.1 MFC Managed Library - Debug Version mfcsubs.dll 2001.12.8530.16385 COM+ mfds.dll 12.0.7601.17514 Media Foundation Direct Show wrapper DLL mfdvdec.dll 6.1.7600.16385 Media Foundation DV Decoder mferror.dll 12.0.7600.16385 Media Foundation Error DLL mfh264enc.dll 6.1.7600.16385 Media Foundation H264 Encoder mfmjpegdec.dll 6.1.7600.16385 Media Foundation MJPEG Decoder mfplat.dll 12.0.7600.16385 Media Foundation Platform DLL mfplay.dll 12.0.7601.17514 Media Foundation Playback API DLL mfps.dll 12.0.7600.16385 Media Foundation Proxy DLL mfreadwrite.dll 12.0.7601.17514 Media Foundation ReadWrite DLL mfvdsp.dll 6.1.7600.16385 Windows Media Foundation Video DSP Components mfwmaaec.dll 6.1.7600.16385 Windows Media Audio AEC for Media Foundation mgmtapi.dll 6.1.7600.16385 Microsoft SNMP Manager API (uses WinSNMP) midimap.dll 6.1.7600.16385 Microsoft MIDI Mapper migisol.dll 6.1.7601.17514 Migration System Isolation Layer miguiresource.dll 6.1.7600.16385 MIG wini32 resources mimefilt.dll 2008.0.7601.17514 MIME Filter ml32i1.dll 24.1.61.57228 MathLink® Shared Library ml32i2.dll 24.1.61.57228 MathLink® Shared Library ml32i3.dll 24.1.61.57228 MathLink® Shared Library mlang.dll 6.1.7600.16385 Multi Language Support DLL mlmodule32.dll 24.1.61.57228 MathLink® Shared Library mmcbase.dll 6.1.7600.16385 MMC Base DLL mmci.dll 6.1.7600.16385 Media class installer mmcico.dll 6.1.7600.16385 Media class co-installer mmcndmgr.dll 6.1.7601.17514 MMC Node Manager DLL mmcshext.dll 6.1.7600.16385 MMC Shell Extension DLL mmdevapi.dll 6.1.7601.17514 MMDevice API mmres.dll 6.1.7600.16385 General Audio Resources modemui.dll 6.1.7600.16385 Windows Modem Properties moricons.dll 6.1.7600.16385 Windows NT Setup Icon Resources Library mp3dmod.dll 6.1.7600.16385 Microsoft MP3 Decoder DMO mp43decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder mp4sdecd.dll 6.1.7600.16385 Windows Media MPEG-4 S Video Decoder mpg4decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder mpr.dll 6.1.7600.16385 Multiple Provider Router DLL mprapi.dll 6.1.7601.17514 Windows NT MP Router Administration DLL mprddm.dll 6.1.7601.17514 Demand Dial Manager Supervisor mprdim.dll 6.1.7600.16385 Dynamic Interface Manager mprmsg.dll 6.1.7600.16385 Multi-Protocol Router Service Messages DLL msaatext.dll 2.0.10413.0 Active Accessibility text support msac3enc.dll 6.1.7601.17514 Microsoft AC-3 Encoder msacm32.dll 6.1.7600.16385 Microsoft ACM Audio Filter msadce.dll 6.1.7601.17514 OLE DB Cursor Engine msadcer.dll 6.1.7600.16385 OLE DB Cursor Engine Resources msadcf.dll 6.1.7601.17514 Remote Data Services Data Factory msadcfr.dll 6.1.7600.16385 Remote Data Services Data Factory Resources msadco.dll 6.1.7601.17857 Remote Data Services Data Control msadcor.dll 6.1.7600.16385 Remote Data Services Data Control Resources msadcs.dll 6.1.7601.17514 Remote Data Services ISAPI Library msadds.dll 6.1.7600.16385 OLE DB Data Shape Provider msaddsr.dll 6.1.7600.16385 OLE DB Data Shape Provider Resources msader15.dll 6.1.7600.16385 ActiveX Data Objects Resources msado15.dll 6.1.7601.17857 ActiveX Data Objects msadomd.dll 6.1.7601.17857 ActiveX Data Objects (Multi-Dimensional) msador15.dll 6.1.7601.17857 Microsoft ActiveX Data Objects Recordset msadox.dll 6.1.7601.17857 ActiveX Data Objects Extensions msadrh15.dll 6.1.7600.16385 ActiveX Data Objects Rowset Helper msafd.dll 6.1.7600.16385 Microsoft Windows Sockets 2.0 Service Provider msasn1.dll 6.1.7601.17514 ASN.1 Runtime APIs msaudite.dll 6.1.7600.16385 Security Audit Events DLL mscandui.dll 6.1.7600.16385 MSCANDUI Server DLL mscat32.dll 6.1.7600.16385 MSCAT32 Forwarder DLL msclmd.dll 6.1.7601.17514 Microsoft Class Mini-driver mscms.dll 6.1.7601.17514 Microsoft Color Matching System DLL mscoree.dll 4.0.40305.0 Microsoft .NET Runtime Execution Engine mscorier.dll 2.0.50727.5420 Microsoft .NET Runtime IE resources mscories.dll 2.0.50727.5420 Microsoft .NET IE SECURITY REGISTRATION mscpx32r.dll 6.1.7600.16385 ODBC Code Page Translator Resources mscpxl32.dll 6.1.7600.16385 ODBC Code Page Translator msctf.dll 6.1.7600.16385 MSCTF Server DLL msctfmonitor.dll 6.1.7600.16385 MsCtfMonitor DLL msctfp.dll 6.1.7600.16385 MSCTFP Server DLL msctfui.dll 6.1.7600.16385 MSCTFUI Server DLL msdadc.dll 6.1.7600.16385 OLE DB Data Conversion Stub msdadiag.dll 6.1.7600.16385 Built-In Diagnostics msdaenum.dll 6.1.7600.16385 OLE DB Root Enumerator Stub msdaer.dll 6.1.7600.16385 OLE DB Error Collection Stub msdaora.dll 6.1.7600.16385 OLE DB Provider for Oracle msdaorar.dll 6.1.7600.16385 OLE DB Provider for Oracle Resources msdaosp.dll 6.1.7601.17632 OLE DB Simple Provider msdaprsr.dll 6.1.7600.16385 OLE DB Persistence Services Resources msdaprst.dll 6.1.7600.16385 OLE DB Persistence Services msdaps.dll 6.1.7600.16385 OLE DB Interface Proxies/Stubs msdarem.dll 6.1.7601.17514 OLE DB Remote Provider msdaremr.dll 6.1.7600.16385 OLE DB Remote Provider Resources msdart.dll 6.1.7600.16385 OLE DB Runtime Routines msdasc.dll 6.1.7600.16385 OLE DB Service Components Stub msdasql.dll 6.1.7601.17514 OLE DB Provider for ODBC Drivers msdasqlr.dll 6.1.7600.16385 OLE DB Provider for ODBC Drivers Resources msdatl3.dll 6.1.7600.16385 OLE DB Implementation Support Routines msdatt.dll 6.1.7600.16385 OLE DB Temporary Table Services msdaurl.dll 6.1.7600.16385 OLE DB RootBinder Stub msdelta.dll 6.1.7600.16385 Microsoft Patch Engine msdfmap.dll 6.1.7601.17514 Data Factory Handler msdmo.dll 6.6.7601.17514 DMO Runtime msdrm.dll 6.1.7601.17514 Windows Rights Management client msdtcprx.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL msdtcuiu.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Administrative DLL msdtcvsp1res.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Resources for Vista SP1 msexch40.dll 4.0.9756.0 Microsoft Jet Exchange Isam msexcl40.dll 4.0.9756.0 Microsoft Jet Excel Isam msfeeds.dll 11.0.9600.16428 Microsoft Feeds Manager msfeedsbs.dll 11.0.9600.16428 Microsoft Feeds Background Sync msftedit.dll 5.41.21.2510 Rich Text Edit Control, v4.1 mshtml.dll 11.0.9600.16476 Microsoft (R) HTML Viewer mshtmldac.dll 11.0.9600.16428 DAC for Trident DOM mshtmled.dll 11.0.9600.16428 Microsoft® HTML Editing Component mshtmler.dll 11.0.9600.16428 Microsoft® HTML Editing Component's Resource DLL mshtmlmedia.dll 11.0.9600.16428 Microsoft (R) HTML Media DLL msi.dll 5.0.7601.17807 Windows Installer msidcrl30.dll 6.1.7600.16385 IDCRL Dynamic Link Library msident.dll 6.1.7600.16385 Microsoft Identity Manager msidle.dll 6.1.7600.16385 User Idle Monitor msidntld.dll 6.1.7600.16385 Microsoft Identity Manager msieftp.dll 6.1.7601.17514 Microsoft Internet Explorer FTP Folder Shell Extension msihnd.dll 5.0.7601.17514 Windows® installer msiltcfg.dll 5.0.7600.16385 Windows Installer Configuration API Stub msimg32.dll 6.1.7600.16385 GDIEXT Client DLL msimsg.dll 5.0.7600.16385 Windows® Installer International Messages msimtf.dll 6.1.7600.16385 Active IMM Server DLL msisip.dll 5.0.7600.16385 MSI Signature SIP Provider msjava.dll 5.0.3810.0 Microsoft® VM msjet40.dll 4.0.9756.0 Microsoft Jet Engine Library msjetoledb40.dll 4.0.9756.0 msjint40.dll 4.0.9756.0 Microsoft Jet Database Engine International DLL msjro.dll 6.1.7601.17857 Jet and Replication Objects msjter40.dll 4.0.9756.0 Microsoft Jet Database Engine Error DLL msjtes40.dll 4.0.9756.0 Microsoft Jet Expression Service msls31.dll 3.10.349.0 Microsoft Line Services library file msltus40.dll 4.0.9756.0 Microsoft Jet Lotus 1-2-3 Isam msmpeg2adec.dll 6.1.7140.0 Microsoft DTV-DVD Audio Decoder msmpeg2enc.dll 6.1.7601.17514 Microsoft MPEG-2 Encoder msmpeg2vdec.dll 12.0.9200.16426 Microsoft DTV-DVD Video Decoder msnetobj.dll 11.0.7601.17514 DRM ActiveX Network Object msobjs.dll 6.1.7600.16385 System object audit names msoeacct.dll 6.1.7600.16385 Microsoft Internet Account Manager msoert2.dll 6.1.7600.16385 Microsoft Windows Mail RT Lib msorc32r.dll 6.1.7600.16385 ODBC Driver for Oracle Resources msorcl32.dll 6.1.7601.17514 ODBC Driver for Oracle mspatcha.dll 6.1.7600.16385 Microsoft File Patch Application API mspbde40.dll 4.0.9756.0 Microsoft Jet Paradox Isam msports.dll 6.1.7600.16385 Ports Class Installer msrating.dll 11.0.9600.16428 Internet Ratings and Local User Management DLL msrd2x40.dll 4.0.9756.0 Microsoft (R) Red ISAM msrd3x40.dll 4.0.9756.0 Microsoft (R) Red ISAM msrdc.dll 6.1.7600.16385 Remote Differential Compression COM server msrdpwebaccess.dll 6.2.9200.16398 Microsoft Remote Desktop Services Web Access Control msrepl40.dll 4.0.9756.0 Microsoft Replication Library msrle32.dll 6.1.7601.17514 Microsoft RLE Compressor msscntrs.dll 7.0.7601.17610 msscntrs.dll msscp.dll 11.0.7601.17514 Windows Media Secure Content Provider mssha.dll 6.1.7600.16385 Windows Security Health Agent msshavmsg.dll 6.1.7600.16385 Windows Security Health Agent Validator Message msshooks.dll 7.0.7600.16385 MSSHooks.dll mssign32.dll 6.1.7600.16385 Microsoft Trust Signing APIs mssip32.dll 6.1.7600.16385 MSSIP32 Forwarder DLL mssitlb.dll 7.0.7600.16385 mssitlb mssph.dll 7.0.7601.17610 Microsoft Search Protocol Handler mssphtb.dll 7.0.7601.17610 Outlook MSSearch Connector mssprxy.dll 7.0.7600.16385 Microsoft Search Proxy mssrch.dll 7.0.7601.17610 mssrch.dll msstkprp.dll 6.0.88.77 msprop32.ocx mssvp.dll 7.0.7601.17610 MSSearch Vista Platform msswch.dll 6.1.7600.16385 msswch mstask.dll 6.1.7601.17514 Task Scheduler interface DLL mstext40.dll 4.0.9756.0 Microsoft Jet Text Isam mstscax.dll 6.2.9200.16398 Remote Desktop Services ActiveX Client msutb.dll 6.1.7601.17514 MSUTB Server DLL msv1_0.dll 6.1.7601.17514 Microsoft Authentication Package v1.0 msvbvm60.dll 6.0.98.15 Visual Basic Virtual Machine msvcirt.dll 7.0.7600.16385 Windows NT IOStreams DLL msvcp100.dll 10.0.40219.325 Microsoft® C Runtime Library msvcp110.dll 11.0.51106.1 Microsoft® C Runtime Library msvcp110_clr0400.dll 11.0.50938.18408 Microsoft® C Runtime Library msvcp110d.dll 11.0.50727.1 Microsoft® C Runtime Library msvcp60.dll 7.0.7600.16385 Windows NT C++ Runtime Library DLL msvcp71.dll 7.10.3077.0 Microsoft® C++ Runtime Library msvcr100.dll 10.0.40219.325 Microsoft® C Runtime Library msvcr100_clr0400.dll 11.0.50938.18408 Microsoft® .NET Framework msvcr110.dll 11.0.51106.1 Microsoft® C Runtime Library msvcr110_clr0400.dll 11.0.50938.18408 Microsoft® C Runtime Library msvcr110d.dll 11.0.50727.1 Microsoft® C Runtime Library msvcr70.dll 7.0.9466.0 Microsoft® C Runtime Library msvcr71.dll 7.10.3052.4 Microsoft® C Runtime Library msvcrt.dll 7.0.7601.17744 Windows NT CRT DLL msvcrt20.dll 2.12.0.0 Microsoft® C Runtime Library msvcrt40.dll 6.1.7600.16385 VC 4.x CRT DLL (Forwarded to msvcrt.dll) msvfw32.dll 6.1.7601.17514 Microsoft Video for Windows DLL msvidc32.dll 6.1.7601.17514 Microsoft Video 1 Compressor msvidctl.dll 6.5.7601.17514 ActiveX control for streaming video mswdat10.dll 4.0.9756.0 Microsoft Jet Sort Tables mswmdm.dll 12.0.7600.16385 Windows Media Device Manager Core mswsock.dll 6.1.7601.18254 Microsoft Windows Sockets 2.0 Service Provider mswstr10.dll 4.0.9756.0 Microsoft Jet Sort Library msxactps.dll 6.1.7600.16385 OLE DB Transaction Proxies/Stubs msxbde40.dll 4.0.9756.0 Microsoft Jet xBASE Isam msxml3.dll 8.110.7601.17988 MSXML 3.0 SP11 msxml3r.dll 8.110.7601.16665 XML Resources msxml6.dll 6.30.7601.17988 MSXML 6.0 SP3 msxml6r.dll 6.30.7600.16385 XML Resources msyuv.dll 6.1.7601.17514 Microsoft UYVY Video Decompressor mtxclu.dll 2001.12.8531.17514 Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL mtxdm.dll 2001.12.8530.16385 COM+ mtxex.dll 2001.12.8530.16385 COM+ mtxlegih.dll 2001.12.8530.16385 COM+ mtxoci.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle muifontsetup.dll 6.1.7601.17514 MUI Callback for font registry settings mycomput.dll 6.1.7600.16385 Computer Management mydocs.dll 6.1.7601.17514 My Documents Folder UI napcrypt.dll 6.1.7601.17514 NAP Cryptographic API helper napdsnap.dll 6.1.7601.17514 NAP GPEdit Extension naphlpr.dll 6.1.7601.17514 NAP client config API helper napinsp.dll 6.1.7600.16385 E-mail Naming Shim Provider napipsec.dll 6.1.7600.16385 NAP IPSec Enforcement Client napmontr.dll 6.1.7600.16385 NAP Netsh Helper nativehooks.dll 6.1.7600.16385 Microsoft Narrator Native hook handler naturallanguage6.dll 6.1.7601.17514 Natural Language Development Platform 6 ncdprop.dll 6.1.7600.16385 Advanced network device properties nci.dll 6.1.7601.17514 CoInstaller: NET ncobjapi.dll 6.1.7600.16385 Microsoft® Windows® Operating System ncrypt.dll 6.1.7601.18270 Windows cryptographic library ncryptui.dll 6.1.7601.17514 Windows cryptographic key protection UI library ncsi.dll 6.1.7601.17964 Network Connectivity Status Indicator nddeapi.dll 6.1.7600.16385 Network DDE Share Management APIs ndfapi.dll 6.1.7600.16385 Network Diagnostic Framework Client API ndfetw.dll 6.1.7600.16385 Network Diagnostic Engine Event Interface ndfhcdiscovery.dll 6.1.7600.16385 Network Diagnostic Framework HC Discovery API ndiscapcfg.dll 6.1.7600.16385 NdisCap Notify Object ndishc.dll 6.1.7600.16385 NDIS Helper Classes ndproxystub.dll 6.1.7600.16385 Network Diagnostic Engine Proxy/Stub negoexts.dll 6.1.7600.16385 NegoExtender Security Package netapi32.dll 6.1.7601.17887 Net Win32 API DLL netbios.dll 6.1.7600.16385 NetBIOS Interface Library netcenter.dll 6.1.7601.17514 Network Center control panel netcfgx.dll 6.1.7601.17514 Network Configuration Objects netcorehc.dll 6.1.7601.17964 Networking Core Diagnostics Helper Classes netdiagfx.dll 6.1.7601.17514 Network Diagnostic Framework netevent.dll 6.1.7601.17964 Net Event Handler netfxperf.dll 4.0.40305.0 Extensible Performance Counter Shim neth.dll 6.1.7600.16385 Net Help Messages DLL netid.dll 6.1.7601.17514 System Control Panel Applet; Network ID Page netiohlp.dll 6.1.7601.17514 Netio Helper DLL netjoin.dll 6.1.7601.17514 Domain Join DLL netlogon.dll 6.1.7601.17514 Net Logon Services DLL netmsg.dll 6.1.7600.16385 Net Messages DLL netplwiz.dll 6.1.7601.17514 Map Network Drives/Network Places Wizard netprof.dll 6.1.7600.16385 Network Profile Management UI netprofm.dll 6.1.7600.16385 Network List Manager netshell.dll 6.1.7601.17514 Network Connections Shell netutils.dll 6.1.7601.17514 Net Win32 API Helpers DLL networkexplorer.dll 6.1.7601.17514 Network Explorer networkitemfactory.dll 6.1.7600.16385 NetworkItem Factory networkmap.dll 6.1.7601.17514 Network Map newdev.dll 6.0.5054.0 Add Hardware Device Library nlaapi.dll 6.1.7601.17761 Network Location Awareness 2 nlhtml.dll 2008.0.7600.16385 HTML filter nlmgp.dll 6.1.7600.16385 Network List Manager Snapin nlmsprep.dll 6.1.7600.16385 Network List Manager Sysprep Module nlsbres.dll 6.1.7601.17514 NLSBuild resource DLL nlsdata0000.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code nlsdata0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code nlsdata000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code nlsdata000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code nlsdata000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code nlsdata0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdata0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsdl.dll 6.1.7600.16385 Nls Downlevel DLL nlslexicons0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code nlslexicons0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code nlslexicons000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code nlslexicons000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code nlslexicons000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code nlslexicons0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlslexicons0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code nlsmodels0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code normaliz.dll 6.1.7600.16385 Unicode Normalization DLL npmproxy.dll 6.1.7600.16385 Network List Manager Proxy nshhttp.dll 6.1.7600.16385 HTTP netsh DLL nshipsec.dll 6.1.7601.17514 Net Shell IP Security helper DLL nshwfp.dll 6.1.7601.18283 Windows Filtering Platform Netsh Helper nsi.dll 6.1.7600.16385 NSI User-mode interface DLL ntdll.dll 6.1.7601.18247 NT Layer DLL ntdsapi.dll 6.1.7600.16385 Active Directory Domain Services API ntlanman.dll 6.1.7601.17514 Microsoft® Lan Manager ntlanui2.dll 6.1.7600.16385 Network object shell UI ntmarta.dll 6.1.7600.16385 Windows NT MARTA provider ntprint.dll 6.1.7601.17514 Spooler Setup DLL ntshrui.dll 6.1.7601.17755 Shell extensions for sharing ntvdm64.dll 6.1.7601.18247 16-bit Emulation on NT64 nvapi.dll 9.18.13.3182 NVIDIA NVAPI Library, Version 331.82 nvaudcap32v.dll 1.2.9.0 NVIDIA Virtual Audio Driver nvcompiler.dll 8.17.13.3182 NVIDIA Compiler, Version 331.82 nvcuda.dll 8.17.13.3182 NVIDIA CUDA Driver, Version 331.82 nvcuvenc.dll 8.17.13.3182 NVIDIA CUDA Video Encoder, Version 331.82 nvcuvid.dll 8.17.13.3182 NVIDIA CUDA Video Decode API, Version 331.82 nvd3dum.dll 9.18.13.3182 NVIDIA WDDM D3D Driver, Version 331.82 nvfbc.dll 6.14.13.3182 NVIDIA Front Buffer Capture Library, Version nvifr.dll 6.14.13.3182 NVIDIA In-band Frame Rendering Library, Version nvinit.dll 9.18.13.3182 NVIDIA shim initialization dll, Version 331.82 nvoglshim32.dll 9.18.13.3182 NVIDIA OpenGL Shim Driver, Version 331.82 nvoglv32.dll 9.18.13.3182 NVIDIA Compatible OpenGL ICD nvopencl.dll 8.17.13.3182 NVIDIA CUDA 6.0.1 OpenCL 1.1 Driver, Version 331.82 nvspcap.dll 9.3.21.0 NVIDIA Capture Server Proxy nvumdshim.dll 9.18.13.3182 NVIDIA D3D Shim Driver, Version 331.82 nvwgf2um.dll 9.18.13.3182 NVIDIA D3D10 Driver, Version 331.82 objsel.dll 6.1.7600.16385 Object Picker Dialog occache.dll 11.0.9600.16428 Object Control Viewer ocsetapi.dll 6.1.7601.17514 Windows Optional Component Setup API odbc32.dll 6.1.7601.17514 ODBC Driver Manager odbc32gt.dll 6.1.7600.16385 ODBC Driver Generic Thunk odbcbcp.dll 6.1.7600.16385 BCP for ODBC odbcconf.dll 6.1.7601.17514 ODBC Driver Configuration Program odbccp32.dll 6.1.7601.17632 ODBC Installer odbccr32.dll 6.1.7601.17632 ODBC Cursor Library odbccu32.dll 6.1.7601.17632 ODBC Cursor Library odbcint.dll 6.1.7600.16385 ODBC Resources odbcji32.dll 6.1.7600.16385 Microsoft ODBC Desktop Driver Pack 3.5 odbcjt32.dll 6.1.7601.17632 Microsoft ODBC Desktop Driver Pack 3.5 odbctrac.dll 6.1.7601.17632 ODBC Driver Manager Trace oddbse32.dll 6.1.7600.16385 ODBC (3.0) driver for DBase odexl32.dll 6.1.7600.16385 ODBC (3.0) driver for Excel odfox32.dll 6.1.7600.16385 ODBC (3.0) driver for FoxPro odpdx32.dll 6.1.7600.16385 ODBC (3.0) driver for Paradox odtext32.dll 6.1.7600.16385 ODBC (3.0) driver for text files offfilt.dll 2008.0.7600.16385 OFFICE Filter ogldrv.dll 6.1.7600.16385 MSOGL ole2.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library ole2disp.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library ole2nls.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library ole32.dll 6.1.7601.17514 Microsoft OLE for Windows oleacc.dll 7.0.0.0 Active Accessibility Core Component oleacchooks.dll 7.0.0.0 Active Accessibility Event Hooks Library oleaccrc.dll 7.0.0.0 Active Accessibility Resource DLL oleaut32.dll 6.1.7601.17676 olecli32.dll 6.1.7600.16385 Object Linking and Embedding Client Library oledb32.dll 6.1.7601.17514 OLE DB Core Services oledb32r.dll 6.1.7600.16385 OLE DB Core Services Resources oledlg.dll 6.1.7600.16385 OLE User Interface Support oleprn.dll 6.1.7600.16385 Oleprn DLL olepro32.dll 6.1.7601.17514 oleres.dll 6.1.7600.16385 Ole resource dll olesvr32.dll 6.1.7600.16385 Object Linking and Embedding Server Library olethk32.dll 6.1.7601.17514 Microsoft OLE for Windows onex.dll 6.1.7601.17514 IEEE 802.1X supplicant library onexui.dll 6.1.7601.17514 IEEE 802.1X supplicant UI library onlineidcpl.dll 6.1.7601.17514 Online IDs Control Panel oobefldr.dll 6.1.7601.17514 Getting Started opcservices.dll 6.1.7601.17514 Native Code OPC Services Library opencl.dll 1.0.0.0 OpenCL Client DLL opengl32.dll 6.1.7600.16385 OpenGL Client DLL osbaseln.dll 6.1.7600.16385 Service Reporting API osuninst.dll 6.1.7600.16385 Uninstall Interface p2p.dll 6.1.7600.16385 Peer-to-Peer Grouping p2pcollab.dll 6.1.7600.16385 Peer-to-Peer Collaboration p2pgraph.dll 6.1.7600.16385 Peer-to-Peer Graphing p2pnetsh.dll 6.1.7600.16385 Peer-to-Peer NetSh Helper packager.dll 6.1.7601.17727 Object Packager2 panmap.dll 6.1.7600.16385 PANOSE(tm) Font Mapper pautoenr.dll 6.1.7600.16385 Auto Enrollment DLL pcaui.dll 6.1.7600.16385 Program Compatibility Assistant User Interface Module pcwum.dll 6.1.7600.16385 Performance Counters for Windows Native DLL pdh.dll 6.1.7601.17514 Windows Performance Data Helper DLL pdhui.dll 6.1.7601.17514 PDH UI peerdist.dll 6.1.7600.16385 BranchCache Client Library peerdistsh.dll 6.1.7600.16385 BranchCache Netshell Helper perfcentercpl.dll 6.1.7601.17514 Performance Center perfctrs.dll 6.1.7600.16385 Performance Counters perfdisk.dll 6.1.7600.16385 Windows Disk Performance Objects DLL perfnet.dll 6.1.7600.16385 Windows Network Service Performance Objects DLL perfos.dll 6.1.7600.16385 Windows System Performance Objects DLL perfproc.dll 6.1.7600.16385 Windows System Process Performance Objects DLL perfts.dll 6.1.7601.17514 Windows Remote Desktop Services Performance Objects photometadatahandler.dll 6.1.7600.16385 Photo Metadata Handler photowiz.dll 6.1.7601.17514 Photo Printing Wizard pid.dll 6.1.7600.16385 Microsoft PID pidgenx.dll 6.1.7600.16385 Pid Generation pifmgr.dll 6.1.7601.17514 Windows NT PIF Manager Icon Resources Library pku2u.dll 6.1.7600.16385 Pku2u Security Package pla.dll 6.1.7601.17514 Performance Logs & Alerts playsndsrv.dll 6.1.7600.16385 PlaySound Service pmcsnap.dll 6.1.7600.16385 pmcsnap dll pngfilt.dll 11.0.9600.16428 IE PNG plugin image decoder pnidui.dll 6.1.7601.17514 Network System Icon pnpsetup.dll 6.1.7600.16385 Pnp installer for CMI pnrpnsp.dll 6.1.7600.16385 PNRP Name Space Provider polstore.dll 6.1.7600.16385 Policy Storage dll portabledeviceapi.dll 6.1.7601.17514 Windows Portable Device API Components portabledeviceclassextension.dll 6.1.7600.16385 Windows Portable Device Class Extension Component portabledeviceconnectapi.dll 6.1.7600.16385 Portable Device Connection API Components portabledevicestatus.dll 6.1.7601.17514 Microsoft Windows Portable Device Status Provider portabledevicesyncprovider.dll 6.1.7601.17514 Microsoft Windows Portable Device Provider. portabledevicetypes.dll 6.1.7600.16385 Windows Portable Device (Parameter) Types Component portabledevicewiacompat.dll 6.1.7600.16385 PortableDevice WIA Compatibility Driver portabledevicewmdrm.dll 6.1.7600.16385 Windows Portable Device WMDRM Component pots.dll 6.1.7600.16385 Power Troubleshooter powercpl.dll 6.1.7601.17514 Power Options Control Panel powrprof.dll 6.1.7600.16385 Power Profile Helper DLL ppcsnap.dll 6.1.7600.16385 ppcsnap DLL presentationcffrasterizernative_v0300.dll 3.0.6920.5459 WinFX OpenType/CFF Rasterizer presentationhostproxy.dll 4.0.40305.0 Windows Presentation Foundation Host Proxy presentationnative_v0300.dll 3.0.6920.4902 PresentationNative_v0300.dll prflbmsg.dll 6.1.7600.16385 Perflib Event Messages printui.dll 6.1.7601.17514 Printer Settings User Interface prncache.dll 6.1.7601.17514 Print UI Cache prnfldr.dll 6.1.7601.17514 prnfldr dll prnntfy.dll 6.1.7600.16385 prnntfy DLL prntvpt.dll 6.1.7601.17514 Print Ticket Services Module profapi.dll 6.1.7600.16385 User Profile Basic API propsys.dll 7.0.7601.17514 Microsoft Property System provsvc.dll 6.1.7601.17514 Windows HomeGroup provthrd.dll 6.1.7600.16385 WMI Provider Thread & Log Library psapi.dll 6.1.7600.16385 Process Status Helper psbase.dll 6.1.7600.16385 Protected Storage default provider pshed.dll 6.1.7600.16385 Platform Specific Hardware Error Driver psisdecd.dll 6.6.7601.17669 Microsoft SI/PSI parser for MPEG2 based networks. pstorec.dll 6.1.7600.16385 Protected Storage COM interfaces pstorsvc.dll 6.1.7600.16385 Protected storage server puiapi.dll 6.1.7600.16385 puiapi DLL puiobj.dll 6.1.7601.17514 PrintUI Objects DLL pwrshplugin.dll 6.1.7600.16385 pwrshplugin.dll qagent.dll 6.1.7601.17514 Quarantine Agent Proxy qasf.dll 12.0.7601.17514 DirectShow ASF Support qcap.dll 6.6.7601.17514 DirectShow Runtime. qcliprov.dll 6.1.7601.17514 Quarantine Client WMI Provider qdv.dll 6.6.7601.17514 DirectShow Runtime. qdvd.dll 6.6.7601.17835 DirectShow DVD PlayBack Runtime. qedit.dll 6.6.7601.18175 DirectShow Editing. qedwipes.dll 6.6.7600.16385 DirectShow Editing SMPTE Wipes qmgrprxy.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy qshvhost.dll 6.1.7601.17514 Quarantine SHV Host qsvrmgmt.dll 6.1.7601.17514 Quarantine Server Management quartz.dll 6.6.7601.17713 DirectShow Runtime. query.dll 6.1.7601.17514 Content Index Utility DLL qutil.dll 6.1.7601.17514 Quarantine Utilities qwave.dll 6.1.7600.16385 Windows NT racengn.dll 6.1.7601.17514 Reliability analysis metrics calculation engine racpldlg.dll 6.1.7600.16385 Remote Assistance Contact List radardt.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Detector radarrs.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Resolver rasadhlp.dll 6.1.7600.16385 Remote Access AutoDial Helper rasapi32.dll 6.1.7600.16385 Remote Access API rascfg.dll 6.1.7600.16385 RAS Configuration Objects raschap.dll 6.1.7601.17514 Remote Access PPP CHAP rasctrs.dll 6.1.7600.16385 Windows NT Remote Access Perfmon Counter dll rasdiag.dll 6.1.7600.16385 RAS Diagnostics Helper Classes rasdlg.dll 6.1.7600.16385 Remote Access Common Dialog API rasgcw.dll 6.1.7600.16385 RAS Wizard Pages rasman.dll 6.1.7600.16385 Remote Access Connection Manager rasmm.dll 6.1.7600.16385 RAS Media Manager rasmontr.dll 6.1.7600.16385 RAS Monitor DLL rasmxs.dll 6.1.7600.16385 Remote Access Device DLL for modems, PADs and switches rasplap.dll 6.1.7600.16385 RAS PLAP Credential Provider rasppp.dll 6.1.7601.17514 Remote Access PPP rasser.dll 6.1.7600.16385 Remote Access Media DLL for COM ports rastapi.dll 6.1.7601.17514 Remote Access TAPI Compliance Layer rastls.dll 6.1.7601.17514 Remote Access PPP EAP-TLS rdpcore.dll 6.1.7601.17779 RDP Core DLL rdpd3d.dll 6.1.7601.17514 RDP Direct3D Remoting DLL rdpencom.dll 6.1.7601.17514 RDPSRAPI COM Objects rdpendp.dll 6.1.7601.17514 RDP Audio Endpoint rdpendp_winip.dll 6.2.9200.16398 RDP Audio Endpoint rdprefdrvapi.dll 6.1.7601.17514 Reflector Driver API rdvgumd32.dll 6.1.7601.17514 Microsoft vGPU reagent.dll 6.1.7601.17514 Microsoft Windows Recovery Agent DLL regapi.dll 6.1.7601.17514 Registry Configuration APIs regctrl.dll 6.1.7600.16385 RegCtrl remotepg.dll 6.1.7601.17514 Remote Sessions CPL Extension resampledmo.dll 6.1.7600.16385 Windows Media Resampler resutils.dll 6.1.7601.17514 Microsoft Cluster Resource Utility DLL rgb9rast.dll 6.1.7600.16385 Microsoft® Windows® Operating System riched20.dll 5.31.23.1230 Rich Text Edit Control, v3.1 riched32.dll 6.1.7601.17514 Wrapper Dll for Richedit 1.0 rnr20.dll 6.1.7600.16385 Windows Socket2 NameSpace DLL rpcdiag.dll 6.1.7600.16385 RPC Diagnostics rpchttp.dll 6.1.7601.17514 RPC HTTP DLL rpcndfp.dll 1.0.0.1 RPC NDF Helper Class rpcns4.dll 6.1.7600.16385 Remote Procedure Call Name Service Client rpcnsh.dll 6.1.7600.16385 RPC Netshell Helper rpcrt4.dll 6.1.7601.18205 Remote Procedure Call Runtime rpcrtremote.dll 6.1.7601.17514 Remote RPC Extension rsaenh.dll 6.1.7600.16385 Microsoft Enhanced Cryptographic Provider rshx32.dll 6.1.7600.16385 Security Shell Extension rstrtmgr.dll 6.1.7600.16385 Restart Manager rtffilt.dll 2008.0.7600.16385 RTF Filter rtm.dll 6.1.7600.16385 Routing Table Manager rtutils.dll 6.1.7601.17514 Routing Utilities samcli.dll 6.1.7601.17514 Security Accounts Manager Client DLL samlib.dll 6.1.7600.16385 SAM Library DLL sampleres.dll 6.1.7600.16385 Microsoft Samples sas.dll 6.1.7600.16385 WinLogon Software SAS Library sbe.dll 6.6.7601.17528 DirectShow Stream Buffer Filter. sbeio.dll 12.0.7600.16385 Stream Buffer IO DLL sberes.dll 6.6.7600.16385 DirectShow Stream Buffer Filter Resouces. scansetting.dll 6.1.7601.17514 Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation scarddlg.dll 6.1.7600.16385 SCardDlg - Smart Card Common Dialog scecli.dll 6.1.7601.17514 Windows Security Configuration Editor Client Engine scesrv.dll 6.1.7601.17514 Windows Security Configuration Editor Engine schannel.dll 6.1.7601.18270 TLS / SSL Security Provider schedcli.dll 6.1.7601.17514 Scheduler Service Client DLL scksp.dll 6.1.7600.16385 Microsoft Smart Card Key Storage Provider scripto.dll 6.6.7600.16385 Microsoft ScriptO scrobj.dll 5.8.7600.16385 Windows ® Script Component Runtime scrptadm.dll 6.1.7601.17514 Script Adm Extension scrrun.dll 5.8.7601.18283 Microsoft ® Script Runtime sdiageng.dll 6.1.7600.16385 Scripted Diagnostics Execution Engine sdiagprv.dll 6.1.7600.16385 Windows Scripted Diagnostic Provider API sdohlp.dll 6.1.7600.16385 NPS SDO Helper Component searchfolder.dll 6.1.7601.17514 SearchFolder sechost.dll 6.1.7600.16385 Host for SCM/SDDL/LSA Lookup APIs secproc.dll 6.1.7601.17514 Windows Rights Management Desktop Security Processor secproc_isv.dll 6.1.7601.17514 Windows Rights Management Desktop Security Processor secproc_ssp.dll 6.1.7601.17514 Windows Rights Management Services Server Security Processor secproc_ssp_isv.dll 6.1.7601.17514 Windows Rights Management Services Server Security Processor (Pre-production) secur32.dll 6.1.7601.18270 Security Support Provider Interface security.dll 6.1.7600.16385 Security Support Provider Interface sendmail.dll 6.1.7600.16385 Send Mail sens.dll 6.1.7600.16385 System Event Notification Service (SENS) sensapi.dll 6.1.7600.16385 SENS Connectivity API DLL sensorsapi.dll 6.1.7600.16385 Sensor API sensorscpl.dll 6.1.7601.17514 Open Location and Other Sensors serialui.dll 6.1.7600.16385 Serial Port Property Pages serwvdrv.dll 6.1.7600.16385 Unimodem Serial Wave driver sessenv.dll 6.1.7601.17514 Remote Desktop Configuration service setupapi.dll 6.1.7601.17514 Windows Setup API setupcln.dll 6.1.7601.17514 Setup Files Cleanup sfc.dll 6.1.7600.16385 Windows File Protection sfc_os.dll 6.1.7600.16385 Windows File Protection shacct.dll 6.1.7601.17514 Shell Accounts Classes shdocvw.dll 6.1.7601.18222 Shell Doc Object and Control Library shell32.dll 6.1.7601.18222 Windows Shell Common Dll shellstyle.dll 6.1.7600.16385 Windows Shell Style Resource Dll shfolder.dll 6.1.7600.16385 Shell Folder Service shgina.dll 6.1.7601.17514 Windows Shell User Logon shimeng.dll 6.1.7600.16385 Shim Engine DLL shimgvw.dll 6.1.7601.17514 Photo Gallery Viewer shlwapi.dll 6.1.7601.17514 Shell Light-weight Utility Library shpafact.dll 6.1.7600.16385 Windows Shell LUA/PA Elevation Factory Dll shsetup.dll 6.1.7601.17514 Shell setup helper shsvcs.dll 6.1.7601.17514 Windows Shell Services Dll shunimpl.dll 6.1.7601.17514 Windows Shell Obsolete APIs shwebsvc.dll 6.1.7601.17514 Windows Shell Web Services signdrv.dll 6.1.7600.16385 WMI provider for Signed Drivers sisbkup.dll 6.1.7601.17514 Single-Instance Store Backup Support Functions slc.dll 6.1.7600.16385 Software Licensing Client Dll slcext.dll 6.1.7600.16385 Software Licensing Client Extension Dll slwga.dll 6.1.7601.17514 Software Licensing WGA API smartcardcredentialprovider.dll 6.1.7601.18276 Windows Smartcard Credential Provider smbhelperclass.dll 1.0.0.1 SMB (File Sharing) Helper Class for Network Diagnostic Framework sndvolsso.dll 6.1.7601.17514 SCA Volume snmpapi.dll 6.1.7600.16385 SNMP Utility Library softkbd.dll 6.1.7600.16385 Soft Keyboard Server and Tip softpub.dll 6.1.7600.16385 Softpub Forwarder DLL sortserver2003compat.dll 6.1.7600.16385 Sort Version Server 2003 sortwindows6compat.dll 6.1.7600.16385 Sort Version Windows 6.0 spbcd.dll 6.1.7601.17514 BCD Sysprep Plugin spfileq.dll 6.1.7600.16385 Windows SPFILEQ spinf.dll 6.1.7600.16385 Windows SPINF spnet.dll 6.1.7600.16385 Net Sysprep Plugin spopk.dll 6.1.7601.17514 OPK Sysprep Plugin spp.dll 6.1.7601.17514 Microsoft® Windows Shared Protection Point Library sppc.dll 6.1.7601.17514 Software Licensing Client Dll sppcc.dll 6.1.7600.16385 Software Licensing Commerce Client sppcext.dll 6.1.7600.16385 Software Protection Platform Client Extension Dll sppcomapi.dll 6.1.7601.17514 Software Licensing Library sppcommdlg.dll 6.1.7600.16385 Software Licensing UI API sppinst.dll 6.1.7601.17514 SPP CMI Installer Plug-in DLL sppwmi.dll 6.1.7600.16385 Software Protection Platform WMI provider spwinsat.dll 6.1.7600.16385 WinSAT Sysprep Plugin spwizeng.dll 6.1.7601.17514 Setup Wizard Framework spwizimg.dll 6.1.7600.16385 Setup Wizard Framework Resources spwizres.dll 6.1.7601.17514 Setup Wizard Framework Resources spwmp.dll 6.1.7601.17514 Windows Media Player System Preparation DLL sqlceoledb30.dll 3.0.7600.0 Microsoft SQL Mobile sqlceqp30.dll 3.0.7600.0 Microsoft SQL Mobile sqlcese30.dll 3.0.7601.0 Microsoft SQL Mobile sqlncli11.dll 2011.110.2100.60 Microsoft SQL Server Native Client 11.0 sqloledb.dll 6.1.7601.17514 OLE DB Provider for SQL Server sqlserverspatial.dll 2009.100.1600.1 SQL Server Spatial Library sqlserverspatial110.dll 2011.110.2100.60 SQL Server Spatial Library sqlsrv32.dll 6.1.7601.17514 SQL Server ODBC Driver sqlunirl.dll 2000.80.728.0 String Function .DLL for SQL Enterprise Components sqlwid.dll 1999.10.20.0 Unicode Function .DLL for SQL Enterprise Components sqlwoa.dll 1999.10.20.0 Unicode/ANSI Function .DLL for SQL Enterprise Components sqlxmlx.dll 6.1.7600.16385 XML extensions for SQL Server sqmapi.dll 6.1.7601.17514 SQM Client srchadmin.dll 7.0.7601.17514 Indexing Options srclient.dll 6.1.7601.17836 Microsoft® Windows System Restore Client Library srhelper.dll 6.1.7600.16385 Microsoft® Windows driver and windows update enumeration library srpuxnativesnapin.dll 6.1.7600.16385 Application Control Policies Group Policy Editor Extension srvcli.dll 6.1.7601.17514 Server Service Client DLL sscore.dll 6.1.7601.17514 Server Service Core DLL ssdpapi.dll 6.1.7600.16385 SSDP Client API DLL sspicli.dll 6.1.7601.18270 Security Support Provider Interface ssshim.dll 6.1.7600.16385 Windows Componentization Platform Servicing API ssubtmr6.dll 1.1.0.3 Subclassing and Timer Assistant, modified for configurable message response, multi control support and bug fixed for timer errors. stclient.dll 2001.12.8530.16385 COM+ Configuration Catalog Client sti.dll 6.1.7600.16385 Still Image Devices client DLL stobject.dll 6.1.7601.17514 Systray shell service object storage.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library storagecontexthandler.dll 6.1.7600.16385 Device Center Storage Context Menu Handler storprop.dll 6.1.7600.16385 Property Pages for Storage Devices structuredquery.dll 7.0.7601.17514 Structured Query sud.dll 6.1.7601.17514 SUD Control Panel sxproxy.dll 6.1.7600.16385 Microsoft® Windows System Protection Proxy Library sxs.dll 6.1.7601.17514 Fusion 2.5 sxshared.dll 6.1.7600.16385 Microsoft® Windows SX Shared Library sxsstore.dll 6.1.7600.16385 Sxs Store DLL synccenter.dll 6.1.7601.17514 Microsoft Sync Center synceng.dll 6.1.7601.17959 Windows Briefcase Engine synchostps.dll 6.1.7600.16385 Proxystub for sync host syncinfrastructure.dll 6.1.7600.16385 Microsoft Windows Sync Infrastructure. syncinfrastructureps.dll 6.1.7600.16385 Microsoft Windows sync infrastructure proxy stub. syncreg.dll 2007.94.7600.16385 Microsoft Synchronization Framework Registration syncui.dll 6.1.7601.17514 Windows Briefcase syssetup.dll 6.1.7601.17514 Windows NT System Setup systemcpl.dll 6.1.7601.17514 My System CPL t2embed.dll 6.1.7601.17514 Microsoft T2Embed Font Embedding tapi3.dll 6.1.7600.16385 Microsoft TAPI3 tapi32.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API Client DLL tapimigplugin.dll 6.1.7600.16385 Microsoft® Windows(TM) TAPI Migration Plugin Dll tapiperf.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Performance Monitor tapisrv.dll 6.1.7601.17514 Microsoft® Windows(TM) Telephony Server tapisysprep.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Sysprep Work tapiui.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API UI DLL taskcomp.dll 6.1.7601.17514 Task Scheduler Backward Compatibility Plug-in taskschd.dll 6.1.7601.17514 Task Scheduler COM API taskschdps.dll 6.1.7600.16385 Task Scheduler Interfaces Proxy tbs.dll 6.1.7600.16385 TBS tcpipcfg.dll 6.1.7601.17514 Network Configuration Objects tcpmonui.dll 6.1.7600.16385 Standard TCP/IP Port Monitor UI DLL tdh.dll 6.1.7601.18247 Event Trace Helper Library termmgr.dll 6.1.7601.17514 Microsoft TAPI3 Terminal Manager thawbrkr.dll 6.1.7600.16385 Thai Word Breaker themecpl.dll 6.1.7601.17514 Personalization CPL themeui.dll 6.1.7601.17514 Windows Theme API thumbcache.dll 6.1.7601.17514 Microsoft Thumbnail Cache timedatemuicallback.dll 6.1.7600.16385 Time Date Control UI Language Change plugin tlscsp.dll 6.1.7601.17514 Microsoft® Remote Desktop Services Cryptographic Utility tpmcompc.dll 6.1.7600.16385 Computer Chooser Dialog tquery.dll 7.0.7601.17610 tquery.dll traffic.dll 6.1.7600.16385 Microsoft Traffic Control 1.0 DLL trapi.dll 6.1.7601.17514 Microsoft Narrator Text Renderer tsbyuv.dll 6.1.7601.17514 Toshiba Video Codec tsc2_codec32.dll 1.0.6.0 TechSmith Screen Codec 2 tsc2_codec64.dll 1.0.6.0 TechSmith Screen Codec 2 tsccvid.dll 3.1.12331.1 TechSmith Screen Capture Codec tsccvid64.dll 3.1.12331.1 TechSmith Screen Capture Codec tschannel.dll 6.1.7600.16385 Task Scheduler Proxy tsgqec.dll 6.2.9200.16398 RD Gateway QEC tsmf.dll 6.1.7601.17514 RDP MF Plugin tspkg.dll 6.1.7601.17514 Web Service Security Package tsworkspace.dll 6.1.7601.17514 RemoteApp and Desktop Connection Component tvratings.dll 6.6.7600.16385 Module for managing TV ratings twext.dll 6.1.7601.17514 Previous Versions property page txflog.dll 2001.12.8530.16385 COM+ txfw32.dll 6.1.7600.16385 TxF Win32 DLL typelib.dll 2.10.3029.1 OLE 2.1 16/32 Interoperability Library tzres.dll 6.1.7601.18312 Time Zones resource DLL ubpm.dll 6.1.7600.16385 Unified Background Process Manager DLL ucmhc.dll 6.1.7600.16385 UCM Helper Class udhisapi.dll 6.1.7600.16385 UPnP Device Host ISAPI Extension uexfat.dll 6.1.7600.16385 eXfat Utility DLL ufat.dll 6.1.7600.16385 FAT Utility DLL uianimation.dll 6.2.9200.16492 Windows Animation Manager uiautomationcore.dll 7.0.0.0 Microsoft UI Automation Core uicom.dll 6.1.7600.16385 Add/Remove Modems uiribbon.dll 6.1.7601.17514 Windows Ribbon Framework uiribbonres.dll 6.1.7601.17514 Windows Ribbon Framework Resources ulib.dll 6.1.7600.16385 File Utilities Support DLL umdmxfrm.dll 6.1.7600.16385 Unimodem Tranform Module unicows.dll 1.1.3790.0 Microsoft Layer for Unicode on Win9x Systems (MSLU) unimdmat.dll 6.1.7601.17514 Unimodem Service Provider AT Mini Driver uniplat.dll 6.1.7600.16385 Unimodem AT Mini Driver Platform Driver for Windows NT unrar.dll 5.0.100.965 untfs.dll 6.1.7601.17514 NTFS Utility DLL upnp.dll 6.1.7601.17514 UPnP Control Point API upnphost.dll 6.1.7600.16385 UPnP Device Host ureg.dll 6.1.7600.16385 Registry Utility DLL url.dll 11.0.9600.16428 Internet Shortcut Shell Extension DLL urlmon.dll 11.0.9600.16476 OLE32 Extensions for Win32 usbceip.dll 6.1.7600.16385 USBCEIP Task usbperf.dll 6.1.7600.16385 USB Performance Objects DLL usbui.dll 6.1.7600.16385 USB UI Dll user32.dll 6.1.7601.17514 Multi-User Windows USER API Client DLL useraccountcontrolsettings.dll 6.1.7601.17514 UserAccountControlSettings usercpl.dll 6.1.7601.17514 User control panel userenv.dll 6.1.7601.17514 Userenv usp10.dll 1.626.7601.18009 Uniscribe Unicode script processor utildll.dll 6.1.7601.17514 WinStation utility support DLL uudf.dll 6.1.7600.16385 UDF Utility DLL uxinit.dll 6.1.7600.16385 Windows User Experience Session Initialization Dll uxlib.dll 6.1.7601.17514 Setup Wizard Framework uxlibres.dll 6.1.7600.16385 UXLib Resources uxtheme.dll 6.1.7600.16385 Microsoft UxTheme Library van.dll 6.1.7601.17514 View Available Networks vault.dll 6.1.7601.17514 Windows vault Control Panel vaultcli.dll 6.1.7600.16385 Credential Vault Client Library vb5db.dll 6.0.81.69 Visual Basic ICursor Interface Library vbajet32.dll 6.0.1.9431 Visual Basic for Applications Development Environment - Expression Service Loader vbscript.dll 5.8.9600.16428 Microsoft ® VBScript vcamp110.dll 11.0.51106.1 Microsoft® C++ AMP Runtime vcamp110d.dll 11.0.50727.1 Microsoft® C++ AMP Runtime vccorlib110.dll 11.0.51106.1 Microsoft ® VC WinRT core library vccorlib110d.dll 11.0.50727.1 Microsoft ® VC WinRT core library vcomp100.dll 10.0.40219.325 Microsoft® C/C++ OpenMP Runtime vcomp110.dll 11.0.51106.1 Microsoft® C/C++ OpenMP Runtime vcomp110d.dll 11.0.50727.1 Microsoft® C/C++ OpenMP Runtime vdmdbg.dll 6.1.7600.16385 VDMDBG.DLL vds_ps.dll 6.1.7600.16385 Microsoft® Virtual Disk Service proxy/stub vdsbas.dll 6.1.7601.17514 Virtual Disk Service Basic Provider vdsdyn.dll 6.1.7600.16385 VDS Dynamic Volume Provider, Version 2.1.0.1 vdsvd.dll 6.1.7600.16385 VDS Virtual Disk Provider, Version 1.0 verifier.dll 6.1.7600.16385 Standard application verifier provider dll version.dll 6.1.7600.16385 Version Checking and File Installation Libraries vfbasics.dll 6.2.9200.16384 Application Verifier Provider - Basics Provider vfcompat.dll 6.2.9200.16384 Application Verifier Provider - OS compatibility issues detection. vfcuzz.dll 6.2.9200.16384 Application Verifier Provider - Cuzz Provider vfluapriv.dll 6.2.9200.16384 Application Verifier Provider - LuaPriv Provider vfnet.dll 6.2.9200.16384 Application Verifier Provider - Networking Provider vfntlmless.dll 6.2.9200.16384 Application Verifier Provider - NTLMLess Provider vfnws.dll 6.2.9200.16384 Application Verifier Provider - Native Web Services vfpodbc.dll 1.0.2.0 vfpodbc vfprint.dll 6.2.9200.16384 Application Verifier Provider - Printing Provider vfprintpthelper.dll 6.2.9200.16384 Application Verifier Provider - Printing PT Provider vfrdvcompat.dll 6.2.9200.16384 Application Verifier Provider - Terminal Services Compatibility Provider vfwwdm32.dll 6.1.7601.17514 VfW MM Driver for WDM Video Capture Devices vidreszr.dll 6.1.7600.16385 Windows Media Resizer virtdisk.dll 6.1.7600.16385 Virtual Disk API DLL vpnikeapi.dll 6.1.7601.17514 VPN IKE API's vrfcore.dll 6.2.9200.16384 Application Verifier Provider - Core Verification and SDK vscover110.dll 11.0.50727.1 Code Coverage Collection DLL vsd3drefdebug.dll 9.30.960.9200 VSD3D Debugger for Direct3D 11 Reference Device vsgraphicshelper.dll 11.0.50727.1 Microsoft Visual Studio Graphics Helper DLL vsperf110.dll 11.0.50727.1 VSPerf Data Collection DLL vss_ps.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service proxy/stub vssapi.dll 6.1.7601.17514 Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL vsstrace.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service Tracing Library w32topl.dll 6.1.7600.16385 Windows NT Topology Maintenance Tool wab32.dll 6.1.7601.17699 Microsoft (R) Contacts DLL wab32res.dll 6.1.7600.16385 Microsoft (R) Contacts DLL wabsyncprovider.dll 6.1.7600.16385 Microsoft Windows Contacts Sync Provider wavemsp.dll 6.1.7601.17514 Microsoft Wave MSP wbemcomn.dll 6.1.7601.17514 WMI wcnapi.dll 6.1.7600.16385 Windows Connect Now - API Helper DLL wcncsvc.dll 6.1.7601.17514 Windows Connect Now - Config Registrar Service wcneapauthproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP Authenticator Proxy wcneappeerproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP PEER Proxy wcnwiz.dll 6.1.7600.16385 Windows Connect Now Wizards wcspluginservice.dll 6.1.7600.16385 WcsPlugInService DLL wdc.dll 6.1.7601.17514 Performance Monitor wdi.dll 6.1.7600.16385 Windows Diagnostic Infrastructure wdigest.dll 6.1.7600.16385 Microsoft Digest Access wdscore.dll 6.1.7601.17514 Panther Engine Module webcheck.dll 11.0.9600.16428 Web Site Monitor webclnt.dll 6.1.7601.18201 Web DAV Service DLL webio.dll 6.1.7601.17725 Web Transfer Protocols API webservices.dll 6.1.7601.17514 Windows Web Services Runtime wecapi.dll 6.1.7600.16385 Event Collector Configuration API wer.dll 6.1.7601.17514 Windows Error Reporting DLL werdiagcontroller.dll 6.1.7600.16385 WER Diagnostic Controller werui.dll 6.1.7600.16385 Windows Error Reporting UI DLL wevtapi.dll 6.1.7600.16385 Eventing Consumption and Configuration API wevtfwd.dll 6.1.7600.16385 WS-Management Event Forwarding Plug-in wfapigp.dll 6.1.7600.16385 Windows Firewall GPO Helper dll wfhc.dll 6.1.7600.16385 Windows Firewall Helper Class whealogr.dll 6.1.7600.16385 WHEA Troubleshooter whhelper.dll 6.1.7600.16385 Net shell helper DLL for winHttp wiaaut.dll 6.1.7600.16385 WIA Automation Layer wiadefui.dll 6.1.7601.17514 WIA Scanner Default UI wiadss.dll 6.1.7600.16385 WIA TWAIN compatibility layer wiaextensionhost64.dll 6.1.7600.16385 WIA Extension Host for thunking APIs from 32-bit to 64-bit process wiascanprofiles.dll 6.1.7600.16385 Microsoft Windows ScanProfiles wiashext.dll 6.1.7600.16385 Imaging Devices Shell Folder UI wiatrace.dll 6.1.7600.16385 WIA Tracing wiavideo.dll 6.1.7601.17514 WIA Video wimgapi.dll 6.1.7601.17514 Windows Imaging Library win32spl.dll 6.1.7601.18142 Client Side Rendering Print Provider winbio.dll 6.1.7600.16385 Windows Biometrics Client API winbrand.dll 6.1.7600.16385 Windows Branding Resources wincredprovider.dll 6.1.7600.16385 wincredprovider DLL windowsaccessbridge-32.dll 2.0.7.0 Java Access Bridge for Windows windowscodecs.dll 6.2.9200.16583 Microsoft Windows Codecs Library windowscodecsext.dll 6.2.9200.16492 Microsoft Windows Codecs Extended Library winfax.dll 6.1.7600.16385 Microsoft Fax API Support DLL winhttp.dll 6.1.7601.17514 Windows HTTP Services wininet.dll 11.0.9600.16476 Internet Extensions for Win32 winipsec.dll 6.1.7600.16385 Windows IPsec SPD Client DLL winmm.dll 6.1.7601.17514 MCI API DLL winnsi.dll 6.1.7600.16385 Network Store Information RPC interface winrnr.dll 6.1.7600.16385 LDAP RnR Provider DLL winrscmd.dll 6.1.7600.16385 remtsvc winrsmgr.dll 6.1.7600.16385 WSMan Shell API winrssrv.dll 6.1.7600.16385 winrssrv winsatapi.dll 6.1.7601.17514 Windows System Assessment Tool API winscard.dll 6.1.7601.17514 Microsoft Smart Card API winshfhc.dll 6.1.7600.16385 File Risk Estimation winsockhc.dll 6.1.7600.16385 Winsock Network Diagnostic Helper Class winsrpc.dll 6.1.7600.16385 WINS RPC LIBRARY winsta.dll 6.1.7601.17514 Winstation Library winsync.dll 2007.94.7600.16385 Synchronization Framework winsyncmetastore.dll 2007.94.7600.16385 Windows Synchronization Metadata Store winsyncproviders.dll 2007.94.7600.16385 Windows Synchronization Provider Framework wintrust.dll 6.1.7601.18205 Microsoft Trust Verification APIs winusb.dll 6.1.7600.16385 Windows USB Driver User Library wkscli.dll 6.1.7601.17514 Workstation Service Client DLL wksprtps.dll 6.2.9200.16398 WorkspaceRuntime ProxyStub DLL wlanapi.dll 6.1.7600.16385 Windows WLAN AutoConfig Client Side API DLL wlancfg.dll 6.1.7600.16385 Wlan Netsh Helper DLL wlanconn.dll 6.1.7600.16385 Dot11 Connection Flows wlandlg.dll 6.1.7600.16385 Wireless Lan Dialog Wizards wlangpui.dll 6.1.7601.17514 Wireless Network Policy Management Snap-in wlanhlp.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Client Side Helper API wlaninst.dll 6.1.7600.16385 Windows NET Device Class Co-Installer for Wireless LAN wlanmm.dll 6.1.7600.16385 Dot11 Media and AdHoc Managers wlanmsm.dll 6.1.7601.17514 Windows Wireless LAN 802.11 MSM DLL wlanpref.dll 6.1.7601.17514 Wireless Preferred Networks wlansec.dll 6.1.7600.16385 Windows Wireless LAN 802.11 MSM Security Module DLL wlanui.dll 6.1.7601.17514 Wireless Profile UI wlanutil.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Utility DLL wldap32.dll 6.1.7601.17514 Win32 LDAP API DLL wlgpclnt.dll 6.1.7600.16385 802.11 Group Policy Client wls0wndh.dll 6.1.7600.16385 Session0 Viewer Window Hook DLL wmadmod.dll 6.1.7601.17514 Windows Media Audio Decoder wmadmoe.dll 6.1.7600.16385 Windows Media Audio 10 Encoder/Transcoder wmasf.dll 12.0.7600.16385 Windows Media ASF DLL wmcodecdspps.dll 6.1.7600.16385 Windows Media CodecDSP Proxy Stub Dll wmdmlog.dll 12.0.7600.16385 Windows Media Device Manager Logger wmdmps.dll 12.0.7600.16385 Windows Media Device Manager Proxy Stub wmdrmdev.dll 12.0.7601.17514 Windows Media DRM for Network Devices Registration DLL wmdrmnet.dll 12.0.7601.17514 Windows Media DRM for Network Devices DLL wmdrmsdk.dll 11.0.7601.17514 Windows Media DRM SDK DLL wmerror.dll 12.0.7600.16385 Windows Media Error Definitions (English) wmi.dll 6.1.7601.17787 WMI DC and DP functionality wmidx.dll 12.0.7600.16385 Windows Media Indexer DLL wmiprop.dll 6.1.7600.16385 WDM Provider Dynamic Property Page CoInstaller wmnetmgr.dll 12.0.7601.17514 Windows Media Network Plugin Manager DLL wmp.dll 12.0.7601.17514 Windows Media Player wmpcm.dll 12.0.7600.16385 Windows Media Player Compositing Mixer wmpdui.dll 12.0.7600.16385 Windows DirectUser Engine wmpdxm.dll 12.0.7601.17514 Windows Media Player Extension wmpeffects.dll 12.0.7601.17514 Windows Media Player Effects wmpencen.dll 12.0.7601.17514 Windows Media Player Encoding Module wmphoto.dll 6.2.9200.16492 Windows Media Photo Codec wmploc.dll 12.0.7601.17514 Windows Media Player Resources wmpmde.dll 12.0.7601.17514 WMPMDE DLL wmpps.dll 12.0.7601.17514 Windows Media Player Proxy Stub Dll wmpshell.dll 12.0.7601.17514 Windows Media Player Launcher wmpsrcwp.dll 12.0.7601.17514 WMPSrcWp Module wmsgapi.dll 6.1.7600.16385 WinLogon IPC Client wmspdmod.dll 6.1.7601.17514 Windows Media Audio Voice Decoder wmspdmoe.dll 6.1.7600.16385 Windows Media Audio Voice Encoder wmvcore.dll 12.0.7601.17514 Windows Media Playback/Authoring DLL wmvdecod.dll 6.1.7601.18221 Windows Media Video Decoder wmvdspa.dll 6.1.7600.16385 Windows Media Video DSP Components - Advanced wmvencod.dll 6.1.7600.16385 Windows Media Video 9 Encoder wmvsdecd.dll 6.1.7601.17514 Windows Media Screen Decoder wmvsencd.dll 6.1.7600.16385 Windows Media Screen Encoder wmvxencd.dll 6.1.7600.16385 Windows Media Video Encoder wow32.dll 6.1.7601.18247 Wow32 wpc.dll 1.0.0.1 WPC Settings Library wpcao.dll 6.1.7600.16385 WPC Administrator Override wpcsvc.dll 1.0.0.1 WPC Filtering Service wpdshext.dll 6.1.7601.17514 Portable Devices Shell Extension wpdshserviceobj.dll 6.1.7601.17514 Windows Portable Device Shell Service Object wpdsp.dll 6.1.7601.17514 WMDM Service Provider for Windows Portable Devices wpdwcn.dll 6.1.7601.17514 Windows Portable Device WCN Wizard ws2_32.dll 6.1.7601.17514 Windows Socket 2.0 32-Bit DLL ws2help.dll 6.1.7600.16385 Windows Socket 2.0 Helper for Windows NT wscapi.dll 6.1.7601.17514 Windows Security Center API wscinterop.dll 6.1.7600.16385 Windows Health Center WSC Interop wscisvif.dll 6.1.7600.16385 Windows Security Center ISV API wscmisetup.dll 6.1.7600.16385 Installers for Winsock Transport and Name Space Providers wscproxystub.dll 6.1.7600.16385 Windows Security Center ISV Proxy Stub wsdapi.dll 6.1.7601.17514 Web Services for Devices API DLL wsdchngr.dll 6.1.7601.17514 WSD Challenge Component wsecedit.dll 6.1.7600.16385 Security Configuration UI Module wshbth.dll 6.1.7601.17514 Windows Sockets Helper DLL wshcon.dll 5.8.7600.16385 Microsoft ® Windows Script Controller wshelper.dll 6.1.7600.16385 Winsock Net shell helper DLL for winsock wshext.dll 5.8.7600.16385 Microsoft ® Shell Extension for Windows Script Host wship6.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv6) wshirda.dll 6.1.7601.17514 Windows Sockets Helper DLL wshqos.dll 6.1.7600.16385 QoS Winsock2 Helper DLL wshrm.dll 6.1.7600.16385 Windows Sockets Helper DLL for PGM wshtcpip.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv4) wsmanmigrationplugin.dll 6.1.7600.16385 WinRM Migration Plugin wsmauto.dll 6.1.7600.16385 WSMAN Automation wsmplpxy.dll 6.1.7600.16385 wsmplpxy wsmres.dll 6.1.7600.16385 WSMan Resource DLL wsmsvc.dll 6.1.7601.17514 WSMan Service wsmwmipl.dll 6.1.7600.16385 WSMAN WMI Provider wsnmp32.dll 6.1.7601.17514 Microsoft WinSNMP v2.0 Manager API wsock32.dll 6.1.7600.16385 Windows Socket 32-Bit DLL wtsapi32.dll 6.1.7601.17514 Windows Remote Desktop Session Host Server SDK APIs wuapi.dll 7.5.7601.17514 Windows Update Client API wudriver.dll 7.5.7601.17514 Windows Update WUDriver Stub wups.dll 7.5.7601.17514 Windows Update client proxy stub wuwebv.dll 7.5.7601.17514 Windows Update Vista Web Control wvc.dll 6.1.7601.17514 Windows Visual Components wwanapi.dll 6.1.7600.16385 Mbnapi wwapi.dll 8.1.2.0 WWAN API wzcdlg.dll 6.1.7600.16385 Windows Connect Now - Flash Config Enrollee x3daudio1_0.dll 9.11.519.0 X3DAudio x3daudio1_1.dll 9.15.779.0 X3DAudio x3daudio1_2.dll 9.21.1148.0 X3DAudio x3daudio1_3.dll 9.22.1284.0 X3DAudio x3daudio1_4.dll 9.23.1350.0 X3DAudio x3daudio1_5.dll 9.25.1476.0 X3DAudio x3daudio1_6.dll 9.26.1590.0 3D Audio Library x3daudio1_7.dll 9.28.1886.0 3D Audio Library xactengine2_0.dll 9.11.519.0 XACT Engine API xactengine2_1.dll 9.12.589.0 XACT Engine API xactengine2_10.dll 9.21.1148.0 XACT Engine API xactengine2_2.dll 9.13.644.0 XACT Engine API xactengine2_3.dll 9.14.701.0 XACT Engine API xactengine2_4.dll 9.15.779.0 XACT Engine API xactengine2_5.dll 9.16.857.0 XACT Engine API xactengine2_6.dll 9.17.892.0 XACT Engine API xactengine2_7.dll 9.18.944.0 XACT Engine API xactengine2_8.dll 9.19.1007.0 XACT Engine API xactengine2_9.dll 9.20.1057.0 XACT Engine API xactengine3_0.dll 9.22.1284.0 XACT Engine API xactengine3_1.dll 9.23.1350.0 XACT Engine API xactengine3_2.dll 9.24.1400.0 XACT Engine API xactengine3_3.dll 9.25.1476.0 XACT Engine API xactengine3_4.dll 9.26.1590.0 XACT Engine API xactengine3_5.dll 9.27.1734.0 XACT Engine API xactengine3_6.dll 9.28.1886.0 XACT Engine API xactengine3_7.dll 9.29.1962.0 XACT Engine API xapofx1_0.dll 9.23.1350.0 XAPOFX xapofx1_1.dll 9.24.1400.0 XAPOFX xapofx1_2.dll 9.25.1476.0 XAPOFX xapofx1_3.dll 9.26.1590.0 Audio Effect Library xapofx1_4.dll 9.28.1886.0 Audio Effect Library xapofx1_5.dll 9.29.1962.0 Audio Effect Library xaudio2_0.dll 9.22.1284.0 XAudio2 Game Audio API xaudio2_1.dll 9.23.1350.0 XAudio2 Game Audio API xaudio2_2.dll 9.24.1400.0 XAudio2 Game Audio API xaudio2_3.dll 9.25.1476.0 XAudio2 Game Audio API xaudio2_4.dll 9.26.1590.0 XAudio2 Game Audio API xaudio2_5.dll 9.27.1734.0 XAudio2 Game Audio API xaudio2_6.dll 9.28.1886.0 XAudio2 Game Audio API xaudio2_7.dll 9.29.1962.0 XAudio2 Game Audio API xinput1_1.dll 9.12.589.0 Microsoft Common Controller API xinput1_2.dll 9.14.701.0 Microsoft Common Controller API xinput1_3.dll 9.18.944.0 Microsoft Common Controller API xinput9_1_0.dll 6.1.7600.16385 XNA Common Controller xmlfilter.dll 2008.0.7600.16385 XML Filter xmllite.dll 1.3.1001.0 Microsoft XmlLite Library xmlprovi.dll 6.1.7600.16385 Network Provisioning Service Client API xmlrw.dll 2011.110.2809.27 Microsoft XML Slim Library xmlrwbin.dll 2011.110.2809.27 Microsoft XML Slim Library xolehlp.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Helper APIs DLL xpsfilt.dll 6.1.7600.16385 XML Paper Specification Document IFilter xpsgdiconverter.dll 6.2.9200.16492 XPS to GDI Converter xpsprint.dll 6.2.9200.16492 XPS Printing DLL xpsrasterservice.dll 6.1.7601.17514 XPS Rasterization Service Component xpsservices.dll 6.1.7601.17514 Xps Object Model in memory creation and deserialization xpsshhdr.dll 6.1.7600.16385 Package Document Shell Extension Handler xpssvcs.dll 6.1.7600.16385 Native Code Xps Services Library xwizards.dll 6.1.7600.16385 Extensible Wizards Manager Module xwreg.dll 6.1.7600.16385 Extensible Wizard Registration Manager Module xwtpdui.dll 6.1.7600.16385 Extensible Wizard Type Plugin for DUI xwtpw32.dll 6.1.7600.16385 Extensible Wizard Type Plugin for Win32 zipfldr.dll 6.1.7601.17514 Compressed (zipped) Folders zlib.dll 1.2.3.0 zlib data compression library --------[ UpTime ]------------------------------------------------------------------------------------------------------ Current Session: Last Shutdown Time 12/12/2013 3:22:22 AM Last Boot Time 12/24/2013 11:11:06 PM Current Time 12/24/2013 11:18:37 PM UpTime 479 sec (0 days, 0 hours, 7 min, 59 sec) UpTime Statistics: First Boot Time 10/20/2013 10:19:46 AM First Shutdown Time 10/20/2013 10:18:32 AM Total UpTime 4231255 sec (48 days, 23 hours, 20 min, 55 sec) Total DownTime 4355044 sec (50 days, 9 hours, 44 min, 4 sec) Longest UpTime 760787 sec (8 days, 19 hours, 19 min, 47 sec) Longest DownTime 1108124 sec (12 days, 19 hours, 48 min, 44 sec) Total Reboots 35 System Availability 49.28% Bluescreen Statistics: Total Bluescreens 0 Information: Information The above statistics are based on System Event Log entries --------[ Share ]------------------------------------------------------------------------------------------------------- Users Folder C:\Users ADMIN$ Folder Remote Admin C:\Windows C$ Folder Default share C:\ D$ Folder Default share D:\ E$ Folder Default share E:\ F$ Folder Default share F:\ IPC$ IPC Remote IPC --------[ Account Security ]-------------------------------------------------------------------------------------------- Account Security Properties: Computer Role Primary Domain Name SpringForest Primary Domain Controller Not Specified Forced Logoff Time Disabled Min / Max Password Age 0 / 42 days Minimum Password Length 0 chars Password History Length Disabled Lockout Threshold Disabled Lockout Duration 30 min Lockout Observation Window 30 min --------[ Logon ]------------------------------------------------------------------------------------------------------- Devihaka SPRINGFOREST SpringForest Devihaka SPRINGFOREST SpringForest UpdatusUser UpdatusUser SPRINGFOREST SpringForest --------[ Users ]------------------------------------------------------------------------------------------------------- [ Administrator ] User Properties: User Name Administrator Full Name Administrator Comment Built-in account for administering the computer/domain Member Of Groups HomeUsers; Administrators Logon Count 1 Disk Quota - User Features: Logon Script Executed Yes Account Disabled Yes Locked Out User No Home Folder Required No Password Required Yes Read-Only Password No Password Never Expires Yes [ Devihaka ] User Properties: User Name Devihaka Full Name Devihaka Member Of Groups HomeUsers; Administrators Logon Count 34 Disk Quota - User Features: Logon Script Executed Yes Account Disabled No Locked Out User No Home Folder Required No Password Required No Read-Only Password No Password Never Expires Yes [ Guest ] User Properties: User Name Guest Full Name Guest Comment Built-in account for guest access to the computer/domain Member Of Groups Guests Logon Count 0 Disk Quota - User Features: Logon Script Executed Yes Account Disabled Yes Locked Out User No Home Folder Required No Password Required No Read-Only Password Yes Password Never Expires Yes [ HomeGroupUser$ ] User Properties: User Name HomeGroupUser$ Full Name HomeGroupUser$ Comment Built-in account for homegroup access to the computer Member Of Groups HomeUsers Logon Count 0 Disk Quota - User Features: Logon Script Executed Yes Account Disabled No Locked Out User No Home Folder Required No Password Required Yes Read-Only Password No Password Never Expires Yes [ UpdatusUser ] User Properties: User Name UpdatusUser Full Name UpdatusUser Comment Used to provide NVIDIA software updates Logon Count 14 Disk Quota - User Features: Logon Script Executed Yes Account Disabled No Locked Out User No Home Folder Required No Password Required Yes Read-Only Password No Password Never Expires Yes --------[ Local Groups ]------------------------------------------------------------------------------------------------ [ Administrators ] Local Group Properties: Comment Administrators have complete and unrestricted access to the computer/domain Group Members: Administrator Devihaka [ Backup Operators ] Local Group Properties: Comment Backup Operators can override security restrictions for the sole purpose of backing up or restoring files [ Cryptographic Operators ] Local Group Properties: Comment Members are authorized to perform cryptographic operations. [ Distributed COM Users ] Local Group Properties: Comment Members are allowed to launch, activate and use Distributed COM objects on this machine. [ Event Log Readers ] Local Group Properties: Comment Members of this group can read event logs from local machine [ Guests ] Local Group Properties: Comment Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted Group Members: Guest [ HomeUsers ] Local Group Properties: Comment HomeUsers Security Group Group Members: Administrator Devihaka HomeGroupUser$ HomeGroupUser$ [ IIS_IUSRS ] Local Group Properties: Comment Built-in group used by Internet Information Services. Group Members: IUSR [ Network Configuration Operators ] Local Group Properties: Comment Members in this group can have some administrative privileges to manage configuration of networking features [ Performance Log Users ] Local Group Properties: Comment Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer [ Performance Monitor Users ] Local Group Properties: Comment Members of this group can access performance counter data locally and remotely [ Power Users ] Local Group Properties: Comment Power Users are included for backwards compatibility and possess limited administrative powers [ Remote Desktop Users ] Local Group Properties: Comment Members in this group are granted the right to logon remotely [ Replicator ] Local Group Properties: Comment Supports file replication in a domain [ Users ] Local Group Properties: Comment Users are prevented from making accidental or intentional system-wide changes and can run most applications Group Members: Authenticated Users INTERACTIVE --------[ Global Groups ]----------------------------------------------------------------------------------------------- [ None ] Global Group Properties: Comment Ordinary users Group Members: Administrator Devihaka Guest HomeGroupUser$ HomeGroupUser$ UpdatusUser UpdatusUser --------[ Windows Video ]----------------------------------------------------------------------------------------------- [ NVIDIA GeForce GTX 460 ] Video Adapter Properties: Device Description NVIDIA GeForce GTX 460 Adapter String GeForce GTX 460 BIOS String Version 70.4.2e.0.70 Chip Type GeForce GTX 460 DAC Type Integrated RAMDAC Driver Date 11/10/2013 Driver Version 9.18.13.3182 - nVIDIA ForceWare 331.82 Driver Provider NVIDIA Memory Size 1 GB Installed Drivers: nvd3dumx 9.18.13.3182 nvwgf2umx 9.18.13.3182 nvwgf2umx 9.18.13.3182 nvd3dum 9.18.13.3182 - nVIDIA ForceWare 331.82 nvwgf2um 9.18.13.3182 nvwgf2um 9.18.13.3182 Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ NVIDIA GeForce GTX 460 ] Video Adapter Properties: Device Description NVIDIA GeForce GTX 460 Adapter String GeForce GTX 460 BIOS String Version 70.4.2e.0.70 Chip Type GeForce GTX 460 DAC Type Integrated RAMDAC Driver Date 11/10/2013 Driver Version 9.18.13.3182 - nVIDIA ForceWare 331.82 Driver Provider NVIDIA Memory Size 1 GB Installed Drivers: nvd3dumx 9.18.13.3182 nvwgf2umx 9.18.13.3182 nvwgf2umx 9.18.13.3182 nvd3dum 9.18.13.3182 - nVIDIA ForceWare 331.82 nvwgf2um 9.18.13.3182 nvwgf2um 9.18.13.3182 Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ PCI / AGP Video ]--------------------------------------------------------------------------------------------- nVIDIA GeForce GTX 460 Video Adapter nVIDIA GeForce GTX 460 3D Accelerator --------[ GPU ]--------------------------------------------------------------------------------------------------------- [ PCI Express 2.0 x16: EVGA e-GeForce GTX 460 ] Graphics Processor Properties: Video Adapter EVGA e-GeForce GTX 460 BIOS Version 70.04.2E.00.70 BIOS Date 11/16/2010 GPU Code Name GF104 PCI Device 10DE-0E22 / 3842-1370 (Rev A1) Transistors 1950 million Process Technology 40 nm Die Size 320 mm2 Bus Type PCI Express 2.0 x16 @ 1.1 x16 Memory Size 1 GB GPU Clock (Geometric Domain) 405 MHz (original: 720 MHz) GPU Clock (Shader Domain) 810 MHz (original: 1440 MHz) RAMDAC Clock 400 MHz Pixel Pipelines 32 Texture Mapping Units 56 Unified Shaders 336 (v5.0) DirectX Hardware Support DirectX v11 Pixel Fillrate 12960 MPixel/s Texel Fillrate 22680 MTexel/s Memory Bus Properties: Bus Type GDDR5 Bus Width 256-bit Real Clock 900 MHz (QDR) (original: 900 MHz) Effective Clock 3600 MHz Bandwidth 112.5 GB/s Utilization: GPU 5% Memory Controller 1% Video Engine 0% Dedicated Memory 178 MB Dynamic Memory 36 MB nVIDIA ForceWare Clocks: Level #1 GPU: 50 MHz, Shader: 101 MHz, Memory: 135 MHz Level #2 GPU: 405 MHz, Shader: 810 MHz, Memory: 324 MHz Level #3 GPU: 405 MHz, Shader: 810 MHz, Memory: 1800 MHz Level #4 GPU: 720 MHz, Shader: 1440 MHz, Memory: 1800 MHz Graphics Processor Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates nVIDIA GPU Registers: nv-000000 0C4100A1 nv-0010F0 00000000 nv-001218 00000000 nv-001540 00000000 nv-0015F4 00000000 nv-0015F8 00000000 nv-0015FC 00000000 nv-001600 00000000 nv-001850 00000000 nv-004000 00000000 nv-004004 00000000 nv-004008 00000000 nv-00400C 00000000 nv-004018 00000000 nv-00401C 00000000 nv-004020 00000000 nv-004024 00000000 nv-004028 00000000 nv-00402C 00000000 nv-004120 00000000 nv-004124 00000000 nv-004128 00000000 nv-004200 00000000 nv-004220 00000000 nv-00C040 00000000 nv-00E114 0000021C nv-00E118 00000120 nv-00E11C 00000001 nv-00E120 00000000 nv-00E728 0018001F nv-00E820 01030005 nv-00E8A0 00000000 nv-020008 C00838AA nv-020014 FA3E0393 nv-020400 00000049 nv-022438 00000004 nv-02243C 00000000 nv-022554 00000000 nv-100000 00000000 nv-100200 00000000 nv-10020C 00000000 nv-100214 00000000 nv-100474 00000000 nv-100714 00000403 nv-100914 00000000 nv-101000 A040488A nv-10F290 0C384128 nv-10F294 34A3028E nv-10F590 00100204 nv-121C74 00000004 nv-300000 EB78AA55 nv-310000 00000000 nv-419E9C 00000330 nv-700000 00004840 nv-7E0000 EB78AA55 [ nVIDIA SLI ] nVIDIA SLI: SLI Status Disabled --------[ Monitor ]----------------------------------------------------------------------------------------------------- [ eMachines E15T4 ] Monitor Properties: Monitor Name eMachines E15T4 Monitor ID EMA061C Model e15t4 Monitor Type 15" LCD (XGA) Manufacture Date Week 25 / 2006 Serial Number H66 50V 00910 Max. Visible Display Size 30 cm x 23 cm (14.9") Picture Aspect Ratio 4:3 Horizontal Frequency 30 - 60 kHz Vertical Frequency 56 - 76 Hz Maximum Pixel Clock 80 MHz Maximum Resolution 1024 x 768 Gamma 2.37 DPMS Mode Support Standby, Suspend, Active-Off Supported Video Modes: 640 x 480 76 Hz 800 x 480 76 Hz 800 x 600 76 Hz 1024 x 600 76 Hz 1024 x 768 70 Hz [ Hannstar HF199H ] Monitor Properties: Monitor Name Hannstar HF199H Monitor ID HSD1843 Model HF199H Monitor Type 19" LCD (WXGA+) Manufacture Date Week 25 / 2008 Serial Number OHM0200011782 Max. Visible Display Size 45 cm x 26 cm (20.5") Picture Aspect Ratio 16:9 Horizontal Frequency 30 - 83 kHz Vertical Frequency 55 - 75 Hz Maximum Pixel Clock 140 MHz Maximum Resolution 1440 x 900 Gamma 2.20 DPMS Mode Support Active-Off Supported Video Modes: 640 x 480 75 Hz 800 x 480 75 Hz 800 x 600 75 Hz 1024 x 600 75 Hz 1024 x 768 75 Hz 1152 x 864 75 Hz 1280 x 720 75 Hz 1280 x 768 75 Hz 1280 x 800 75 Hz 1366 x 768 75 Hz 1440 x 900 75 Hz --------[ Desktop ]----------------------------------------------------------------------------------------------------- Desktop Properties: Device Technology Raster Display Resolution 1440 x 900 Color Depth 32-bit Color Planes 1 Font Resolution 96 dpi Pixel Width / Height 36 / 36 Pixel Diagonal 51 Vertical Refresh Rate 75 Hz Desktop Wallpaper C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Desktop Effects: Combo-Box Animation Enabled Drop Shadow Effect Enabled Flat Menu Effect Enabled Font Smoothing Enabled ClearType Enabled Full Window Dragging Enabled Gradient Window Title Bars Enabled Hide Menu Access Keys Enabled Hot Tracking Effect Enabled Icon Title Wrapping Enabled List-Box Smooth Scrolling Enabled Menu Animation Enabled Menu Fade Effect Enabled Minimize/Restore Animation Enabled Mouse Cursor Shadow Enabled Selection Fade Effect Enabled ShowSounds Accessibility Feature Disabled ToolTip Animation Enabled ToolTip Fade Effect Enabled Windows Aero Enabled Windows Plus! Extension Disabled --------[ Multi-Monitor ]----------------------------------------------------------------------------------------------- \\.\DISPLAY1 Yes (0,0) (1440,900) \\.\DISPLAY2 No (1440,0) (2464,768) --------[ Video Modes ]------------------------------------------------------------------------------------------------- 640 x 480 8-bit 59 Hz 640 x 480 8-bit 60 Hz 640 x 480 8-bit 72 Hz 640 x 480 8-bit 75 Hz 640 x 480 16-bit 59 Hz 640 x 480 16-bit 60 Hz 640 x 480 16-bit 72 Hz 640 x 480 16-bit 75 Hz 640 x 480 32-bit 59 Hz 640 x 480 32-bit 60 Hz 640 x 480 32-bit 72 Hz 640 x 480 32-bit 75 Hz 720 x 480 8-bit 59 Hz 720 x 480 8-bit 60 Hz 720 x 480 16-bit 59 Hz 720 x 480 16-bit 60 Hz 720 x 480 32-bit 59 Hz 720 x 480 32-bit 60 Hz 720 x 576 8-bit 50 Hz 720 x 576 16-bit 50 Hz 720 x 576 32-bit 50 Hz 800 x 600 8-bit 56 Hz 800 x 600 8-bit 60 Hz 800 x 600 8-bit 72 Hz 800 x 600 8-bit 75 Hz 800 x 600 16-bit 56 Hz 800 x 600 16-bit 60 Hz 800 x 600 16-bit 72 Hz 800 x 600 16-bit 75 Hz 800 x 600 32-bit 56 Hz 800 x 600 32-bit 60 Hz 800 x 600 32-bit 72 Hz 800 x 600 32-bit 75 Hz 1024 x 768 8-bit 60 Hz 1024 x 768 8-bit 70 Hz 1024 x 768 8-bit 72 Hz 1024 x 768 8-bit 75 Hz 1024 x 768 16-bit 60 Hz 1024 x 768 16-bit 70 Hz 1024 x 768 16-bit 72 Hz 1024 x 768 16-bit 75 Hz 1024 x 768 32-bit 60 Hz 1024 x 768 32-bit 70 Hz 1024 x 768 32-bit 72 Hz 1024 x 768 32-bit 75 Hz 1152 x 864 8-bit 75 Hz 1152 x 864 16-bit 75 Hz 1152 x 864 32-bit 75 Hz 1176 x 664 8-bit 50 Hz 1176 x 664 8-bit 50 Hz 1176 x 664 8-bit 50 Hz 1176 x 664 8-bit 59 Hz 1176 x 664 8-bit 59 Hz 1176 x 664 8-bit 59 Hz 1176 x 664 8-bit 60 Hz 1176 x 664 8-bit 60 Hz 1176 x 664 8-bit 60 Hz 1176 x 664 16-bit 50 Hz 1176 x 664 16-bit 50 Hz 1176 x 664 16-bit 50 Hz 1176 x 664 16-bit 59 Hz 1176 x 664 16-bit 59 Hz 1176 x 664 16-bit 59 Hz 1176 x 664 16-bit 60 Hz 1176 x 664 16-bit 60 Hz 1176 x 664 16-bit 60 Hz 1176 x 664 32-bit 50 Hz 1176 x 664 32-bit 50 Hz 1176 x 664 32-bit 50 Hz 1176 x 664 32-bit 59 Hz 1176 x 664 32-bit 59 Hz 1176 x 664 32-bit 59 Hz 1176 x 664 32-bit 60 Hz 1176 x 664 32-bit 60 Hz 1176 x 664 32-bit 60 Hz 1280 x 720 8-bit 50 Hz 1280 x 720 8-bit 59 Hz 1280 x 720 8-bit 60 Hz 1280 x 720 16-bit 50 Hz 1280 x 720 16-bit 59 Hz 1280 x 720 16-bit 60 Hz 1280 x 720 32-bit 50 Hz 1280 x 720 32-bit 59 Hz 1280 x 720 32-bit 60 Hz 1280 x 768 8-bit 60 Hz 1280 x 768 8-bit 60 Hz 1280 x 768 8-bit 60 Hz 1280 x 768 8-bit 75 Hz 1280 x 768 8-bit 75 Hz 1280 x 768 8-bit 75 Hz 1280 x 768 16-bit 60 Hz 1280 x 768 16-bit 60 Hz 1280 x 768 16-bit 60 Hz 1280 x 768 16-bit 75 Hz 1280 x 768 16-bit 75 Hz 1280 x 768 16-bit 75 Hz 1280 x 768 32-bit 60 Hz 1280 x 768 32-bit 60 Hz 1280 x 768 32-bit 60 Hz 1280 x 768 32-bit 75 Hz 1280 x 768 32-bit 75 Hz 1280 x 768 32-bit 75 Hz 1280 x 800 8-bit 60 Hz 1280 x 800 8-bit 60 Hz 1280 x 800 8-bit 60 Hz 1280 x 800 8-bit 75 Hz 1280 x 800 8-bit 75 Hz 1280 x 800 8-bit 75 Hz 1280 x 800 16-bit 60 Hz 1280 x 800 16-bit 60 Hz 1280 x 800 16-bit 60 Hz 1280 x 800 16-bit 75 Hz 1280 x 800 16-bit 75 Hz 1280 x 800 16-bit 75 Hz 1280 x 800 32-bit 60 Hz 1280 x 800 32-bit 60 Hz 1280 x 800 32-bit 60 Hz 1280 x 800 32-bit 75 Hz 1280 x 800 32-bit 75 Hz 1280 x 800 32-bit 75 Hz 1280 x 960 8-bit 60 Hz 1280 x 960 8-bit 60 Hz 1280 x 960 8-bit 60 Hz 1280 x 960 8-bit 75 Hz 1280 x 960 8-bit 75 Hz 1280 x 960 8-bit 75 Hz 1280 x 960 16-bit 60 Hz 1280 x 960 16-bit 60 Hz 1280 x 960 16-bit 60 Hz 1280 x 960 16-bit 75 Hz 1280 x 960 16-bit 75 Hz 1280 x 960 16-bit 75 Hz 1280 x 960 32-bit 60 Hz 1280 x 960 32-bit 60 Hz 1280 x 960 32-bit 60 Hz 1280 x 960 32-bit 75 Hz 1280 x 960 32-bit 75 Hz 1280 x 960 32-bit 75 Hz 1280 x 1024 8-bit 60 Hz 1280 x 1024 8-bit 75 Hz 1280 x 1024 16-bit 60 Hz 1280 x 1024 16-bit 75 Hz 1280 x 1024 32-bit 60 Hz 1280 x 1024 32-bit 75 Hz 1360 x 768 8-bit 60 Hz 1360 x 768 8-bit 60 Hz 1360 x 768 8-bit 60 Hz 1360 x 768 8-bit 75 Hz 1360 x 768 8-bit 75 Hz 1360 x 768 8-bit 75 Hz 1360 x 768 16-bit 60 Hz 1360 x 768 16-bit 60 Hz 1360 x 768 16-bit 60 Hz 1360 x 768 16-bit 75 Hz 1360 x 768 16-bit 75 Hz 1360 x 768 16-bit 75 Hz 1360 x 768 32-bit 60 Hz 1360 x 768 32-bit 60 Hz 1360 x 768 32-bit 60 Hz 1360 x 768 32-bit 75 Hz 1360 x 768 32-bit 75 Hz 1360 x 768 32-bit 75 Hz 1366 x 768 8-bit 60 Hz 1366 x 768 8-bit 60 Hz 1366 x 768 8-bit 60 Hz 1366 x 768 8-bit 75 Hz 1366 x 768 8-bit 75 Hz 1366 x 768 8-bit 75 Hz 1366 x 768 16-bit 60 Hz 1366 x 768 16-bit 60 Hz 1366 x 768 16-bit 60 Hz 1366 x 768 16-bit 75 Hz 1366 x 768 16-bit 75 Hz 1366 x 768 16-bit 75 Hz 1366 x 768 32-bit 60 Hz 1366 x 768 32-bit 60 Hz 1366 x 768 32-bit 60 Hz 1366 x 768 32-bit 75 Hz 1366 x 768 32-bit 75 Hz 1366 x 768 32-bit 75 Hz 1440 x 480 8-bit 60 Hz 1440 x 480 8-bit 60 Hz 1440 x 480 8-bit 60 Hz 1440 x 480 8-bit 75 Hz 1440 x 480 8-bit 75 Hz 1440 x 480 8-bit 75 Hz 1440 x 480 16-bit 60 Hz 1440 x 480 16-bit 60 Hz 1440 x 480 16-bit 60 Hz 1440 x 480 16-bit 75 Hz 1440 x 480 16-bit 75 Hz 1440 x 480 16-bit 75 Hz 1440 x 480 32-bit 60 Hz 1440 x 480 32-bit 60 Hz 1440 x 480 32-bit 60 Hz 1440 x 480 32-bit 75 Hz 1440 x 480 32-bit 75 Hz 1440 x 480 32-bit 75 Hz 1440 x 576 8-bit 60 Hz 1440 x 576 8-bit 60 Hz 1440 x 576 8-bit 60 Hz 1440 x 576 8-bit 75 Hz 1440 x 576 8-bit 75 Hz 1440 x 576 8-bit 75 Hz 1440 x 576 16-bit 60 Hz 1440 x 576 16-bit 60 Hz 1440 x 576 16-bit 60 Hz 1440 x 576 16-bit 75 Hz 1440 x 576 16-bit 75 Hz 1440 x 576 16-bit 75 Hz 1440 x 576 32-bit 60 Hz 1440 x 576 32-bit 60 Hz 1440 x 576 32-bit 60 Hz 1440 x 576 32-bit 75 Hz 1440 x 576 32-bit 75 Hz 1440 x 576 32-bit 75 Hz 1440 x 900 8-bit 60 Hz 1440 x 900 8-bit 75 Hz 1440 x 900 16-bit 60 Hz 1440 x 900 16-bit 75 Hz 1440 x 900 32-bit 60 Hz 1440 x 900 32-bit 75 Hz 1600 x 900 8-bit 25 Hz 1600 x 900 8-bit 25 Hz 1600 x 900 8-bit 25 Hz 1600 x 900 8-bit 29 Hz 1600 x 900 8-bit 29 Hz 1600 x 900 8-bit 29 Hz 1600 x 900 8-bit 30 Hz 1600 x 900 8-bit 30 Hz 1600 x 900 8-bit 30 Hz 1600 x 900 8-bit 50 Hz 1600 x 900 8-bit 50 Hz 1600 x 900 8-bit 50 Hz 1600 x 900 8-bit 59 Hz 1600 x 900 8-bit 59 Hz 1600 x 900 8-bit 59 Hz 1600 x 900 8-bit 60 Hz 1600 x 900 8-bit 60 Hz 1600 x 900 8-bit 60 Hz 1600 x 900 16-bit 25 Hz 1600 x 900 16-bit 25 Hz 1600 x 900 16-bit 25 Hz 1600 x 900 16-bit 29 Hz 1600 x 900 16-bit 29 Hz 1600 x 900 16-bit 29 Hz 1600 x 900 16-bit 30 Hz 1600 x 900 16-bit 30 Hz 1600 x 900 16-bit 30 Hz 1600 x 900 16-bit 50 Hz 1600 x 900 16-bit 50 Hz 1600 x 900 16-bit 50 Hz 1600 x 900 16-bit 59 Hz 1600 x 900 16-bit 59 Hz 1600 x 900 16-bit 59 Hz 1600 x 900 16-bit 60 Hz 1600 x 900 16-bit 60 Hz 1600 x 900 16-bit 60 Hz 1600 x 900 32-bit 25 Hz 1600 x 900 32-bit 25 Hz 1600 x 900 32-bit 25 Hz 1600 x 900 32-bit 29 Hz 1600 x 900 32-bit 29 Hz 1600 x 900 32-bit 29 Hz 1600 x 900 32-bit 30 Hz 1600 x 900 32-bit 30 Hz 1600 x 900 32-bit 30 Hz 1600 x 900 32-bit 50 Hz 1600 x 900 32-bit 50 Hz 1600 x 900 32-bit 50 Hz 1600 x 900 32-bit 59 Hz 1600 x 900 32-bit 59 Hz 1600 x 900 32-bit 59 Hz 1600 x 900 32-bit 60 Hz 1600 x 900 32-bit 60 Hz 1600 x 900 32-bit 60 Hz 1600 x 1024 8-bit 25 Hz 1600 x 1024 8-bit 25 Hz 1600 x 1024 8-bit 25 Hz 1600 x 1024 8-bit 29 Hz 1600 x 1024 8-bit 29 Hz 1600 x 1024 8-bit 29 Hz 1600 x 1024 8-bit 30 Hz 1600 x 1024 8-bit 30 Hz 1600 x 1024 8-bit 30 Hz 1600 x 1024 8-bit 50 Hz 1600 x 1024 8-bit 50 Hz 1600 x 1024 8-bit 50 Hz 1600 x 1024 8-bit 59 Hz 1600 x 1024 8-bit 59 Hz 1600 x 1024 8-bit 59 Hz 1600 x 1024 8-bit 60 Hz 1600 x 1024 8-bit 60 Hz 1600 x 1024 8-bit 60 Hz 1600 x 1024 16-bit 25 Hz 1600 x 1024 16-bit 25 Hz 1600 x 1024 16-bit 25 Hz 1600 x 1024 16-bit 29 Hz 1600 x 1024 16-bit 29 Hz 1600 x 1024 16-bit 29 Hz 1600 x 1024 16-bit 30 Hz 1600 x 1024 16-bit 30 Hz 1600 x 1024 16-bit 30 Hz 1600 x 1024 16-bit 50 Hz 1600 x 1024 16-bit 50 Hz 1600 x 1024 16-bit 50 Hz 1600 x 1024 16-bit 59 Hz 1600 x 1024 16-bit 59 Hz 1600 x 1024 16-bit 59 Hz 1600 x 1024 16-bit 60 Hz 1600 x 1024 16-bit 60 Hz 1600 x 1024 16-bit 60 Hz 1600 x 1024 32-bit 25 Hz 1600 x 1024 32-bit 25 Hz 1600 x 1024 32-bit 25 Hz 1600 x 1024 32-bit 29 Hz 1600 x 1024 32-bit 29 Hz 1600 x 1024 32-bit 29 Hz 1600 x 1024 32-bit 30 Hz 1600 x 1024 32-bit 30 Hz 1600 x 1024 32-bit 30 Hz 1600 x 1024 32-bit 50 Hz 1600 x 1024 32-bit 50 Hz 1600 x 1024 32-bit 50 Hz 1600 x 1024 32-bit 59 Hz 1600 x 1024 32-bit 59 Hz 1600 x 1024 32-bit 59 Hz 1600 x 1024 32-bit 60 Hz 1600 x 1024 32-bit 60 Hz 1600 x 1024 32-bit 60 Hz 1680 x 1050 8-bit 25 Hz 1680 x 1050 8-bit 25 Hz 1680 x 1050 8-bit 25 Hz 1680 x 1050 8-bit 29 Hz 1680 x 1050 8-bit 29 Hz 1680 x 1050 8-bit 29 Hz 1680 x 1050 8-bit 30 Hz 1680 x 1050 8-bit 30 Hz 1680 x 1050 8-bit 30 Hz 1680 x 1050 8-bit 50 Hz 1680 x 1050 8-bit 50 Hz 1680 x 1050 8-bit 50 Hz 1680 x 1050 8-bit 59 Hz 1680 x 1050 8-bit 59 Hz 1680 x 1050 8-bit 59 Hz 1680 x 1050 8-bit 60 Hz 1680 x 1050 8-bit 60 Hz 1680 x 1050 8-bit 60 Hz 1680 x 1050 16-bit 25 Hz 1680 x 1050 16-bit 25 Hz 1680 x 1050 16-bit 25 Hz 1680 x 1050 16-bit 29 Hz 1680 x 1050 16-bit 29 Hz 1680 x 1050 16-bit 29 Hz 1680 x 1050 16-bit 30 Hz 1680 x 1050 16-bit 30 Hz 1680 x 1050 16-bit 30 Hz 1680 x 1050 16-bit 50 Hz 1680 x 1050 16-bit 50 Hz 1680 x 1050 16-bit 50 Hz 1680 x 1050 16-bit 59 Hz 1680 x 1050 16-bit 59 Hz 1680 x 1050 16-bit 59 Hz 1680 x 1050 16-bit 60 Hz 1680 x 1050 16-bit 60 Hz 1680 x 1050 16-bit 60 Hz 1680 x 1050 32-bit 25 Hz 1680 x 1050 32-bit 25 Hz 1680 x 1050 32-bit 25 Hz 1680 x 1050 32-bit 29 Hz 1680 x 1050 32-bit 29 Hz 1680 x 1050 32-bit 29 Hz 1680 x 1050 32-bit 30 Hz 1680 x 1050 32-bit 30 Hz 1680 x 1050 32-bit 30 Hz 1680 x 1050 32-bit 50 Hz 1680 x 1050 32-bit 50 Hz 1680 x 1050 32-bit 50 Hz 1680 x 1050 32-bit 59 Hz 1680 x 1050 32-bit 59 Hz 1680 x 1050 32-bit 59 Hz 1680 x 1050 32-bit 60 Hz 1680 x 1050 32-bit 60 Hz 1680 x 1050 32-bit 60 Hz 1768 x 992 8-bit 25 Hz 1768 x 992 8-bit 25 Hz 1768 x 992 8-bit 25 Hz 1768 x 992 8-bit 29 Hz 1768 x 992 8-bit 29 Hz 1768 x 992 8-bit 29 Hz 1768 x 992 8-bit 30 Hz 1768 x 992 8-bit 30 Hz 1768 x 992 8-bit 30 Hz 1768 x 992 16-bit 25 Hz 1768 x 992 16-bit 25 Hz 1768 x 992 16-bit 25 Hz 1768 x 992 16-bit 29 Hz 1768 x 992 16-bit 29 Hz 1768 x 992 16-bit 29 Hz 1768 x 992 16-bit 30 Hz 1768 x 992 16-bit 30 Hz 1768 x 992 16-bit 30 Hz 1768 x 992 32-bit 25 Hz 1768 x 992 32-bit 25 Hz 1768 x 992 32-bit 25 Hz 1768 x 992 32-bit 29 Hz 1768 x 992 32-bit 29 Hz 1768 x 992 32-bit 29 Hz 1768 x 992 32-bit 30 Hz 1768 x 992 32-bit 30 Hz 1768 x 992 32-bit 30 Hz 1920 x 1080 8-bit 25 Hz 1920 x 1080 8-bit 29 Hz 1920 x 1080 8-bit 30 Hz 1920 x 1080 8-bit 50 Hz 1920 x 1080 8-bit 59 Hz 1920 x 1080 8-bit 60 Hz 1920 x 1080 16-bit 25 Hz 1920 x 1080 16-bit 29 Hz 1920 x 1080 16-bit 30 Hz 1920 x 1080 16-bit 50 Hz 1920 x 1080 16-bit 59 Hz 1920 x 1080 16-bit 60 Hz 1920 x 1080 32-bit 25 Hz 1920 x 1080 32-bit 29 Hz 1920 x 1080 32-bit 30 Hz 1920 x 1080 32-bit 50 Hz 1920 x 1080 32-bit 59 Hz 1920 x 1080 32-bit 60 Hz --------[ OpenGL ]------------------------------------------------------------------------------------------------------ OpenGL Properties: Vendor NVIDIA Corporation Renderer GeForce GTX 460/PCIe/SSE2 Version 4.4.0 Shading Language Version 4.40 NVIDIA via Cg compiler OpenGL DLL 6.1.7600.16385(win7_rtm.090713-1255) Multitexture Texture Units 4 Occlusion Query Counter Bits 32 Sub-Pixel Precision 8-bit Max Viewport Size 16384 x 16384 Max Cube Map Texture Size 16384 x 16384 Max Rectangle Texture Size 16384 x 16384 Max 3D Texture Size 2048 x 2048 x 2048 Max Anisotropy 16 Max Clipping Planes 8 Max Display-List Nesting Level 64 Max Draw Buffers 8 Max Evaluator Order 8 Max General Register Combiners 8 Max Light Sources 8 Max Pixel Map Table Size 65536 Min / Max Program Texel Offset -8 / 7 Max Texture Array Layers 2048 Max Texture LOD Bias 15 Max Vertex Array Range Element Size 1048575 OpenGL Compliancy: OpenGL 1.1 Yes (100%) OpenGL 1.2 Yes (100%) OpenGL 1.3 Yes (100%) OpenGL 1.4 Yes (100%) OpenGL 1.5 Yes (100%) OpenGL 2.0 Yes (100%) OpenGL 2.1 Yes (100%) OpenGL 3.0 Yes (100%) OpenGL 3.1 Yes (100%) OpenGL 3.2 Yes (100%) OpenGL 3.3 Yes (100%) OpenGL 4.0 Yes (100%) OpenGL 4.1 Yes (100%) OpenGL 4.2 Yes (100%) OpenGL 4.3 Yes (100%) Max Stack Depth: Attribute Stack 16 Client Attribute Stack 16 Modelview Matrix Stack 32 Name Stack 128 Projection Matrix Stack 4 Texture Matrix Stack 10 Draw Range Elements: Max Index Count 1048576 Max Vertex Count 1048576 Extended Lighting Parameters: Max Shininess 128 Max Spot Exponent 128 Transform Feedback: Max Interleaved Components 128 Max Separate Attributes 4 Max Separate Components 4 Framebuffer Object: Max Color Attachments 8 Max Render Buffer Size 16384 x 16384 Imaging: Max Color Matrix Stack Depth 2 Max Convolution Width / Height 11 / 11 Vertex Shader: Max Uniform Vertex Components 4096 Max Varying Floats 124 Max Vertex Texture Image Units 32 Max Combined Texture Image Units 192 Geometry Shader: Max Geometry Texture Units 32 Max Varying Components 124 Max Geometry Varying Components 124 Max Vertex Varying Components 124 Max Geometry Uniform Components 2048 Max Geometry Output Vertices 1024 Max Geometry Total Output Components 1024 Fragment Shader: Max Uniform Fragment Components 2048 Vertex Program: Max Local Parameters 1024 Max Environment Parameters 256 Max Program Matrices 8 Max Program Matrix Stack Depth 1 Max Tracking Matrices 8 Max Tracking Matrix Stack Depth 1 Max Vertex Attributes 16 Max Instructions 16384 Max Native Instructions 16384 Max Temporaries 4096 Max Native Temporaries 4096 Max Parameters 1024 Max Native Parameters 1024 Max Attributes 16 Max Native Attributes 16 Max Address Registers 2 Max Native Address Registers 2 Fragment Program: Max Local Parameters 512 Max Environment Parameters 256 Max Texture Coordinates 8 Max Texture Image Units 32 Max Instructions 16384 Max Native Instructions 16384 Max Temporaries 4096 Max Native Temporaries 4096 Max Parameters 1024 Max Native Parameters 1024 Max Attributes 16 Max Native Attributes 16 Max Address Registers 1 Max Native Address Registers 1 Max ALU Instructions 16384 Max Native ALU Instructions 16384 Max Texture Instructions 16384 Max Native Texture Instructions 16384 Max Texture Indirections 16384 Max Native Texture Indirections 16384 Max Execution Instructions 16777216 Max Call Stack Depth 32 Max If Statement Depth 64 Max Loop Depth 64 Max Loop Count 16777216 OpenGL Extensions: Total / Supported Extensions 829 / 312 GL_3DFX_multisample Not Supported GL_3DFX_tbuffer Not Supported GL_3DFX_texture_compression_FXT1 Not Supported GL_3DL_direct_texture_access2 Not Supported GL_3Dlabs_multisample_transparency_id Not Supported GL_3Dlabs_multisample_transparency_range Not Supported GL_AMD_blend_minmax_factor Not Supported GL_AMD_compressed_3DC_texture Not Supported GL_AMD_compressed_ATC_texture Not Supported GL_AMD_conservative_depth Not Supported GL_AMD_debug_output Not Supported GL_AMD_depth_clamp_separate Not Supported GL_AMD_draw_buffers_blend Not Supported GL_AMD_multi_draw_indirect Supported GL_AMD_name_gen_delete Not Supported GL_AMD_performance_monitor Not Supported GL_AMD_pinned_memory Not Supported GL_AMD_program_binary_Z400 Not Supported GL_AMD_query_buffer_object Not Supported GL_AMD_sample_positions Not Supported GL_AMD_seamless_cubemap_per_texture Not Supported GL_AMD_shader_stencil_export Not Supported GL_AMD_shader_stencil_value_export Not Supported GL_AMD_shader_trace Not Supported GL_AMD_shader_trinary_minmax Not Supported GL_AMD_sparse_texture Not Supported GL_AMD_stencil_operation_extended Not Supported GL_AMD_texture_compression_dxt6 Not Supported GL_AMD_texture_compression_dxt7 Not Supported GL_AMD_texture_cube_map_array Not Supported GL_AMD_texture_texture4 Not Supported GL_AMD_transform_feedback3_lines_triangles Not Supported GL_AMD_transform_feedback4 Not Supported GL_AMD_vertex_shader_layer Not Supported GL_AMD_vertex_shader_tessellator Not Supported GL_AMD_vertex_shader_viewport_index Not Supported GL_AMDX_debug_output Not Supported GL_AMDX_name_gen_delete Not Supported GL_AMDX_random_access_target Not Supported GL_AMDX_vertex_shader_tessellator Not Supported GL_ANGLE_framebuffer_blit Not Supported GL_ANGLE_framebuffer_multisample Not Supported GL_ANGLE_instanced_arrays Not Supported GL_ANGLE_pack_reverse_row_order Not Supported GL_ANGLE_texture_compression_dxt3 Not Supported GL_ANGLE_texture_compression_dxt5 Not Supported GL_ANGLE_texture_usage Not Supported GL_ANGLE_translated_shader_source Not Supported GL_APPLE_aux_depth_stencil Not Supported GL_APPLE_client_storage Not Supported GL_APPLE_copy_texture_levels Not Supported GL_APPLE_element_array Not Supported GL_APPLE_fence Not Supported GL_APPLE_float_pixels Not Supported GL_APPLE_flush_buffer_range Not Supported GL_APPLE_flush_render Not Supported GL_APPLE_framebuffer_multisample Not Supported GL_APPLE_object_purgeable Not Supported GL_APPLE_packed_pixel Not Supported GL_APPLE_packed_pixels Not Supported GL_APPLE_pixel_buffer Not Supported GL_APPLE_rgb_422 Not Supported GL_APPLE_specular_vector Not Supported GL_APPLE_sync Not Supported GL_APPLE_texture_2D_limited_npot Not Supported GL_APPLE_texture_format_BGRA8888 Not Supported GL_APPLE_texture_max_level Not Supported GL_APPLE_texture_range Not Supported GL_APPLE_transform_hint Not Supported GL_APPLE_vertex_array_object Not Supported GL_APPLE_vertex_array_range Not Supported GL_APPLE_vertex_program_evaluators Not Supported GL_APPLE_ycbcr_422 Not Supported GL_ARB_arrays_of_arrays Supported GL_ARB_base_instance Supported GL_ARB_blend_func_extended Supported GL_ARB_buffer_storage Supported GL_ARB_clear_buffer_object Supported GL_ARB_clear_texture Supported GL_ARB_color_buffer_float Supported GL_ARB_compatibility Supported GL_ARB_compressed_texture_pixel_storage Supported GL_ARB_compute_shader Supported GL_ARB_compute_variable_group_size Supported GL_ARB_conservative_depth Supported GL_ARB_copy_buffer Supported GL_ARB_copy_image Supported GL_ARB_debug_group Not Supported GL_ARB_debug_label Not Supported GL_ARB_debug_output Supported GL_ARB_debug_output2 Not Supported GL_ARB_depth_buffer_float Supported GL_ARB_depth_clamp Supported GL_ARB_depth_texture Supported GL_ARB_draw_buffers Supported GL_ARB_draw_buffers_blend Supported GL_ARB_draw_elements_base_vertex Supported GL_ARB_draw_indirect Supported GL_ARB_draw_instanced Supported GL_ARB_enhanced_layouts Supported GL_ARB_ES2_compatibility Supported GL_ARB_ES3_compatibility Supported GL_ARB_explicit_attrib_location Supported GL_ARB_explicit_uniform_location Supported GL_ARB_fragment_coord_conventions Supported GL_ARB_fragment_layer_viewport Supported GL_ARB_fragment_program Supported GL_ARB_fragment_program_shadow Supported GL_ARB_fragment_shader Supported GL_ARB_framebuffer_no_attachments Supported GL_ARB_framebuffer_object Supported GL_ARB_framebuffer_sRGB Supported GL_ARB_geometry_shader4 Supported GL_ARB_get_program_binary Supported GL_ARB_gpu_shader_fp64 Supported GL_ARB_gpu_shader5 Supported GL_ARB_half_float_pixel Supported GL_ARB_half_float_vertex Supported GL_ARB_imaging Supported GL_ARB_indirect_parameters Supported GL_ARB_instanced_arrays Supported GL_ARB_internalformat_query Supported GL_ARB_internalformat_query2 Supported GL_ARB_invalidate_subdata Supported GL_ARB_make_current_read Not Supported GL_ARB_map_buffer_alignment Supported GL_ARB_map_buffer_range Supported GL_ARB_matrix_palette Not Supported GL_ARB_multi_bind Supported GL_ARB_multi_draw_indirect Supported GL_ARB_multisample Supported GL_ARB_multitexture Supported GL_ARB_occlusion_query Supported GL_ARB_occlusion_query2 Supported GL_ARB_pixel_buffer_object Supported GL_ARB_point_parameters Supported GL_ARB_point_sprite Supported GL_ARB_program_interface_query Supported GL_ARB_provoking_vertex Supported GL_ARB_query_buffer_object Supported GL_ARB_robust_buffer_access_behavior Supported GL_ARB_robustness Supported GL_ARB_robustness_isolation Not Supported GL_ARB_sample_shading Supported GL_ARB_sampler_objects Supported GL_ARB_seamless_cube_map Supported GL_ARB_separate_shader_objects Supported GL_ARB_shader_atomic_counters Supported GL_ARB_shader_bit_encoding Supported GL_ARB_shader_draw_parameters Supported GL_ARB_shader_group_vote Supported GL_ARB_shader_image_load_store Supported GL_ARB_shader_image_size Supported GL_ARB_shader_objects Supported GL_ARB_shader_precision Supported GL_ARB_shader_stencil_export Not Supported GL_ARB_shader_storage_buffer_object Supported GL_ARB_shader_subroutine Supported GL_ARB_shader_texture_lod Supported GL_ARB_shading_language_100 Supported GL_ARB_shading_language_120 Not Supported GL_ARB_shading_language_420pack Supported GL_ARB_shading_language_include Supported GL_ARB_shading_language_packing Supported GL_ARB_shadow Supported GL_ARB_shadow_ambient Not Supported GL_ARB_sparse_texture Supported GL_ARB_stencil_texturing Supported GL_ARB_swap_buffers Not Supported GL_ARB_sync Supported GL_ARB_tessellation_shader Supported GL_ARB_texture_border_clamp Supported GL_ARB_texture_buffer_object Supported GL_ARB_texture_buffer_object_rgb32 Supported GL_ARB_texture_buffer_range Supported GL_ARB_texture_compression Supported GL_ARB_texture_compression_bptc Supported GL_ARB_texture_compression_rgtc Supported GL_ARB_texture_compression_rtgc Not Supported GL_ARB_texture_cube_map Supported GL_ARB_texture_cube_map_array Supported GL_ARB_texture_env_add Supported GL_ARB_texture_env_combine Supported GL_ARB_texture_env_crossbar Supported GL_ARB_texture_env_dot3 Supported GL_ARB_texture_float Supported GL_ARB_texture_gather Supported GL_ARB_texture_mirror_clamp_to_edge Supported GL_ARB_texture_mirrored_repeat Supported GL_ARB_texture_multisample Supported GL_ARB_texture_non_power_of_two Supported GL_ARB_texture_query_levels Supported GL_ARB_texture_query_lod Supported GL_ARB_texture_rectangle Supported GL_ARB_texture_rg Supported GL_ARB_texture_rgb10_a2ui Supported GL_ARB_texture_snorm Not Supported GL_ARB_texture_stencil8 Supported GL_ARB_texture_storage Supported GL_ARB_texture_storage_multisample Supported GL_ARB_texture_swizzle Supported GL_ARB_texture_view Supported GL_ARB_timer_query Supported GL_ARB_transform_feedback_instanced Supported GL_ARB_transform_feedback2 Supported GL_ARB_transform_feedback3 Supported GL_ARB_transpose_matrix Supported GL_ARB_uber_buffers Not Supported GL_ARB_uber_mem_image Not Supported GL_ARB_uber_vertex_array Not Supported GL_ARB_uniform_buffer_object Supported GL_ARB_vertex_array_bgra Supported GL_ARB_vertex_array_object Supported GL_ARB_vertex_attrib_64bit Supported GL_ARB_vertex_attrib_binding Supported GL_ARB_vertex_blend Not Supported GL_ARB_vertex_buffer_object Supported GL_ARB_vertex_program Supported GL_ARB_vertex_shader Supported GL_ARB_vertex_type_10f_11f_11f_rev Supported GL_ARB_vertex_type_2_10_10_10_rev Supported GL_ARB_viewport_array Supported GL_ARB_window_pos Supported GL_ARM_mali_program_binary Not Supported GL_ARM_mali_shader_binary Not Supported GL_ARM_rgba8 Not Supported GL_ATI_array_rev_comps_in_4_bytes Not Supported GL_ATI_blend_equation_separate Not Supported GL_ATI_blend_weighted_minmax Not Supported GL_ATI_draw_buffers Supported GL_ATI_element_array Not Supported GL_ATI_envmap_bumpmap Not Supported GL_ATI_fragment_shader Not Supported GL_ATI_lock_texture Not Supported GL_ATI_map_object_buffer Not Supported GL_ATI_meminfo Not Supported GL_ATI_pixel_format_float Not Supported GL_ATI_pn_triangles Not Supported GL_ATI_point_cull_mode Not Supported GL_ATI_separate_stencil Not Supported GL_ATI_shader_texture_lod Not Supported GL_ATI_text_fragment_shader Not Supported GL_ATI_texture_compression_3dc Not Supported GL_ATI_texture_env_combine3 Not Supported GL_ATI_texture_float Supported GL_ATI_texture_mirror_once Supported GL_ATI_vertex_array_object Not Supported GL_ATI_vertex_attrib_array_object Not Supported GL_ATI_vertex_blend Not Supported GL_ATI_vertex_shader Not Supported GL_ATI_vertex_streams Not Supported GL_ATIX_pn_triangles Not Supported GL_ATIX_texture_env_combine3 Not Supported GL_ATIX_texture_env_route Not Supported GL_ATIX_vertex_shader_output_point_size Not Supported GL_Autodesk_facet_normal Not Supported GL_Autodesk_valid_back_buffer_hint Not Supported GL_DIMD_YUV Not Supported GL_DMP_shader_binary Not Supported GL_EXT_422_pixels Not Supported GL_EXT_abgr Supported GL_EXT_bgra Supported GL_EXT_bindable_uniform Supported GL_EXT_blend_color Supported GL_EXT_blend_equation_separate Supported GL_EXT_blend_func_separate Supported GL_EXT_blend_logic_op Not Supported GL_EXT_blend_minmax Supported GL_EXT_blend_subtract Supported GL_EXT_Cg_shader Supported GL_EXT_clip_volume_hint Not Supported GL_EXT_cmyka Not Supported GL_EXT_color_buffer_half_float Not Supported GL_EXT_color_matrix Not Supported GL_EXT_color_subtable Not Supported GL_EXT_color_table Not Supported GL_EXT_compiled_vertex_array Supported GL_EXT_convolution Not Supported GL_EXT_convolution_border_modes Not Supported GL_EXT_coordinate_frame Not Supported GL_EXT_copy_buffer Not Supported GL_EXT_copy_texture Not Supported GL_EXT_cull_vertex Not Supported GL_EXT_debug_label Not Supported GL_EXT_debug_marker Not Supported GL_EXT_depth_bounds_test Supported GL_EXT_depth_buffer_float Not Supported GL_EXT_direct_state_access Supported GL_EXT_discard_framebuffer Not Supported GL_EXT_draw_buffers2 Supported GL_EXT_draw_indirect Not Supported GL_EXT_draw_instanced Supported GL_EXT_draw_range_elements Supported GL_EXT_fog_coord Supported GL_EXT_fog_function Not Supported GL_EXT_fog_offset Not Supported GL_EXT_frag_depth Not Supported GL_EXT_fragment_lighting Not Supported GL_EXT_framebuffer_blit Supported GL_EXT_framebuffer_multisample Supported GL_EXT_framebuffer_multisample_blit_scaled Supported GL_EXT_framebuffer_object Supported GL_EXT_framebuffer_sRGB Supported GL_EXT_generate_mipmap Not Supported GL_EXT_geometry_shader4 Supported GL_EXT_gpu_program_parameters Supported GL_EXT_gpu_shader_fp64 Not Supported GL_EXT_gpu_shader4 Supported GL_EXT_gpu_shader5 Not Supported GL_EXT_histogram Not Supported GL_EXT_import_sync_object Supported GL_EXT_index_array_formats Not Supported GL_EXT_index_func Not Supported GL_EXT_index_material Not Supported GL_EXT_index_texture Not Supported GL_EXT_interlace Not Supported GL_EXT_light_texture Not Supported GL_EXT_map_buffer_range Not Supported GL_EXT_misc_attribute Not Supported GL_EXT_multi_draw_arrays Supported GL_EXT_multisample Not Supported GL_EXT_multisampled_render_to_texture Not Supported GL_EXT_multiview_draw_buffers Not Supported GL_EXT_occlusion_query_boolean Not Supported GL_EXT_packed_depth_stencil Supported GL_EXT_packed_float Supported GL_EXT_packed_pixels Supported GL_EXT_packed_pixels_12 Not Supported GL_EXT_paletted_texture Not Supported GL_EXT_pixel_buffer_object Supported GL_EXT_pixel_format Not Supported GL_EXT_pixel_texture Not Supported GL_EXT_pixel_transform Not Supported GL_EXT_pixel_transform_color_table Not Supported GL_EXT_point_parameters Supported GL_EXT_polygon_offset Not Supported GL_EXT_provoking_vertex Supported GL_EXT_read_format_bgra Not Supported GL_EXT_rescale_normal Supported GL_EXT_robustness Not Supported GL_EXT_scene_marker Not Supported GL_EXT_secondary_color Supported GL_EXT_separate_shader_objects Supported GL_EXT_separate_specular_color Supported GL_EXT_shader_atomic_counters Not Supported GL_EXT_shader_framebuffer_fetch Not Supported GL_EXT_shader_image_load_store Supported GL_EXT_shader_subroutine Not Supported GL_EXT_shader_texture_lod Not Supported GL_EXT_shadow_funcs Supported GL_EXT_shadow_samplers Not Supported GL_EXT_shared_texture_palette Not Supported GL_EXT_sRGB Not Supported GL_EXT_static_vertex_array Not Supported GL_EXT_stencil_clear_tag Not Supported GL_EXT_stencil_two_side Supported GL_EXT_stencil_wrap Supported GL_EXT_subtexture Not Supported GL_EXT_swap_control Not Supported GL_EXT_tessellation_shader Not Supported GL_EXT_texgen_reflection Not Supported GL_EXT_texture Not Supported GL_EXT_texture_array Supported GL_EXT_texture_border_clamp Not Supported GL_EXT_texture_buffer_object Supported GL_EXT_texture_buffer_object_rgb32 Not Supported GL_EXT_texture_color_table Not Supported GL_EXT_texture_compression_bptc Not Supported GL_EXT_texture_compression_dxt1 Supported GL_EXT_texture_compression_latc Supported GL_EXT_texture_compression_rgtc Supported GL_EXT_texture_compression_s3tc Supported GL_EXT_texture_cube_map Supported GL_EXT_texture_edge_clamp Supported GL_EXT_texture_env Not Supported GL_EXT_texture_env_add Supported GL_EXT_texture_env_combine Supported GL_EXT_texture_env_dot3 Supported GL_EXT_texture_filter_anisotropic Supported GL_EXT_texture_format_BGRA8888 Not Supported GL_EXT_texture_integer Supported GL_EXT_texture_lod Supported GL_EXT_texture_lod_bias Supported GL_EXT_texture_mirror_clamp Supported GL_EXT_texture_object Supported GL_EXT_texture_perturb_normal Not Supported GL_EXT_texture_rectangle Not Supported GL_EXT_texture_rg Not Supported GL_EXT_texture_shared_exponent Supported GL_EXT_texture_snorm Not Supported GL_EXT_texture_sRGB Supported GL_EXT_texture_sRGB_decode Supported GL_EXT_texture_storage Supported GL_EXT_texture_swizzle Supported GL_EXT_texture_type_2_10_10_10_REV Not Supported GL_EXT_texture3D Supported GL_EXT_texture4D Not Supported GL_EXT_timer_query Supported GL_EXT_transform_feedback Not Supported GL_EXT_transform_feedback2 Supported GL_EXT_transform_feedback3 Not Supported GL_EXT_unpack_subimage Not Supported GL_EXT_vertex_array Supported GL_EXT_vertex_array_bgra Supported GL_EXT_vertex_array_set Not Supported GL_EXT_vertex_array_setXXX Not Supported GL_EXT_vertex_attrib_64bit Supported GL_EXT_vertex_shader Not Supported GL_EXT_vertex_weighting Not Supported GL_EXTX_framebuffer_mixed_formats Supported GL_EXTX_packed_depth_stencil Not Supported GL_FGL_lock_texture Not Supported GL_FJ_shader_binary_GCCSO Not Supported GL_GL2_geometry_shader Not Supported GL_GREMEDY_frame_terminator Not Supported GL_GREMEDY_string_marker Not Supported GL_HP_convolution_border_modes Not Supported GL_HP_image_transform Not Supported GL_HP_occlusion_test Not Supported GL_HP_texture_lighting Not Supported GL_I3D_argb Not Supported GL_I3D_color_clamp Not Supported GL_I3D_interlace_read Not Supported GL_IBM_clip_check Not Supported GL_IBM_cull_vertex Not Supported GL_IBM_load_named_matrix Not Supported GL_IBM_multi_draw_arrays Not Supported GL_IBM_multimode_draw_arrays Not Supported GL_IBM_occlusion_cull Not Supported GL_IBM_pixel_filter_hint Not Supported GL_IBM_rasterpos_clip Supported GL_IBM_rescale_normal Not Supported GL_IBM_static_data Not Supported GL_IBM_texture_clamp_nodraw Not Supported GL_IBM_texture_mirrored_repeat Supported GL_IBM_vertex_array_lists Not Supported GL_IBM_YCbCr Not Supported GL_IMG_multisampled_render_to_texture Not Supported GL_IMG_program_binary Not Supported GL_IMG_read_format Not Supported GL_IMG_shader_binary Not Supported GL_IMG_texture_compression_pvrtc Not Supported GL_IMG_texture_env_enhanced_fixed_function Not Supported GL_IMG_texture_format_BGRA8888 Not Supported GL_IMG_user_clip_plane Not Supported GL_IMG_vertex_program Not Supported GL_INGR_blend_func_separate Not Supported GL_INGR_color_clamp Not Supported GL_INGR_interlace_read Not Supported GL_INGR_multiple_palette Not Supported GL_INTEL_map_texture Not Supported GL_INTEL_parallel_arrays Not Supported GL_INTEL_performance_queries Not Supported GL_INTEL_texture_scissor Not Supported GL_KHR_debug Supported GL_KHR_texture_compression_astc_ldr Not Supported GL_KTX_buffer_region Supported GL_MESA_pack_invert Not Supported GL_MESA_program_debug Not Supported GL_MESA_resize_buffers Not Supported GL_MESA_window_pos Not Supported GL_MESA_ycbcr_texture Not Supported GL_MESAX_texture_stack Not Supported GL_MTX_fragment_shader Not Supported GL_MTX_precision_dpi Not Supported GL_NV_alpha_test Not Supported GL_NV_bindless_multi_draw_indirect Supported GL_NV_bindless_texture Not Supported GL_NV_blend_equation_advanced Supported GL_NV_blend_minmax Not Supported GL_NV_blend_square Supported GL_NV_centroid_sample Not Supported GL_NV_complex_primitives Not Supported GL_NV_compute_program5 Supported GL_NV_conditional_render Supported GL_NV_copy_depth_to_color Supported GL_NV_copy_image Supported GL_NV_coverage_sample Not Supported GL_NV_depth_buffer_float Supported GL_NV_depth_clamp Supported GL_NV_depth_nonlinear Not Supported GL_NV_depth_range_unclamped Not Supported GL_NV_draw_buffers Not Supported GL_NV_draw_texture Supported GL_NV_EGL_stream_consumer_external Not Supported GL_NV_ES1_1_compatibility Supported GL_NV_evaluators Not Supported GL_NV_explicit_multisample Supported GL_NV_fbo_color_attachments Not Supported GL_NV_fence Supported GL_NV_float_buffer Supported GL_NV_fog_distance Supported GL_NV_fragdepth Not Supported GL_NV_fragment_program Supported GL_NV_fragment_program_option Supported GL_NV_fragment_program2 Supported GL_NV_fragment_program4 Not Supported GL_NV_framebuffer_multisample_coverage Supported GL_NV_framebuffer_multisample_ex Not Supported GL_NV_geometry_program4 Not Supported GL_NV_geometry_shader4 Supported GL_NV_gpu_program_fp64 Supported GL_NV_gpu_program4 Supported GL_NV_gpu_program4_1 Supported GL_NV_gpu_program5 Supported GL_NV_gpu_program5_mem_extended Supported GL_NV_gpu_shader5 Supported GL_NV_half_float Supported GL_NV_light_max_exponent Supported GL_NV_multisample_coverage Supported GL_NV_multisample_filter_hint Supported GL_NV_occlusion_query Supported GL_NV_packed_depth_stencil Supported GL_NV_parameter_buffer_object Supported GL_NV_parameter_buffer_object2 Supported GL_NV_path_rendering Supported GL_NV_pixel_buffer_object Not Supported GL_NV_pixel_data_range Supported GL_NV_point_sprite Supported GL_NV_present_video Not Supported GL_NV_primitive_restart Supported GL_NV_read_buffer Not Supported GL_NV_read_depth_stencil Not Supported GL_NV_register_combiners Supported GL_NV_register_combiners2 Supported GL_NV_shader_atomic_counters Supported GL_NV_shader_atomic_float Supported GL_NV_shader_buffer_load Supported GL_NV_shader_buffer_store Not Supported GL_NV_shader_storage_buffer_object Supported GL_NV_tessellation_program5 Not Supported GL_NV_texgen_emboss Not Supported GL_NV_texgen_reflection Supported GL_NV_texture_barrier Supported GL_NV_texture_compression_latc Not Supported GL_NV_texture_compression_s3tc_update Not Supported GL_NV_texture_compression_vtc Supported GL_NV_texture_env_combine4 Supported GL_NV_texture_expand_normal Supported GL_NV_texture_lod_clamp Not Supported GL_NV_texture_multisample Supported GL_NV_texture_npot_2D_mipmap Not Supported GL_NV_texture_rectangle Supported GL_NV_texture_shader Supported GL_NV_texture_shader2 Supported GL_NV_texture_shader3 Supported GL_NV_timer_query Not Supported GL_NV_transform_feedback Supported GL_NV_transform_feedback2 Supported GL_NV_vdpau_interop Not Supported GL_NV_vertex_array_range Supported GL_NV_vertex_array_range2 Supported GL_NV_vertex_attrib_64bit Not Supported GL_NV_vertex_attrib_integer_64bit Supported GL_NV_vertex_buffer_unified_memory Supported GL_NV_vertex_program Supported GL_NV_vertex_program1_1 Supported GL_NV_vertex_program2 Supported GL_NV_vertex_program2_option Supported GL_NV_vertex_program3 Supported GL_NV_vertex_program4 Not Supported GL_NVX_conditional_render Supported GL_NVX_flush_hold Not Supported GL_NVX_gpu_memory_info Supported GL_NVX_instanced_arrays Not Supported GL_NVX_ycrcb Not Supported GL_OES_blend_equation_separate Not Supported GL_OES_blend_func_separate Not Supported GL_OES_blend_subtract Not Supported GL_OES_byte_coordinates Not Supported GL_OES_compressed_EAC_R11_signed_texture Not Supported GL_OES_compressed_EAC_R11_unsigned_texture Not Supported GL_OES_compressed_EAC_RG11_signed_texture Not Supported GL_OES_compressed_EAC_RG11_unsigned_texture Not Supported GL_OES_compressed_ETC1_RGB8_texture Not Supported GL_OES_compressed_ETC2_punchthroughA_RGBA8_textureNot Supported GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_textureNot Supported GL_OES_compressed_ETC2_RGB8_texture Not Supported GL_OES_compressed_ETC2_RGBA8_texture Not Supported GL_OES_compressed_ETC2_sRGB8_alpha8_texture Not Supported GL_OES_compressed_ETC2_sRGB8_texture Not Supported GL_OES_compressed_paletted_texture Not Supported GL_OES_conditional_query Not Supported GL_OES_depth_texture Not Supported GL_OES_depth24 Not Supported GL_OES_depth32 Not Supported GL_OES_draw_texture Not Supported GL_OES_EGL_image Not Supported GL_OES_EGL_image_external Not Supported GL_OES_EGL_sync Not Supported GL_OES_element_index_uint Not Supported GL_OES_extended_matrix_palette Not Supported GL_OES_fbo_render_mipmap Not Supported GL_OES_fixed_point Not Supported GL_OES_fragment_precision_high Not Supported GL_OES_framebuffer_object Not Supported GL_OES_get_program_binary Not Supported GL_OES_mapbuffer Not Supported GL_OES_matrix_get Not Supported GL_OES_matrix_palette Not Supported GL_OES_packed_depth_stencil Not Supported GL_OES_point_size_array Not Supported GL_OES_point_sprite Not Supported GL_OES_query_matrix Not Supported GL_OES_read_format Not Supported GL_OES_required_internalformat Not Supported GL_OES_rgb8_rgba8 Not Supported GL_OES_single_precision Not Supported GL_OES_standard_derivatives Not Supported GL_OES_stencil_wrap Not Supported GL_OES_stencil1 Not Supported GL_OES_stencil4 Not Supported GL_OES_stencil8 Not Supported GL_OES_surfaceless_context Not Supported GL_OES_texture_3D Not Supported GL_OES_texture_cube_map Not Supported GL_OES_texture_env_crossbar Not Supported GL_OES_texture_float Not Supported GL_OES_texture_float_linear Not Supported GL_OES_texture_half_float Not Supported GL_OES_texture_half_float_linear Not Supported GL_OES_texture_mirrored_repeat Not Supported GL_OES_texture_npot Not Supported GL_OES_vertex_array_object Not Supported GL_OES_vertex_half_float Not Supported GL_OES_vertex_type_10_10_10_2 Not Supported GL_OML_interlace Not Supported GL_OML_resample Not Supported GL_OML_subsample Not Supported GL_PGI_misc_hints Not Supported GL_PGI_vertex_hints Not Supported GL_QCOM_alpha_test Not Supported GL_QCOM_binning_control Not Supported GL_QCOM_driver_control Not Supported GL_QCOM_extended_get Not Supported GL_QCOM_extended_get2 Not Supported GL_QCOM_perfmon_global_mode Not Supported GL_QCOM_tiled_rendering Not Supported GL_QCOM_writeonly_rendering Not Supported GL_REND_screen_coordinates Not Supported GL_S3_performance_analyzer Not Supported GL_S3_s3tc Supported GL_SGI_color_matrix Not Supported GL_SGI_color_table Not Supported GL_SGI_compiled_vertex_array Not Supported GL_SGI_cull_vertex Not Supported GL_SGI_index_array_formats Not Supported GL_SGI_index_func Not Supported GL_SGI_index_material Not Supported GL_SGI_index_texture Not Supported GL_SGI_make_current_read Not Supported GL_SGI_texture_add_env Not Supported GL_SGI_texture_color_table Not Supported GL_SGI_texture_edge_clamp Not Supported GL_SGI_texture_lod Not Supported GL_SGIS_color_range Not Supported GL_SGIS_detail_texture Not Supported GL_SGIS_fog_function Not Supported GL_SGIS_generate_mipmap Supported GL_SGIS_multisample Not Supported GL_SGIS_multitexture Not Supported GL_SGIS_pixel_texture Not Supported GL_SGIS_point_line_texgen Not Supported GL_SGIS_sharpen_texture Not Supported GL_SGIS_texture_border_clamp Not Supported GL_SGIS_texture_color_mask Not Supported GL_SGIS_texture_edge_clamp Not Supported GL_SGIS_texture_filter4 Not Supported GL_SGIS_texture_lod Supported GL_SGIS_texture_select Not Supported GL_SGIS_texture4D Not Supported GL_SGIX_async Not Supported GL_SGIX_async_histogram Not Supported GL_SGIX_async_pixel Not Supported GL_SGIX_blend_alpha_minmax Not Supported GL_SGIX_clipmap Not Supported GL_SGIX_convolution_accuracy Not Supported GL_SGIX_depth_pass_instrument Not Supported GL_SGIX_depth_texture Supported GL_SGIX_flush_raster Not Supported GL_SGIX_fog_offset Not Supported GL_SGIX_fog_texture Not Supported GL_SGIX_fragment_specular_lighting Not Supported GL_SGIX_framezoom Not Supported GL_SGIX_instruments Not Supported GL_SGIX_interlace Not Supported GL_SGIX_ir_instrument1 Not Supported GL_SGIX_list_priority Not Supported GL_SGIX_pbuffer Not Supported GL_SGIX_pixel_texture Not Supported GL_SGIX_pixel_texture_bits Not Supported GL_SGIX_reference_plane Not Supported GL_SGIX_resample Not Supported GL_SGIX_shadow Supported GL_SGIX_shadow_ambient Not Supported GL_SGIX_sprite Not Supported GL_SGIX_subsample Not Supported GL_SGIX_tag_sample_buffer Not Supported GL_SGIX_texture_add_env Not Supported GL_SGIX_texture_coordinate_clamp Not Supported GL_SGIX_texture_lod_bias Not Supported GL_SGIX_texture_multi_buffer Not Supported GL_SGIX_texture_range Not Supported GL_SGIX_texture_scale_bias Not Supported GL_SGIX_vertex_preclip Not Supported GL_SGIX_vertex_preclip_hint Not Supported GL_SGIX_ycrcb Not Supported GL_SGIX_ycrcb_subsample Not Supported GL_SUN_convolution_border_modes Not Supported GL_SUN_global_alpha Not Supported GL_SUN_mesh_array Not Supported GL_SUN_multi_draw_arrays Not Supported GL_SUN_read_video_pixels Not Supported GL_SUN_slice_accum Supported GL_SUN_triangle_list Not Supported GL_SUN_vertex Not Supported GL_SUNX_constant_data Not Supported GL_VIV_shader_binary Not Supported GL_WGL_ARB_extensions_string Not Supported GL_WGL_EXT_extensions_string Not Supported GL_WGL_EXT_swap_control Not Supported GL_WIN_phong_shading Not Supported GL_WIN_specular_fog Not Supported GL_WIN_swap_hint Supported GLU_EXT_nurbs_tessellator Not Supported GLU_EXT_object_space_tess Not Supported GLU_SGI_filter4_parameters Not Supported GLX_ARB_create_context Not Supported GLX_ARB_fbconfig_float Not Supported GLX_ARB_framebuffer_sRGB Not Supported GLX_ARB_get_proc_address Not Supported GLX_ARB_multisample Not Supported GLX_EXT_fbconfig_packed_float Not Supported GLX_EXT_framebuffer_sRGB Not Supported GLX_EXT_import_context Not Supported GLX_EXT_scene_marker Not Supported GLX_EXT_texture_from_pixmap Not Supported GLX_EXT_visual_info Not Supported GLX_EXT_visual_rating Not Supported GLX_MESA_agp_offset Not Supported GLX_MESA_copy_sub_buffer Not Supported GLX_MESA_pixmap_colormap Not Supported GLX_MESA_release_buffers Not Supported GLX_MESA_set_3dfx_mode Not Supported GLX_NV_present_video Not Supported GLX_NV_swap_group Not Supported GLX_NV_video_output Not Supported GLX_OML_interlace Not Supported GLX_OML_swap_method Not Supported GLX_OML_sync_control Not Supported GLX_SGI_cushion Not Supported GLX_SGI_make_current_read Not Supported GLX_SGI_swap_control Not Supported GLX_SGI_video_sync Not Supported GLX_SGIS_blended_overlay Not Supported GLX_SGIS_color_range Not Supported GLX_SGIS_multisample Not Supported GLX_SGIX_dm_buffer Not Supported GLX_SGIX_fbconfig Not Supported GLX_SGIX_hyperpipe Not Supported GLX_SGIX_pbuffer Not Supported GLX_SGIX_swap_barrier Not Supported GLX_SGIX_swap_group Not Supported GLX_SGIX_video_resize Not Supported GLX_SGIX_video_source Not Supported GLX_SGIX_visual_select_group Not Supported GLX_SUN_get_transparent_index Not Supported GLX_SUN_video_resize Not Supported WGL_3DFX_gamma_control Not Supported WGL_3DFX_multisample Not Supported WGL_3DL_stereo_control Not Supported WGL_AMD_gpu_association Not Supported WGL_AMDX_gpu_association Not Supported WGL_ARB_buffer_region Supported WGL_ARB_create_context Supported WGL_ARB_create_context_profile Supported WGL_ARB_create_context_robustness Supported WGL_ARB_extensions_string Supported WGL_ARB_framebuffer_sRGB Not Supported WGL_ARB_make_current_read Supported WGL_ARB_multisample Supported WGL_ARB_pbuffer Supported WGL_ARB_pixel_format Supported WGL_ARB_pixel_format_float Supported WGL_ARB_render_texture Supported WGL_ATI_pbuffer_memory_hint Not Supported WGL_ATI_pixel_format_float Supported WGL_ATI_render_texture_rectangle Not Supported WGL_EXT_buffer_region Not Supported WGL_EXT_create_context_es_profile Supported WGL_EXT_create_context_es2_profile Supported WGL_EXT_depth_float Not Supported WGL_EXT_display_color_table Not Supported WGL_EXT_extensions_string Supported WGL_EXT_framebuffer_sRGB Supported WGL_EXT_framebuffer_sRGBWGL_ARB_create_context Not Supported WGL_EXT_gamma_control Not Supported WGL_EXT_make_current_read Not Supported WGL_EXT_multisample Not Supported WGL_EXT_pbuffer Not Supported WGL_EXT_pixel_format Not Supported WGL_EXT_pixel_format_packed_float Supported WGL_EXT_render_texture Not Supported WGL_EXT_swap_control Supported WGL_EXT_swap_control_tear Supported WGL_EXT_swap_interval Not Supported WGL_I3D_digital_video_control Not Supported WGL_I3D_gamma Not Supported WGL_I3D_genlock Not Supported WGL_I3D_image_buffer Not Supported WGL_I3D_swap_frame_lock Not Supported WGL_I3D_swap_frame_usage Not Supported WGL_MTX_video_preview Not Supported WGL_NV_copy_image Not Supported WGL_NV_delay_before_swap Supported WGL_NV_DX_interop Supported WGL_NV_DX_interop2 Supported WGL_NV_float_buffer Supported WGL_NV_gpu_affinity Not Supported WGL_NV_multisample_coverage Supported WGL_NV_present_video Not Supported WGL_NV_render_depth_texture Supported WGL_NV_render_texture_rectangle Supported WGL_NV_swap_group Not Supported WGL_NV_vertex_array_range Not Supported WGL_NV_video_output Not Supported WGL_NVX_DX_interop Supported WGL_OML_sync_control Not Supported WGL_S3_cl_sharingWGL_ARB_create_context_profile Not Supported Supported Compressed Texture Formats: RGB DXT1 Supported RGBA DXT1 Not Supported RGBA DXT3 Supported RGBA DXT5 Supported RGB FXT1 Not Supported RGBA FXT1 Not Supported 3Dc Not Supported Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ GPGPU ]------------------------------------------------------------------------------------------------------- [ CUDA: GeForce GTX 460 ] Device Properties: Device Name GeForce GTX 460 PCI Domain / Bus / Device 0 / 1 / 0 Clock Rate 1440 MHz Asynchronous Engines 1 Multiprocessors / Cores 7 / 336 L2 Cache 512 KB Max Threads Per Multiprocessor 1536 Max Threads Per Block 1024 Max Registers Per Block 32768 Max Instructions Per Kernel 512 million Warp Size 32 threads Max Block Size 1024 x 1024 x 64 Max Grid Size 65535 x 65535 x 65535 Max 1D Texture Width 65536 Max 2D Texture Size 65536 x 65535 Max 3D Texture Size 2048 x 2048 x 2048 Max 1D Linear Texture Width 134217728 Max 2D Linear Texture Size 65000 x 65000 Max 2D Linear Texture Pitch 1048544 bytes Max 1D Layered Texture Width 16384 Max 1D Layered Texture Layers 2048 Max Mipmapped 1D Texture Width 16384 Max Mipmapped 2D Texture Size 16384 x 16384 Max Cubemap Texture Size 16384 x 16384 Max Cubemap Layered Texture Size 16384 x 16384 Max Cubemap Layered Texture Layers 2046 Max Texture Array Size 16384 x 16384 Max Texture Array Slices 2048 Max 1D Surface Width 65536 Max 2D Surface Size 65536 x 32768 Max 3D Surface Size 65536 x 32768 x 2048 Max 1D Layered Surface Width 65536 Max 1D Layered Surface Layers 2048 Max 2D Layered Surface Size 65536 x 32768 Max 2D Layered Surface Layers 2048 Compute Mode Default: Multiple contexts allowed per device Compute Capability 2.1 CUDA DLL nvcuda.dll (8.17.13.3182 - nVIDIA ForceWare 331.82) Memory Properties: Memory Clock 1800 MHz Global Memory Bus Width 256-bit Total Memory 1 GB Total Constant Memory 64 KB Max Shared Memory Per Block 48 KB Max Memory Pitch 2147483647 bytes Texture Alignment 512 bytes Texture Pitch Alignment 32 bytes Surface Alignment 512 bytes Device Features: 32-bit Floating-Point Atomic Addition Supported 32-bit Integer Atomic Operations Supported 64-bit Integer Atomic Operations Supported Concurrent Kernel Execution Supported Concurrent Memory Copy & Execute Supported Double-Precision Floating-Point Supported ECC Disabled Funnel Shift Not Supported Host Memory Mapping Supported Integrated Device No Stream Priorities Not Supported Surface Functions Supported TCC Driver No Unified Addressing No Warp Vote Functions Supported __ballot() Supported __syncthreads_and() Supported __syncthreads_count() Supported __syncthreads_or() Supported __threadfence_system() Supported Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Direct3D: NVIDIA GeForce GTX 460 ] Device Properties: Device Name NVIDIA GeForce GTX 460 Driver Name nvd3dum.dll Driver Version 9.18.13.3182 - nVIDIA ForceWare 331.82 Shader Model SM 5.0 Max Threads 1024 Multiple UAV Access 8 UAVs Thread Dispatch 3D Thread Local Storage 32 KB Device Features: Append/Consume Buffers Supported Atomic Operations Supported Double-Precision Floating-Point Supported Gather4 Supported Indirect Compute Dispatch Supported Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ OpenCL: GeForce GTX 460 ] OpenCL Properties: Platform Name NVIDIA CUDA Platform Vendor NVIDIA Corporation Platform Version OpenCL 1.1 CUDA 6.0.1 Platform Profile Full Device Properties: Device Name GeForce GTX 460 Device Type GPU Device Vendor NVIDIA Corporation Device Version OpenCL 1.1 CUDA Device Profile Full OpenCL C Version OpenCL C 1.1 Clock Rate 1440 MHz Multiprocessors 7 Max 2D Image Size 32768 x 32768 Max 3D Image Size 2048 x 2048 x 2048 Max Samplers 16 Max Work-Item Size 1024 x 1024 x 64 Max Work-Group Size 1024 Max Argument Size 4352 bytes Max Constant Buffer Size 64 KB Max Constant Arguments 9 Profiling Timer Resolution 1000 ns OpenCL DLL opencl.dll (1.0.0) Memory Properties: Global Memory 1024 MB Global Memory Cache 112 KB (Read/Write, 128-byte line) Local Memory 48 KB Memory Base Address Alignment 4096-bit Min Data Type Alignment 128 bytes Device Features: Command-Queue Out Of Order Execution Enabled Command-Queue Profiling Enabled Compiler Available Yes Error Correction Not Supported Images Supported Kernel Execution Supported Linker Available No Native Kernel Execution Not Supported Unified Memory No Double-Precision Floating-Point Features: Correctly Rounded Divide and Sqrt Not Supported Denorms Supported IEEE754-2008 FMA Supported INF and NaNs Supported Rounding to Infinity Supported Rounding to Nearest Even Supported Rounding to Zero Supported Software Basic Floating-Point Operations No Device Extensions: Total / Supported Extensions 54 / 15 cl_amd_c1x_atomics Not Supported cl_amd_d3d10_interop Not Supported cl_amd_d3d9_interop Not Supported cl_amd_device_attribute_query Not Supported cl_amd_device_memory_flags Not Supported cl_amd_fp64 Not Supported cl_amd_media_ops Not Supported cl_amd_media_ops2 Not Supported cl_amd_offline_devices Not Supported cl_amd_popcnt Not Supported cl_amd_printf Not Supported cl_amd_vec3 Not Supported cl_apple_contextloggingfunctions Not Supported cl_apple_gl_sharing Not Supported cl_apple_setmemobjectdestructor Not Supported cl_ext_atomic_counters_32 Not Supported cl_ext_atomic_counters_64 Not Supported cl_ext_device_fission Not Supported cl_ext_migrate_memobject Not Supported cl_intel_device_partition_by_names Not Supported cl_intel_dx9_media_sharing Not Supported cl_intel_exec_by_local_thread Not Supported cl_intel_printf Not Supported cl_intel_thread_local_exec Not Supported cl_khr_3d_image_writes Not Supported cl_khr_byte_addressable_store Supported cl_khr_d3d10_sharing Supported cl_khr_d3d11_sharing Not Supported cl_khr_depth_images Not Supported cl_khr_dx9_media_sharing Not Supported cl_khr_fp16 Not Supported cl_khr_fp64 Supported cl_khr_gl_depth_images Not Supported cl_khr_gl_event Not Supported cl_khr_gl_msaa_sharing Not Supported cl_khr_gl_sharing Supported cl_khr_global_int32_base_atomics Supported cl_khr_global_int32_extended_atomics Supported cl_khr_icd Supported cl_khr_image2d_from_buffer Not Supported cl_khr_initialize_memory Not Supported cl_khr_int64_base_atomics Not Supported cl_khr_int64_extended_atomics Not Supported cl_khr_local_int32_base_atomics Supported cl_khr_local_int32_extended_atomics Supported cl_khr_select_fprounding_mode Not Supported cl_khr_spir Not Supported cl_khr_terminate_context Not Supported cl_nv_compiler_options Supported cl_nv_d3d10_sharing Supported cl_nv_d3d11_sharing Supported cl_nv_d3d9_sharing Supported cl_nv_device_attribute_query Supported cl_nv_pragma_unroll Supported Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ Fonts ]------------------------------------------------------------------------------------------------------- @Adobe Fan Heiti Std B Swiss B CHINESE_BIG5 32 x 40 60 % @Adobe Fan Heiti Std B Swiss B Cyrillic 32 x 40 60 % @Adobe Fan Heiti Std B Swiss B Japanese 32 x 40 60 % @Adobe Fan Heiti Std B Swiss B Western 32 x 40 60 % @Adobe Fangsong Std R Roman R Central European 31 x 38 40 % @Adobe Fangsong Std R Roman R CHINESE_GB2312 31 x 38 40 % @Adobe Fangsong Std R Roman R Cyrillic 31 x 38 40 % @Adobe Fangsong Std R Roman R Japanese 31 x 38 40 % @Adobe Fangsong Std R Roman R Western 31 x 38 40 % @Adobe Gothic Std B Swiss B Cyrillic 32 x 40 70 % @Adobe Gothic Std B Swiss B Hangul(Johab) 32 x 40 70 % @Adobe Gothic Std B Swiss B Hangul 32 x 40 70 % @Adobe Gothic Std B Swiss B Japanese 32 x 40 70 % @Adobe Gothic Std B Swiss B Mac 32 x 40 70 % @Adobe Gothic Std B Swiss B Western 32 x 40 70 % @Adobe Heiti Std R Swiss R Central European 31 x 40 40 % @Adobe Heiti Std R Swiss R CHINESE_GB2312 31 x 40 40 % @Adobe Heiti Std R Swiss R Cyrillic 31 x 40 40 % @Adobe Heiti Std R Swiss R Japanese 31 x 40 40 % @Adobe Heiti Std R Swiss R Western 31 x 40 40 % @Adobe Kaiti Std R Roman R Central European 31 x 38 40 % @Adobe Kaiti Std R Roman R CHINESE_GB2312 31 x 38 40 % @Adobe Kaiti Std R Roman R Cyrillic 31 x 38 40 % @Adobe Kaiti Std R Roman R Japanese 31 x 38 40 % @Adobe Kaiti Std R Roman R Western 31 x 38 40 % @Adobe Ming Std L Roman L CHINESE_BIG5 32 x 33 30 % @Adobe Ming Std L Roman L Cyrillic 32 x 33 30 % @Adobe Ming Std L Roman L Japanese 32 x 33 30 % @Adobe Ming Std L Roman L Western 32 x 33 30 % @Adobe Myungjo Std M Roman M Cyrillic 32 x 33 50 % @Adobe Myungjo Std M Roman M Hangul(Johab) 32 x 33 50 % @Adobe Myungjo Std M Roman M Hangul 32 x 33 50 % @Adobe Myungjo Std M Roman M Japanese 32 x 33 50 % @Adobe Myungjo Std M Roman M Mac 32 x 33 50 % @Adobe Myungjo Std M Roman M Western 32 x 33 50 % @Adobe Song Std L Roman L Central European 31 x 36 30 % @Adobe Song Std L Roman L CHINESE_GB2312 31 x 36 30 % @Adobe Song Std L Roman L Cyrillic 31 x 36 30 % @Adobe Song Std L Roman L Japanese 31 x 36 30 % @Adobe Song Std L Roman L Western 31 x 36 30 % @Arial Unicode MS Swiss Regular Arabic 14 x 43 40 % @Arial Unicode MS Swiss Regular Baltic 14 x 43 40 % @Arial Unicode MS Swiss Regular Central European 14 x 43 40 % @Arial Unicode MS Swiss Regular CHINESE_BIG5 14 x 43 40 % @Arial Unicode MS Swiss Regular CHINESE_GB2312 14 x 43 40 % @Arial Unicode MS Swiss Regular Cyrillic 14 x 43 40 % @Arial Unicode MS Swiss Regular Greek 14 x 43 40 % @Arial Unicode MS Swiss Regular Hangul(Johab) 14 x 43 40 % @Arial Unicode MS Swiss Regular Hangul 14 x 43 40 % @Arial Unicode MS Swiss Regular Hebrew 14 x 43 40 % @Arial Unicode MS Swiss Regular Japanese 14 x 43 40 % @Arial Unicode MS Swiss Regular Thai 14 x 43 40 % @Arial Unicode MS Swiss Regular Turkish 14 x 43 40 % @Arial Unicode MS Swiss Regular Vietnamese 14 x 43 40 % @Arial Unicode MS Swiss Regular Western 14 x 43 40 % @Batang Roman Regular Baltic 16 x 32 40 % @Batang Roman Regular Central European 16 x 32 40 % @Batang Roman Regular Cyrillic 16 x 32 40 % @Batang Roman Regular Greek 16 x 32 40 % @Batang Roman Regular Hangul 16 x 32 40 % @Batang Roman Regular Turkish 16 x 32 40 % @Batang Roman Regular Western 16 x 32 40 % @BatangChe Modern Regular Baltic 16 x 32 40 % @BatangChe Modern Regular Central European 16 x 32 40 % @BatangChe Modern Regular Cyrillic 16 x 32 40 % @BatangChe Modern Regular Greek 16 x 32 40 % @BatangChe Modern Regular Hangul 16 x 32 40 % @BatangChe Modern Regular Turkish 16 x 32 40 % @BatangChe Modern Regular Western 16 x 32 40 % @DFKai-SB Script Regular CHINESE_BIG5 16 x 32 40 % @DFKai-SB Script Regular Western 16 x 32 40 % @Dotum Swiss Regular Baltic 16 x 32 40 % @Dotum Swiss Regular Central European 16 x 32 40 % @Dotum Swiss Regular Cyrillic 16 x 32 40 % @Dotum Swiss Regular Greek 16 x 32 40 % @Dotum Swiss Regular Hangul 16 x 32 40 % @Dotum Swiss Regular Turkish 16 x 32 40 % @Dotum Swiss Regular Western 16 x 32 40 % @DotumChe Modern Regular Baltic 16 x 32 40 % @DotumChe Modern Regular Central European 16 x 32 40 % @DotumChe Modern Regular Cyrillic 16 x 32 40 % @DotumChe Modern Regular Greek 16 x 32 40 % @DotumChe Modern Regular Hangul 16 x 32 40 % @DotumChe Modern Regular Turkish 16 x 32 40 % @DotumChe Modern Regular Western 16 x 32 40 % @FangSong Modern Regular CHINESE_GB2312 16 x 32 40 % @FangSong Modern Regular Western 16 x 32 40 % @Gulim Swiss Regular Baltic 16 x 32 40 % @Gulim Swiss Regular Central European 16 x 32 40 % @Gulim Swiss Regular Cyrillic 16 x 32 40 % @Gulim Swiss Regular Greek 16 x 32 40 % @Gulim Swiss Regular Hangul 16 x 32 40 % @Gulim Swiss Regular Turkish 16 x 32 40 % @Gulim Swiss Regular Western 16 x 32 40 % @GulimChe Modern Regular Baltic 16 x 32 40 % @GulimChe Modern Regular Central European 16 x 32 40 % @GulimChe Modern Regular Cyrillic 16 x 32 40 % @GulimChe Modern Regular Greek 16 x 32 40 % @GulimChe Modern Regular Hangul 16 x 32 40 % @GulimChe Modern Regular Turkish 16 x 32 40 % @GulimChe Modern Regular Western 16 x 32 40 % @Gungsuh Roman Regular Baltic 16 x 32 40 % @Gungsuh Roman Regular Central European 16 x 32 40 % @Gungsuh Roman Regular Cyrillic 16 x 32 40 % @Gungsuh Roman Regular Greek 16 x 32 40 % @Gungsuh Roman Regular Hangul 16 x 32 40 % @Gungsuh Roman Regular Turkish 16 x 32 40 % @Gungsuh Roman Regular Western 16 x 32 40 % @GungsuhChe Modern Regular Baltic 16 x 32 40 % @GungsuhChe Modern Regular Central European 16 x 32 40 % @GungsuhChe Modern Regular Cyrillic 16 x 32 40 % @GungsuhChe Modern Regular Greek 16 x 32 40 % @GungsuhChe Modern Regular Hangul 16 x 32 40 % @GungsuhChe Modern Regular Turkish 16 x 32 40 % @GungsuhChe Modern Regular Western 16 x 32 40 % @KaiTi Modern Regular CHINESE_GB2312 16 x 32 40 % @KaiTi Modern Regular Western 16 x 32 40 % @Kozuka Gothic Pr6N B Swiss B Baltic 31 x 59 70 % @Kozuka Gothic Pr6N B Swiss B Central European 31 x 59 70 % @Kozuka Gothic Pr6N B Swiss B Cyrillic 31 x 59 70 % @Kozuka Gothic Pr6N B Swiss B Greek 31 x 59 70 % @Kozuka Gothic Pr6N B Swiss B Japanese 31 x 59 70 % @Kozuka Gothic Pr6N B Swiss B Mac 31 x 59 70 % @Kozuka Gothic Pr6N B Swiss B Turkish 31 x 59 70 % @Kozuka Gothic Pr6N B Swiss B Western 31 x 59 70 % @Kozuka Gothic Pr6N EL Swiss EL Baltic 31 x 53 25 % @Kozuka Gothic Pr6N EL Swiss EL Central European 31 x 53 25 % @Kozuka Gothic Pr6N EL Swiss EL Cyrillic 31 x 53 25 % @Kozuka Gothic Pr6N EL Swiss EL Greek 31 x 53 25 % @Kozuka Gothic Pr6N EL Swiss EL Japanese 31 x 53 25 % @Kozuka Gothic Pr6N EL Swiss EL Mac 31 x 53 25 % @Kozuka Gothic Pr6N EL Swiss EL Turkish 31 x 53 25 % @Kozuka Gothic Pr6N EL Swiss EL Western 31 x 53 25 % @Kozuka Gothic Pr6N H Swiss H Baltic 31 x 59 90 % @Kozuka Gothic Pr6N H Swiss H Central European 31 x 59 90 % @Kozuka Gothic Pr6N H Swiss H Cyrillic 31 x 59 90 % @Kozuka Gothic Pr6N H Swiss H Greek 31 x 59 90 % @Kozuka Gothic Pr6N H Swiss H Japanese 31 x 59 90 % @Kozuka Gothic Pr6N H Swiss H Mac 31 x 59 90 % @Kozuka Gothic Pr6N H Swiss H Turkish 31 x 59 90 % @Kozuka Gothic Pr6N H Swiss H Western 31 x 59 90 % @Kozuka Gothic Pr6N L Swiss L Baltic 31 x 55 30 % @Kozuka Gothic Pr6N L Swiss L Central European 31 x 55 30 % @Kozuka Gothic Pr6N L Swiss L Cyrillic 31 x 55 30 % @Kozuka Gothic Pr6N L Swiss L Greek 31 x 55 30 % @Kozuka Gothic Pr6N L Swiss L Japanese 31 x 55 30 % @Kozuka Gothic Pr6N L Swiss L Mac 31 x 55 30 % @Kozuka Gothic Pr6N L Swiss L Turkish 31 x 55 30 % @Kozuka Gothic Pr6N L Swiss L Western 31 x 55 30 % @Kozuka Gothic Pr6N M Swiss M Baltic 31 x 57 50 % @Kozuka Gothic Pr6N M Swiss M Central European 31 x 57 50 % @Kozuka Gothic Pr6N M Swiss M Cyrillic 31 x 57 50 % @Kozuka Gothic Pr6N M Swiss M Greek 31 x 57 50 % @Kozuka Gothic Pr6N M Swiss M Japanese 31 x 57 50 % @Kozuka Gothic Pr6N M Swiss M Mac 31 x 57 50 % @Kozuka Gothic Pr6N M Swiss M Turkish 31 x 57 50 % @Kozuka Gothic Pr6N M Swiss M Western 31 x 57 50 % @Kozuka Gothic Pr6N R Swiss R Baltic 31 x 56 40 % @Kozuka Gothic Pr6N R Swiss R Central European 31 x 56 40 % @Kozuka Gothic Pr6N R Swiss R Cyrillic 31 x 56 40 % @Kozuka Gothic Pr6N R Swiss R Greek 31 x 56 40 % @Kozuka Gothic Pr6N R Swiss R Japanese 31 x 56 40 % @Kozuka Gothic Pr6N R Swiss R Mac 31 x 56 40 % @Kozuka Gothic Pr6N R Swiss R Turkish 31 x 56 40 % @Kozuka Gothic Pr6N R Swiss R Western 31 x 56 40 % @Kozuka Gothic Pro B Swiss B Cyrillic 31 x 46 70 % @Kozuka Gothic Pro B Swiss B Japanese 31 x 46 70 % @Kozuka Gothic Pro B Swiss B Mac 31 x 46 70 % @Kozuka Gothic Pro B Swiss B Western 31 x 46 70 % @Kozuka Gothic Pro EL Swiss EL Cyrillic 31 x 41 25 % @Kozuka Gothic Pro EL Swiss EL Japanese 31 x 41 25 % @Kozuka Gothic Pro EL Swiss EL Mac 31 x 41 25 % @Kozuka Gothic Pro EL Swiss EL Western 31 x 41 25 % @Kozuka Gothic Pro H Swiss H Cyrillic 31 x 46 90 % @Kozuka Gothic Pro H Swiss H Japanese 31 x 46 90 % @Kozuka Gothic Pro H Swiss H Mac 31 x 46 90 % @Kozuka Gothic Pro H Swiss H Western 31 x 46 90 % @Kozuka Gothic Pro L Swiss L Cyrillic 31 x 43 30 % @Kozuka Gothic Pro L Swiss L Japanese 31 x 43 30 % @Kozuka Gothic Pro L Swiss L Mac 31 x 43 30 % @Kozuka Gothic Pro L Swiss L Western 31 x 43 30 % @Kozuka Gothic Pro M Swiss M Cyrillic 31 x 45 50 % @Kozuka Gothic Pro M Swiss M Japanese 31 x 45 50 % @Kozuka Gothic Pro M Swiss M Mac 31 x 45 50 % @Kozuka Gothic Pro M Swiss M Western 31 x 45 50 % @Kozuka Gothic Pro R Swiss R Cyrillic 31 x 44 40 % @Kozuka Gothic Pro R Swiss R Japanese 31 x 44 40 % @Kozuka Gothic Pro R Swiss R Mac 31 x 44 40 % @Kozuka Gothic Pro R Swiss R Western 31 x 44 40 % @Kozuka Mincho Pr6N B Roman B Baltic 31 x 53 70 % @Kozuka Mincho Pr6N B Roman B Central European 31 x 53 70 % @Kozuka Mincho Pr6N B Roman B Cyrillic 31 x 53 70 % @Kozuka Mincho Pr6N B Roman B Greek 31 x 53 70 % @Kozuka Mincho Pr6N B Roman B Japanese 31 x 53 70 % @Kozuka Mincho Pr6N B Roman B Mac 31 x 53 70 % @Kozuka Mincho Pr6N B Roman B Turkish 31 x 53 70 % @Kozuka Mincho Pr6N B Roman B Western 31 x 53 70 % @Kozuka Mincho Pr6N EL Roman EL Baltic 31 x 50 25 % @Kozuka Mincho Pr6N EL Roman EL Central European 31 x 50 25 % @Kozuka Mincho Pr6N EL Roman EL Cyrillic 31 x 50 25 % @Kozuka Mincho Pr6N EL Roman EL Greek 31 x 50 25 % @Kozuka Mincho Pr6N EL Roman EL Japanese 31 x 50 25 % @Kozuka Mincho Pr6N EL Roman EL Mac 31 x 50 25 % @Kozuka Mincho Pr6N EL Roman EL Turkish 31 x 50 25 % @Kozuka Mincho Pr6N EL Roman EL Western 31 x 50 25 % @Kozuka Mincho Pr6N H Roman H Baltic 31 x 56 90 % @Kozuka Mincho Pr6N H Roman H Central European 31 x 56 90 % @Kozuka Mincho Pr6N H Roman H Cyrillic 31 x 56 90 % @Kozuka Mincho Pr6N H Roman H Greek 31 x 56 90 % @Kozuka Mincho Pr6N H Roman H Japanese 31 x 56 90 % @Kozuka Mincho Pr6N H Roman H Mac 31 x 56 90 % @Kozuka Mincho Pr6N H Roman H Turkish 31 x 56 90 % @Kozuka Mincho Pr6N H Roman H Western 31 x 56 90 % @Kozuka Mincho Pr6N L Roman L Baltic 31 x 50 30 % @Kozuka Mincho Pr6N L Roman L Central European 31 x 50 30 % @Kozuka Mincho Pr6N L Roman L Cyrillic 31 x 50 30 % @Kozuka Mincho Pr6N L Roman L Greek 31 x 50 30 % @Kozuka Mincho Pr6N L Roman L Japanese 31 x 50 30 % @Kozuka Mincho Pr6N L Roman L Mac 31 x 50 30 % @Kozuka Mincho Pr6N L Roman L Turkish 31 x 50 30 % @Kozuka Mincho Pr6N L Roman L Western 31 x 50 30 % @Kozuka Mincho Pr6N M Roman M Baltic 31 x 52 50 % @Kozuka Mincho Pr6N M Roman M Central European 31 x 52 50 % @Kozuka Mincho Pr6N M Roman M Cyrillic 31 x 52 50 % @Kozuka Mincho Pr6N M Roman M Greek 31 x 52 50 % @Kozuka Mincho Pr6N M Roman M Japanese 31 x 52 50 % @Kozuka Mincho Pr6N M Roman M Mac 31 x 52 50 % @Kozuka Mincho Pr6N M Roman M Turkish 31 x 52 50 % @Kozuka Mincho Pr6N M Roman M Western 31 x 52 50 % @Kozuka Mincho Pr6N R Roman R Baltic 31 x 51 40 % @Kozuka Mincho Pr6N R Roman R Central European 31 x 51 40 % @Kozuka Mincho Pr6N R Roman R Cyrillic 31 x 51 40 % @Kozuka Mincho Pr6N R Roman R Greek 31 x 51 40 % @Kozuka Mincho Pr6N R Roman R Japanese 31 x 51 40 % @Kozuka Mincho Pr6N R Roman R Mac 31 x 51 40 % @Kozuka Mincho Pr6N R Roman R Turkish 31 x 51 40 % @Kozuka Mincho Pr6N R Roman R Western 31 x 51 40 % @Kozuka Mincho Pro B Roman B Cyrillic 31 x 43 70 % @Kozuka Mincho Pro B Roman B Japanese 31 x 43 70 % @Kozuka Mincho Pro B Roman B Mac 31 x 43 70 % @Kozuka Mincho Pro B Roman B Western 31 x 43 70 % @Kozuka Mincho Pro EL Roman EL Cyrillic 31 x 41 25 % @Kozuka Mincho Pro EL Roman EL Japanese 31 x 41 25 % @Kozuka Mincho Pro EL Roman EL Mac 31 x 41 25 % @Kozuka Mincho Pro EL Roman EL Western 31 x 41 25 % @Kozuka Mincho Pro H Roman H Cyrillic 31 x 44 90 % @Kozuka Mincho Pro H Roman H Japanese 31 x 44 90 % @Kozuka Mincho Pro H Roman H Mac 31 x 44 90 % @Kozuka Mincho Pro H Roman H Western 31 x 44 90 % @Kozuka Mincho Pro L Roman L Cyrillic 31 x 41 30 % @Kozuka Mincho Pro L Roman L Japanese 31 x 41 30 % @Kozuka Mincho Pro L Roman L Mac 31 x 41 30 % @Kozuka Mincho Pro L Roman L Western 31 x 41 30 % @Kozuka Mincho Pro M Roman M Cyrillic 31 x 42 50 % @Kozuka Mincho Pro M Roman M Japanese 31 x 42 50 % @Kozuka Mincho Pro M Roman M Mac 31 x 42 50 % @Kozuka Mincho Pro M Roman M Western 31 x 42 50 % @Kozuka Mincho Pro R Roman R Cyrillic 31 x 42 40 % @Kozuka Mincho Pro R Roman R Japanese 31 x 42 40 % @Kozuka Mincho Pro R Roman R Mac 31 x 42 40 % @Kozuka Mincho Pro R Roman R Western 31 x 42 40 % @Malgun Gothic Swiss Regular Hangul 15 x 43 40 % @Malgun Gothic Swiss Regular Western 15 x 43 40 % @Meiryo UI Swiss Regular Baltic 17 x 41 40 % @Meiryo UI Swiss Regular Central European 17 x 41 40 % @Meiryo UI Swiss Regular Cyrillic 17 x 41 40 % @Meiryo UI Swiss Regular Greek 17 x 41 40 % @Meiryo UI Swiss Regular Japanese 17 x 41 40 % @Meiryo UI Swiss Regular Turkish 17 x 41 40 % @Meiryo UI Swiss Regular Western 17 x 41 40 % @Meiryo Swiss Regular Baltic 31 x 48 40 % @Meiryo Swiss Regular Central European 31 x 48 40 % @Meiryo Swiss Regular Cyrillic 31 x 48 40 % @Meiryo Swiss Regular Greek 31 x 48 40 % @Meiryo Swiss Regular Japanese 31 x 48 40 % @Meiryo Swiss Regular Turkish 31 x 48 40 % @Meiryo Swiss Regular Western 31 x 48 40 % @Microsoft JhengHei UI Swiss Regular CHINESE_BIG5 15 x 41 40 % @Microsoft JhengHei UI Swiss Regular Greek 15 x 41 40 % @Microsoft JhengHei UI Swiss Regular Western 15 x 41 40 % @Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 % @Microsoft JhengHei Swiss Regular Greek 15 x 43 40 % @Microsoft JhengHei Swiss Regular Western 15 x 43 40 % @Microsoft YaHei UI Swiss Regular Central European 15 x 41 40 % @Microsoft YaHei UI Swiss Regular CHINESE_GB2312 15 x 41 40 % @Microsoft YaHei UI Swiss Regular Cyrillic 15 x 41 40 % @Microsoft YaHei UI Swiss Regular Greek 15 x 41 40 % @Microsoft YaHei UI Swiss Regular Turkish 15 x 41 40 % @Microsoft YaHei UI Swiss Regular Western 15 x 41 40 % @Microsoft YaHei Swiss Regular Central European 15 x 42 40 % @Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 % @Microsoft YaHei Swiss Regular Cyrillic 15 x 42 40 % @Microsoft YaHei Swiss Regular Greek 15 x 42 40 % @Microsoft YaHei Swiss Regular Turkish 15 x 42 40 % @Microsoft YaHei Swiss Regular Western 15 x 42 40 % @MingLiU_HKSCS Roman Regular CHINESE_BIG5 16 x 32 40 % @MingLiU_HKSCS Roman Regular Western 16 x 32 40 % @MingLiU_HKSCS-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % @MingLiU_HKSCS-ExtB Roman Regular Western 16 x 32 40 % @MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 % @MingLiU Modern Regular Western 16 x 32 40 % @MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % @MingLiU-ExtB Roman Regular Western 16 x 32 40 % @MS Gothic Modern Regular Baltic 16 x 32 40 % @MS Gothic Modern Regular Central European 16 x 32 40 % @MS Gothic Modern Regular Cyrillic 16 x 32 40 % @MS Gothic Modern Regular Greek 16 x 32 40 % @MS Gothic Modern Regular Japanese 16 x 32 40 % @MS Gothic Modern Regular Turkish 16 x 32 40 % @MS Gothic Modern Regular Western 16 x 32 40 % @MS Mincho Modern Regular Baltic 16 x 32 40 % @MS Mincho Modern Regular Central European 16 x 32 40 % @MS Mincho Modern Regular Cyrillic 16 x 32 40 % @MS Mincho Modern Regular Greek 16 x 32 40 % @MS Mincho Modern Regular Japanese 16 x 32 40 % @MS Mincho Modern Regular Turkish 16 x 32 40 % @MS Mincho Modern Regular Western 16 x 32 40 % @MS PGothic Swiss Regular Baltic 13 x 32 40 % @MS PGothic Swiss Regular Central European 13 x 32 40 % @MS PGothic Swiss Regular Cyrillic 13 x 32 40 % @MS PGothic Swiss Regular Greek 13 x 32 40 % @MS PGothic Swiss Regular Japanese 13 x 32 40 % @MS PGothic Swiss Regular Turkish 13 x 32 40 % @MS PGothic Swiss Regular Western 13 x 32 40 % @MS PMincho Roman Regular Baltic 13 x 32 40 % @MS PMincho Roman Regular Central European 13 x 32 40 % @MS PMincho Roman Regular Cyrillic 13 x 32 40 % @MS PMincho Roman Regular Greek 13 x 32 40 % @MS PMincho Roman Regular Japanese 13 x 32 40 % @MS PMincho Roman Regular Turkish 13 x 32 40 % @MS PMincho Roman Regular Western 13 x 32 40 % @MS UI Gothic Swiss Regular Baltic 13 x 32 40 % @MS UI Gothic Swiss Regular Central European 13 x 32 40 % @MS UI Gothic Swiss Regular Cyrillic 13 x 32 40 % @MS UI Gothic Swiss Regular Greek 13 x 32 40 % @MS UI Gothic Swiss Regular Japanese 13 x 32 40 % @MS UI Gothic Swiss Regular Turkish 13 x 32 40 % @MS UI Gothic Swiss Regular Western 13 x 32 40 % @NSimSun Modern Regular CHINESE_GB2312 16 x 32 40 % @NSimSun Modern Regular Western 16 x 32 40 % @PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 % @PMingLiU Roman Regular Western 16 x 32 40 % @PMingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % @PMingLiU-ExtB Roman Regular Western 16 x 32 40 % @SimHei Modern Regular CHINESE_GB2312 16 x 32 40 % @SimHei Modern Regular Western 16 x 32 40 % @SimSun Special Regular CHINESE_GB2312 16 x 32 40 % @SimSun Special Regular Western 16 x 32 40 % @SimSun-ExtB Modern Regular CHINESE_GB2312 16 x 32 40 % @SimSun-ExtB Modern Regular Western 16 x 32 40 % Adobe Arabic Roman Bold Arabic 20 x 35 70 % Adobe Arabic Roman Bold Mac 20 x 35 70 % Adobe Arabic Roman Bold Western 20 x 35 70 % Adobe Caslon Pro Bold Roman Bold Baltic 17 x 54 70 % Adobe Caslon Pro Bold Roman Bold Central European 17 x 54 70 % Adobe Caslon Pro Bold Roman Bold Mac 17 x 54 70 % Adobe Caslon Pro Bold Roman Bold Turkish 17 x 54 70 % Adobe Caslon Pro Bold Roman Bold Western 17 x 54 70 % Adobe Caslon Pro Roman Italic Baltic 17 x 54 40 % Adobe Caslon Pro Roman Italic Central European 17 x 54 40 % Adobe Caslon Pro Roman Italic Mac 17 x 54 40 % Adobe Caslon Pro Roman Italic Turkish 17 x 54 40 % Adobe Caslon Pro Roman Italic Western 17 x 54 40 % Adobe Devanagari Roman Bold Mac 17 x 43 70 % Adobe Devanagari Roman Bold Western 17 x 43 70 % Adobe Fan Heiti Std B Swiss B CHINESE_BIG5 32 x 40 60 % Adobe Fan Heiti Std B Swiss B Cyrillic 32 x 40 60 % Adobe Fan Heiti Std B Swiss B Japanese 32 x 40 60 % Adobe Fan Heiti Std B Swiss B Western 32 x 40 60 % Adobe Fangsong Std R Roman R Central European 31 x 40 40 % Adobe Fangsong Std R Roman R CHINESE_GB2312 31 x 40 40 % Adobe Fangsong Std R Roman R Cyrillic 31 x 40 40 % Adobe Fangsong Std R Roman R Japanese 31 x 40 40 % Adobe Fangsong Std R Roman R Western 31 x 40 40 % Adobe Garamond Pro Bold Roman Bold Baltic 16 x 38 70 % Adobe Garamond Pro Bold Roman Bold Central European 16 x 38 70 % Adobe Garamond Pro Bold Roman Bold Mac 16 x 38 70 % Adobe Garamond Pro Bold Roman Bold Turkish 16 x 38 70 % Adobe Garamond Pro Bold Roman Bold Western 16 x 38 70 % Adobe Garamond Pro Roman Italic Baltic 16 x 40 40 % Adobe Garamond Pro Roman Italic Central European 16 x 40 40 % Adobe Garamond Pro Roman Italic Mac 16 x 40 40 % Adobe Garamond Pro Roman Italic Turkish 16 x 40 40 % Adobe Garamond Pro Roman Italic Western 16 x 40 40 % Adobe Gothic Std B Swiss B Cyrillic 32 x 40 70 % Adobe Gothic Std B Swiss B Hangul(Johab) 32 x 40 70 % Adobe Gothic Std B Swiss B Hangul 32 x 40 70 % Adobe Gothic Std B Swiss B Japanese 32 x 40 70 % Adobe Gothic Std B Swiss B Mac 32 x 40 70 % Adobe Gothic Std B Swiss B Western 32 x 40 70 % Adobe Hebrew Roman Bold Hebrew 15 x 40 60 % Adobe Hebrew Roman Bold Mac 15 x 40 60 % Adobe Hebrew Roman Bold Western 15 x 40 60 % Adobe Heiti Std R Swiss R Central European 31 x 40 40 % Adobe Heiti Std R Swiss R CHINESE_GB2312 31 x 40 40 % Adobe Heiti Std R Swiss R Cyrillic 31 x 40 40 % Adobe Heiti Std R Swiss R Japanese 31 x 40 40 % Adobe Heiti Std R Swiss R Western 31 x 40 40 % Adobe Kaiti Std R Roman R Central European 31 x 40 40 % Adobe Kaiti Std R Roman R CHINESE_GB2312 31 x 40 40 % Adobe Kaiti Std R Roman R Cyrillic 31 x 40 40 % Adobe Kaiti Std R Roman R Japanese 31 x 40 40 % Adobe Kaiti Std R Roman R Western 31 x 40 40 % Adobe Ming Std L Roman L CHINESE_BIG5 32 x 33 30 % Adobe Ming Std L Roman L Cyrillic 32 x 33 30 % Adobe Ming Std L Roman L Japanese 32 x 33 30 % Adobe Ming Std L Roman L Western 32 x 33 30 % Adobe Myungjo Std M Roman M Cyrillic 32 x 33 50 % Adobe Myungjo Std M Roman M Hangul(Johab) 32 x 33 50 % Adobe Myungjo Std M Roman M Hangul 32 x 33 50 % Adobe Myungjo Std M Roman M Japanese 32 x 33 50 % Adobe Myungjo Std M Roman M Mac 32 x 33 50 % Adobe Myungjo Std M Roman M Western 32 x 33 50 % Adobe Naskh Medium Modern Medium Arabic 20 x 51 50 % Adobe Naskh Medium Modern Medium Mac 20 x 51 50 % Adobe Naskh Medium Modern Medium Western 20 x 51 50 % Adobe Song Std L Roman L Central European 31 x 37 30 % Adobe Song Std L Roman L CHINESE_GB2312 31 x 37 30 % Adobe Song Std L Roman L Cyrillic 31 x 37 30 % Adobe Song Std L Roman L Japanese 31 x 37 30 % Adobe Song Std L Roman L Western 31 x 37 30 % Agency FB Swiss Bold Western 11 x 37 70 % Aharoni Special Bold Hebrew 15 x 32 70 % Algerian Decorative Regular Western 17 x 36 40 % Andalus Roman Regular Arabic 15 x 49 40 % Andalus Roman Regular Western 15 x 49 40 % Angsana New Roman Regular Thai 8 x 43 40 % Angsana New Roman Regular Western 8 x 43 40 % AngsanaUPC Roman Regular Thai 8 x 43 40 % AngsanaUPC Roman Regular Western 8 x 43 40 % Aparajita Swiss Regular Western 16 x 38 40 % Arabic Typesetting Script Regular Arabic 9 x 36 40 % Arabic Typesetting Script Regular Baltic 9 x 36 40 % Arabic Typesetting Script Regular Central European 9 x 36 40 % Arabic Typesetting Script Regular Turkish 9 x 36 40 % Arabic Typesetting Script Regular Western 9 x 36 40 % Arial Black Swiss Regular Baltic 18 x 45 90 % Arial Black Swiss Regular Central European 18 x 45 90 % Arial Black Swiss Regular Cyrillic 18 x 45 90 % Arial Black Swiss Regular Greek 18 x 45 90 % Arial Black Swiss Regular Turkish 18 x 45 90 % Arial Black Swiss Regular Western 18 x 45 90 % Arial Narrow Swiss Regular Baltic 12 x 36 40 % Arial Narrow Swiss Regular Central European 12 x 36 40 % Arial Narrow Swiss Regular Cyrillic 12 x 36 40 % Arial Narrow Swiss Regular Greek 12 x 36 40 % Arial Narrow Swiss Regular Turkish 12 x 36 40 % Arial Narrow Swiss Regular Western 12 x 36 40 % Arial Rounded MT Bold Swiss Regular Western 15 x 37 40 % Arial Unicode MS Swiss Regular Arabic 14 x 43 40 % Arial Unicode MS Swiss Regular Baltic 14 x 43 40 % Arial Unicode MS Swiss Regular Central European 14 x 43 40 % Arial Unicode MS Swiss Regular CHINESE_BIG5 14 x 43 40 % Arial Unicode MS Swiss Regular CHINESE_GB2312 14 x 43 40 % Arial Unicode MS Swiss Regular Cyrillic 14 x 43 40 % Arial Unicode MS Swiss Regular Greek 14 x 43 40 % Arial Unicode MS Swiss Regular Hangul(Johab) 14 x 43 40 % Arial Unicode MS Swiss Regular Hangul 14 x 43 40 % Arial Unicode MS Swiss Regular Hebrew 14 x 43 40 % Arial Unicode MS Swiss Regular Japanese 14 x 43 40 % Arial Unicode MS Swiss Regular Thai 14 x 43 40 % Arial Unicode MS Swiss Regular Turkish 14 x 43 40 % Arial Unicode MS Swiss Regular Vietnamese 14 x 43 40 % Arial Unicode MS Swiss Regular Western 14 x 43 40 % Arial Swiss Regular Arabic 14 x 36 40 % Arial Swiss Regular Baltic 14 x 36 40 % Arial Swiss Regular Central European 14 x 36 40 % Arial Swiss Regular Cyrillic 14 x 36 40 % Arial Swiss Regular Greek 14 x 36 40 % Arial Swiss Regular Hebrew 14 x 36 40 % Arial Swiss Regular Turkish 14 x 36 40 % Arial Swiss Regular Vietnamese 14 x 36 40 % Arial Swiss Regular Western 14 x 36 40 % Baskerville Old Face Roman Regular Western 13 x 37 40 % Batang Roman Regular Baltic 16 x 32 40 % Batang Roman Regular Central European 16 x 32 40 % Batang Roman Regular Cyrillic 16 x 32 40 % Batang Roman Regular Greek 16 x 32 40 % Batang Roman Regular Hangul 16 x 32 40 % Batang Roman Regular Turkish 16 x 32 40 % Batang Roman Regular Western 16 x 32 40 % BatangChe Modern Regular Baltic 16 x 32 40 % BatangChe Modern Regular Central European 16 x 32 40 % BatangChe Modern Regular Cyrillic 16 x 32 40 % BatangChe Modern Regular Greek 16 x 32 40 % BatangChe Modern Regular Hangul 16 x 32 40 % BatangChe Modern Regular Turkish 16 x 32 40 % BatangChe Modern Regular Western 16 x 32 40 % Bauhaus 93 Decorative Regular Western 14 x 36 40 % Bell MT Roman Regular Western 13 x 35 40 % Berlin Sans FB Demi Swiss Bold Western 14 x 36 70 % Berlin Sans FB Swiss Bold Western 15 x 36 70 % Bernard MT Condensed Roman Regular Western 12 x 38 40 % Birch Std Script Regular Mac 10 x 38 40 % Birch Std Script Regular Western 10 x 38 40 % Blackadder ITC Decorative Regular Western 10 x 41 40 % Blackoak Std Decorative Regular Mac 39 x 43 90 % Blackoak Std Decorative Regular Western 39 x 43 90 % Bodoni MT Black Roman Regular Western 16 x 37 90 % Bodoni MT Condensed Roman Regular Western 9 x 38 40 % Bodoni MT Poster Compressed Roman Regular Turkish 8 x 37 30 % Bodoni MT Poster Compressed Roman Regular Western 8 x 37 30 % Bodoni MT Roman Regular Western 13 x 38 40 % Book Antiqua Roman Regular Baltic 14 x 40 40 % Book Antiqua Roman Regular Central European 14 x 40 40 % Book Antiqua Roman Regular Cyrillic 14 x 40 40 % Book Antiqua Roman Regular Greek 14 x 40 40 % Book Antiqua Roman Regular Turkish 14 x 40 40 % Book Antiqua Roman Regular Western 14 x 40 40 % Bookman Old Style Roman Regular Baltic 16 x 36 30 % Bookman Old Style Roman Regular Central European 16 x 36 30 % Bookman Old Style Roman Regular Cyrillic 16 x 36 30 % Bookman Old Style Roman Regular Greek 16 x 36 30 % Bookman Old Style Roman Regular Turkish 16 x 36 30 % Bookman Old Style Roman Regular Western 16 x 36 30 % Bookshelf Symbol 7 Special Regular Symbol 21 x 32 40 % Bradley Hand ITC Script Regular Western 13 x 40 40 % Britannic Bold Swiss Regular Western 14 x 35 40 % Broadway Decorative Regular Western 17 x 36 40 % Browallia New Swiss Regular Thai 9 x 40 40 % Browallia New Swiss Regular Western 9 x 40 40 % BrowalliaUPC Swiss Regular Thai 9 x 40 40 % BrowalliaUPC Swiss Regular Western 9 x 40 40 % Brush Script MT Script Italic Western 10 x 39 40 % Brush Script Std Script Medium Mac 17 x 37 50 % Brush Script Std Script Medium Western 17 x 37 50 % Buxton Sketch Script Regular Baltic 14 x 40 40 % Buxton Sketch Script Regular Central European 14 x 40 40 % Buxton Sketch Script Regular Cyrillic 14 x 40 40 % Buxton Sketch Script Regular Greek 14 x 40 40 % Buxton Sketch Script Regular Turkish 14 x 40 40 % Buxton Sketch Script Regular Western 14 x 40 40 % Calibri Light Swiss Regular Baltic 17 x 39 30 % Calibri Light Swiss Regular Central European 17 x 39 30 % Calibri Light Swiss Regular Cyrillic 17 x 39 30 % Calibri Light Swiss Regular Greek 17 x 39 30 % Calibri Light Swiss Regular Turkish 17 x 39 30 % Calibri Light Swiss Regular Vietnamese 17 x 39 30 % Calibri Light Swiss Regular Western 17 x 39 30 % Calibri Swiss Regular Baltic 17 x 39 40 % Calibri Swiss Regular Central European 17 x 39 40 % Calibri Swiss Regular Cyrillic 17 x 39 40 % Calibri Swiss Regular Greek 17 x 39 40 % Calibri Swiss Regular Turkish 17 x 39 40 % Calibri Swiss Regular Vietnamese 17 x 39 40 % Calibri Swiss Regular Western 17 x 39 40 % Californian FB Roman Regular Western 13 x 36 40 % Calisto MT Roman Regular Western 13 x 37 40 % Cambria Math Roman Regular Baltic 20 x 179 40 % Cambria Math Roman Regular Central European 20 x 179 40 % Cambria Math Roman Regular Cyrillic 20 x 179 40 % Cambria Math Roman Regular Greek 20 x 179 40 % Cambria Math Roman Regular Turkish 20 x 179 40 % Cambria Math Roman Regular Vietnamese 20 x 179 40 % Cambria Math Roman Regular Western 20 x 179 40 % Cambria Roman Regular Baltic 20 x 38 40 % Cambria Roman Regular Central European 20 x 38 40 % Cambria Roman Regular Cyrillic 20 x 38 40 % Cambria Roman Regular Greek 20 x 38 40 % Cambria Roman Regular Turkish 20 x 38 40 % Cambria Roman Regular Vietnamese 20 x 38 40 % Cambria Roman Regular Western 20 x 38 40 % Candara Swiss Regular Baltic 17 x 39 40 % Candara Swiss Regular Central European 17 x 39 40 % Candara Swiss Regular Cyrillic 17 x 39 40 % Candara Swiss Regular Greek 17 x 39 40 % Candara Swiss Regular Turkish 17 x 39 40 % Candara Swiss Regular Vietnamese 17 x 39 40 % Candara Swiss Regular Western 17 x 39 40 % Castellar Roman Regular Western 21 x 39 40 % Centaur Roman Regular Western 12 x 36 40 % Century Gothic Swiss Regular Baltic 16 x 38 40 % Century Gothic Swiss Regular Central European 16 x 38 40 % Century Gothic Swiss Regular Cyrillic 16 x 38 40 % Century Gothic Swiss Regular Greek 16 x 38 40 % Century Gothic Swiss Regular Turkish 16 x 38 40 % Century Gothic Swiss Regular Western 16 x 38 40 % Century Schoolbook Roman Regular Baltic 15 x 38 40 % Century Schoolbook Roman Regular Central European 15 x 38 40 % Century Schoolbook Roman Regular Cyrillic 15 x 38 40 % Century Schoolbook Roman Regular Greek 15 x 38 40 % Century Schoolbook Roman Regular Turkish 15 x 38 40 % Century Schoolbook Roman Regular Western 15 x 38 40 % Century Roman Regular Baltic 15 x 38 40 % Century Roman Regular Central European 15 x 38 40 % Century Roman Regular Cyrillic 15 x 38 40 % Century Roman Regular Greek 15 x 38 40 % Century Roman Regular Turkish 15 x 38 40 % Century Roman Regular Western 15 x 38 40 % Chaparral Pro Light Roman Light Italic Baltic 15 x 38 30 % Chaparral Pro Light Roman Light Italic Central European 15 x 38 30 % Chaparral Pro Light Roman Light Italic Mac 15 x 38 30 % Chaparral Pro Light Roman Light Italic Turkish 15 x 38 30 % Chaparral Pro Light Roman Light Italic Western 15 x 38 30 % Chaparral Pro Roman Bold Baltic 18 x 40 70 % Chaparral Pro Roman Bold Central European 18 x 40 70 % Chaparral Pro Roman Bold Mac 18 x 40 70 % Chaparral Pro Roman Bold Turkish 18 x 40 70 % Chaparral Pro Roman Bold Western 18 x 40 70 % Charlemagne Std Decorative Bold Mac 21 x 38 70 % Charlemagne Std Decorative Bold Western 21 x 38 70 % Chiller Decorative Regular Western 9 x 37 40 % Colonna MT Decorative Regular Western 13 x 34 40 % Comic Sans MS Script Regular Baltic 15 x 45 40 % Comic Sans MS Script Regular Central European 15 x 45 40 % Comic Sans MS Script Regular Cyrillic 15 x 45 40 % Comic Sans MS Script Regular Greek 15 x 45 40 % Comic Sans MS Script Regular Turkish 15 x 45 40 % Comic Sans MS Script Regular Western 15 x 45 40 % Consolas Modern Regular Baltic 18 x 37 40 % Consolas Modern Regular Central European 18 x 37 40 % Consolas Modern Regular Cyrillic 18 x 37 40 % Consolas Modern Regular Greek 18 x 37 40 % Consolas Modern Regular Turkish 18 x 37 40 % Consolas Modern Regular Vietnamese 18 x 37 40 % Consolas Modern Regular Western 18 x 37 40 % Constantia Roman Regular Baltic 17 x 39 40 % Constantia Roman Regular Central European 17 x 39 40 % Constantia Roman Regular Cyrillic 17 x 39 40 % Constantia Roman Regular Greek 17 x 39 40 % Constantia Roman Regular Turkish 17 x 39 40 % Constantia Roman Regular Vietnamese 17 x 39 40 % Constantia Roman Regular Western 17 x 39 40 % Cooper Black Roman Regular Western 16 x 37 40 % Cooper Std Black Roman Black Italic Mac 19 x 39 90 % Cooper Std Black Roman Black Italic Western 19 x 39 90 % Copperplate Gothic Bold Swiss Regular Western 19 x 36 40 % Copperplate Gothic Light Swiss Regular Western 18 x 35 40 % Corbel Swiss Regular Baltic 17 x 39 40 % Corbel Swiss Regular Central European 17 x 39 40 % Corbel Swiss Regular Cyrillic 17 x 39 40 % Corbel Swiss Regular Greek 17 x 39 40 % Corbel Swiss Regular Turkish 17 x 39 40 % Corbel Swiss Regular Vietnamese 17 x 39 40 % Corbel Swiss Regular Western 17 x 39 40 % Cordia New Swiss Regular Thai 9 x 44 40 % Cordia New Swiss Regular Western 9 x 44 40 % CordiaUPC Swiss Regular Thai 9 x 44 40 % CordiaUPC Swiss Regular Western 9 x 44 40 % Courier New Modern Regular Arabic 19 x 36 40 % Courier New Modern Regular Baltic 19 x 36 40 % Courier New Modern Regular Central European 19 x 36 40 % Courier New Modern Regular Cyrillic 19 x 36 40 % Courier New Modern Regular Greek 19 x 36 40 % Courier New Modern Regular Hebrew 19 x 36 40 % Courier New Modern Regular Turkish 19 x 36 40 % Courier New Modern Regular Vietnamese 19 x 36 40 % Courier New Modern Regular Western 19 x 36 40 % Courier Modern Western 8 x 13 40 % Curlz MT Decorative Regular Western 12 x 42 40 % DaunPenh Special Regular Western 12 x 43 40 % David Swiss Regular Hebrew 13 x 31 40 % DFKai-SB Script Regular CHINESE_BIG5 16 x 32 40 % DFKai-SB Script Regular Western 16 x 32 40 % DilleniaUPC Roman Regular Thai 9 x 42 40 % DilleniaUPC Roman Regular Western 9 x 42 40 % DokChampa Swiss Regular Thai 19 x 62 40 % DokChampa Swiss Regular Western 19 x 62 40 % Dotum Swiss Regular Baltic 16 x 32 40 % Dotum Swiss Regular Central European 16 x 32 40 % Dotum Swiss Regular Cyrillic 16 x 32 40 % Dotum Swiss Regular Greek 16 x 32 40 % Dotum Swiss Regular Hangul 16 x 32 40 % Dotum Swiss Regular Turkish 16 x 32 40 % Dotum Swiss Regular Western 16 x 32 40 % DotumChe Modern Regular Baltic 16 x 32 40 % DotumChe Modern Regular Central European 16 x 32 40 % DotumChe Modern Regular Cyrillic 16 x 32 40 % DotumChe Modern Regular Greek 16 x 32 40 % DotumChe Modern Regular Hangul 16 x 32 40 % DotumChe Modern Regular Turkish 16 x 32 40 % DotumChe Modern Regular Western 16 x 32 40 % Ebrima Special Regular Baltic 19 x 43 40 % Ebrima Special Regular Central European 19 x 43 40 % Ebrima Special Regular Turkish 19 x 43 40 % Ebrima Special Regular Western 19 x 43 40 % Edwardian Script ITC Script Regular Western 8 x 38 40 % Elephant Roman Regular Western 16 x 41 40 % Engravers MT Roman Regular Western 25 x 37 50 % Eras Bold ITC Swiss Regular Western 16 x 37 40 % Eras Demi ITC Swiss Regular Western 15 x 36 40 % Eras Light ITC Swiss Regular Western 13 x 36 40 % Eras Medium ITC Swiss Regular Western 14 x 36 40 % Estrangelo Edessa Script Regular Western 16 x 36 40 % EucrosiaUPC Roman Regular Thai 9 x 39 40 % EucrosiaUPC Roman Regular Western 9 x 39 40 % Euphemia Swiss Regular Western 22 x 42 40 % FangSong Modern Regular CHINESE_GB2312 16 x 32 40 % FangSong Modern Regular Western 16 x 32 40 % Felix Titling Decorative Regular Western 19 x 37 40 % Fixedsys Modern Western 8 x 15 40 % Footlight MT Light Roman Regular Western 13 x 34 30 % Forte Script Regular Western 14 x 35 40 % Franklin Gothic Book Swiss Regular Baltic 13 x 36 40 % Franklin Gothic Book Swiss Regular Central European 13 x 36 40 % Franklin Gothic Book Swiss Regular Cyrillic 13 x 36 40 % Franklin Gothic Book Swiss Regular Greek 13 x 36 40 % Franklin Gothic Book Swiss Regular Turkish 13 x 36 40 % Franklin Gothic Book Swiss Regular Western 13 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Baltic 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Central European 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Cyrillic 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Greek 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Turkish 12 x 36 40 % Franklin Gothic Demi Cond Swiss Regular Western 12 x 36 40 % Franklin Gothic Demi Swiss Regular Baltic 14 x 36 40 % Franklin Gothic Demi Swiss Regular Central European 14 x 36 40 % Franklin Gothic Demi Swiss Regular Cyrillic 14 x 36 40 % Franklin Gothic Demi Swiss Regular Greek 14 x 36 40 % Franklin Gothic Demi Swiss Regular Turkish 14 x 36 40 % Franklin Gothic Demi Swiss Regular Western 14 x 36 40 % Franklin Gothic Heavy Swiss Regular Baltic 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Central European 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Cyrillic 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Greek 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Turkish 15 x 36 40 % Franklin Gothic Heavy Swiss Regular Western 15 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Baltic 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Central European 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Cyrillic 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Greek 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Turkish 12 x 36 40 % Franklin Gothic Medium Cond Swiss Regular Western 12 x 36 40 % Franklin Gothic Medium Swiss Regular Baltic 14 x 36 40 % Franklin Gothic Medium Swiss Regular Central European 14 x 36 40 % Franklin Gothic Medium Swiss Regular Cyrillic 14 x 36 40 % Franklin Gothic Medium Swiss Regular Greek 14 x 36 40 % Franklin Gothic Medium Swiss Regular Turkish 14 x 36 40 % Franklin Gothic Medium Swiss Regular Western 14 x 36 40 % FrankRuehl Swiss Regular Hebrew 13 x 30 40 % FreesiaUPC Swiss Regular Thai 9 x 38 40 % FreesiaUPC Swiss Regular Western 9 x 38 40 % Freestyle Script Script Regular Western 8 x 38 40 % French Script MT Script Regular Western 9 x 36 40 % Gabriola Decorative Regular Baltic 16 x 59 40 % Gabriola Decorative Regular Central European 16 x 59 40 % Gabriola Decorative Regular Cyrillic 16 x 59 40 % Gabriola Decorative Regular Greek 16 x 59 40 % Gabriola Decorative Regular Turkish 16 x 59 40 % Gabriola Decorative Regular Western 16 x 59 40 % Gadugi Swiss Regular Western 18 x 43 40 % Garamond Roman Regular Baltic 12 x 36 40 % Garamond Roman Regular Central European 12 x 36 40 % Garamond Roman Regular Cyrillic 12 x 36 40 % Garamond Roman Regular Greek 12 x 36 40 % Garamond Roman Regular Turkish 12 x 36 40 % Garamond Roman Regular Western 12 x 36 40 % Gautami Swiss Regular Western 18 x 56 40 % Georgia Roman Regular Baltic 14 x 36 40 % Georgia Roman Regular Central European 14 x 36 40 % Georgia Roman Regular Cyrillic 14 x 36 40 % Georgia Roman Regular Greek 14 x 36 40 % Georgia Roman Regular Turkish 14 x 36 40 % Georgia Roman Regular Western 14 x 36 40 % Giddyup Std Script Regular Mac 14 x 38 40 % Giddyup Std Script Regular Western 14 x 38 40 % Gigi Decorative Regular Western 13 x 44 40 % Gill Sans MT Condensed Swiss Regular Central European 10 x 39 40 % Gill Sans MT Condensed Swiss Regular Western 10 x 39 40 % Gill Sans MT Ext Condensed Bold Swiss Regular Central European 7 x 38 40 % Gill Sans MT Ext Condensed Bold Swiss Regular Western 7 x 38 40 % Gill Sans MT Swiss Regular Central European 13 x 37 40 % Gill Sans MT Swiss Regular Western 13 x 37 40 % Gill Sans Ultra Bold Condensed Swiss Regular Central European 14 x 40 40 % Gill Sans Ultra Bold Condensed Swiss Regular Western 14 x 40 40 % Gill Sans Ultra Bold Swiss Regular Central European 20 x 40 40 % Gill Sans Ultra Bold Swiss Regular Western 20 x 40 40 % Gisha Swiss Regular Hebrew 16 x 38 40 % Gisha Swiss Regular Western 16 x 38 40 % Gloucester MT Extra Condensed Roman Regular Western 9 x 37 40 % Goudy Old Style Roman Regular Western 13 x 36 40 % Goudy Stout Roman Regular Western 36 x 44 40 % Gulim Swiss Regular Baltic 16 x 32 40 % Gulim Swiss Regular Central European 16 x 32 40 % Gulim Swiss Regular Cyrillic 16 x 32 40 % Gulim Swiss Regular Greek 16 x 32 40 % Gulim Swiss Regular Hangul 16 x 32 40 % Gulim Swiss Regular Turkish 16 x 32 40 % Gulim Swiss Regular Western 16 x 32 40 % GulimChe Modern Regular Baltic 16 x 32 40 % GulimChe Modern Regular Central European 16 x 32 40 % GulimChe Modern Regular Cyrillic 16 x 32 40 % GulimChe Modern Regular Greek 16 x 32 40 % GulimChe Modern Regular Hangul 16 x 32 40 % GulimChe Modern Regular Turkish 16 x 32 40 % GulimChe Modern Regular Western 16 x 32 40 % Gungsuh Roman Regular Baltic 16 x 32 40 % Gungsuh Roman Regular Central European 16 x 32 40 % Gungsuh Roman Regular Cyrillic 16 x 32 40 % Gungsuh Roman Regular Greek 16 x 32 40 % Gungsuh Roman Regular Hangul 16 x 32 40 % Gungsuh Roman Regular Turkish 16 x 32 40 % Gungsuh Roman Regular Western 16 x 32 40 % GungsuhChe Modern Regular Baltic 16 x 32 40 % GungsuhChe Modern Regular Central European 16 x 32 40 % GungsuhChe Modern Regular Cyrillic 16 x 32 40 % GungsuhChe Modern Regular Greek 16 x 32 40 % GungsuhChe Modern Regular Hangul 16 x 32 40 % GungsuhChe Modern Regular Turkish 16 x 32 40 % GungsuhChe Modern Regular Western 16 x 32 40 % Haettenschweiler Swiss Regular Baltic 10 x 33 40 % Haettenschweiler Swiss Regular Central European 10 x 33 40 % Haettenschweiler Swiss Regular Cyrillic 10 x 33 40 % Haettenschweiler Swiss Regular Greek 10 x 33 40 % Haettenschweiler Swiss Regular Turkish 10 x 33 40 % Haettenschweiler Swiss Regular Western 10 x 33 40 % Harlow Solid Italic Decorative Italic Western 12 x 40 40 % Harrington Decorative Regular Western 14 x 38 40 % High Tower Text Roman Regular Western 13 x 37 40 % Hobo Std Swiss Medium Mac 18 x 45 50 % Hobo Std Swiss Medium Western 18 x 45 50 % Impact Swiss Regular Baltic 13 x 39 40 % Impact Swiss Regular Central European 13 x 39 40 % Impact Swiss Regular Cyrillic 13 x 39 40 % Impact Swiss Regular Greek 13 x 39 40 % Impact Swiss Regular Turkish 13 x 39 40 % Impact Swiss Regular Western 13 x 39 40 % Imprint MT Shadow Decorative Regular Western 13 x 38 40 % Informal Roman Script Regular Western 12 x 32 40 % IrisUPC Swiss Regular Thai 9 x 40 40 % IrisUPC Swiss Regular Western 9 x 40 40 % Iskoola Pota Swiss Regular Western 22 x 36 40 % JasmineUPC Roman Regular Thai 9 x 34 40 % JasmineUPC Roman Regular Western 9 x 34 40 % Jokerman Decorative Regular Western 16 x 48 40 % Juice ITC Decorative Regular Western 9 x 36 40 % KaiTi Modern Regular CHINESE_GB2312 16 x 32 40 % KaiTi Modern Regular Western 16 x 32 40 % Kalinga Swiss Regular Western 19 x 48 40 % Kartika Roman Regular Western 27 x 46 40 % Khmer UI Swiss Regular Western 21 x 36 40 % KodchiangUPC Roman Regular Thai 9 x 31 40 % KodchiangUPC Roman Regular Western 9 x 31 40 % Kokila Swiss Regular Western 13 x 37 40 % Kozuka Gothic Pr6N B Swiss B Baltic 31 x 59 70 % Kozuka Gothic Pr6N B Swiss B Central European 31 x 59 70 % Kozuka Gothic Pr6N B Swiss B Cyrillic 31 x 59 70 % Kozuka Gothic Pr6N B Swiss B Greek 31 x 59 70 % Kozuka Gothic Pr6N B Swiss B Japanese 31 x 59 70 % Kozuka Gothic Pr6N B Swiss B Mac 31 x 59 70 % Kozuka Gothic Pr6N B Swiss B Turkish 31 x 59 70 % Kozuka Gothic Pr6N B Swiss B Western 31 x 59 70 % Kozuka Gothic Pr6N EL Swiss EL Baltic 31 x 55 25 % Kozuka Gothic Pr6N EL Swiss EL Central European 31 x 55 25 % Kozuka Gothic Pr6N EL Swiss EL Cyrillic 31 x 55 25 % Kozuka Gothic Pr6N EL Swiss EL Greek 31 x 55 25 % Kozuka Gothic Pr6N EL Swiss EL Japanese 31 x 55 25 % Kozuka Gothic Pr6N EL Swiss EL Mac 31 x 55 25 % Kozuka Gothic Pr6N EL Swiss EL Turkish 31 x 55 25 % Kozuka Gothic Pr6N EL Swiss EL Western 31 x 55 25 % Kozuka Gothic Pr6N H Swiss H Baltic 31 x 59 90 % Kozuka Gothic Pr6N H Swiss H Central European 31 x 59 90 % Kozuka Gothic Pr6N H Swiss H Cyrillic 31 x 59 90 % Kozuka Gothic Pr6N H Swiss H Greek 31 x 59 90 % Kozuka Gothic Pr6N H Swiss H Japanese 31 x 59 90 % Kozuka Gothic Pr6N H Swiss H Mac 31 x 59 90 % Kozuka Gothic Pr6N H Swiss H Turkish 31 x 59 90 % Kozuka Gothic Pr6N H Swiss H Western 31 x 59 90 % Kozuka Gothic Pr6N L Swiss L Baltic 31 x 56 30 % Kozuka Gothic Pr6N L Swiss L Central European 31 x 56 30 % Kozuka Gothic Pr6N L Swiss L Cyrillic 31 x 56 30 % Kozuka Gothic Pr6N L Swiss L Greek 31 x 56 30 % Kozuka Gothic Pr6N L Swiss L Japanese 31 x 56 30 % Kozuka Gothic Pr6N L Swiss L Mac 31 x 56 30 % Kozuka Gothic Pr6N L Swiss L Turkish 31 x 56 30 % Kozuka Gothic Pr6N L Swiss L Western 31 x 56 30 % Kozuka Gothic Pr6N M Swiss M Baltic 31 x 57 50 % Kozuka Gothic Pr6N M Swiss M Central European 31 x 57 50 % Kozuka Gothic Pr6N M Swiss M Cyrillic 31 x 57 50 % Kozuka Gothic Pr6N M Swiss M Greek 31 x 57 50 % Kozuka Gothic Pr6N M Swiss M Japanese 31 x 57 50 % Kozuka Gothic Pr6N M Swiss M Mac 31 x 57 50 % Kozuka Gothic Pr6N M Swiss M Turkish 31 x 57 50 % Kozuka Gothic Pr6N M Swiss M Western 31 x 57 50 % Kozuka Gothic Pr6N R Swiss R Baltic 31 x 56 40 % Kozuka Gothic Pr6N R Swiss R Central European 31 x 56 40 % Kozuka Gothic Pr6N R Swiss R Cyrillic 31 x 56 40 % Kozuka Gothic Pr6N R Swiss R Greek 31 x 56 40 % Kozuka Gothic Pr6N R Swiss R Japanese 31 x 56 40 % Kozuka Gothic Pr6N R Swiss R Mac 31 x 56 40 % Kozuka Gothic Pr6N R Swiss R Turkish 31 x 56 40 % Kozuka Gothic Pr6N R Swiss R Western 31 x 56 40 % Kozuka Gothic Pro B Swiss B Cyrillic 31 x 45 70 % Kozuka Gothic Pro B Swiss B Japanese 31 x 45 70 % Kozuka Gothic Pro B Swiss B Mac 31 x 45 70 % Kozuka Gothic Pro B Swiss B Western 31 x 45 70 % Kozuka Gothic Pro EL Swiss EL Cyrillic 31 x 42 25 % Kozuka Gothic Pro EL Swiss EL Japanese 31 x 42 25 % Kozuka Gothic Pro EL Swiss EL Mac 31 x 42 25 % Kozuka Gothic Pro EL Swiss EL Western 31 x 42 25 % Kozuka Gothic Pro H Swiss H Cyrillic 31 x 46 90 % Kozuka Gothic Pro H Swiss H Japanese 31 x 46 90 % Kozuka Gothic Pro H Swiss H Mac 31 x 46 90 % Kozuka Gothic Pro H Swiss H Western 31 x 46 90 % Kozuka Gothic Pro L Swiss L Cyrillic 31 x 42 30 % Kozuka Gothic Pro L Swiss L Japanese 31 x 42 30 % Kozuka Gothic Pro L Swiss L Mac 31 x 42 30 % Kozuka Gothic Pro L Swiss L Western 31 x 42 30 % Kozuka Gothic Pro M Swiss M Cyrillic 31 x 44 50 % Kozuka Gothic Pro M Swiss M Japanese 31 x 44 50 % Kozuka Gothic Pro M Swiss M Mac 31 x 44 50 % Kozuka Gothic Pro M Swiss M Western 31 x 44 50 % Kozuka Gothic Pro R Swiss R Cyrillic 31 x 43 40 % Kozuka Gothic Pro R Swiss R Japanese 31 x 43 40 % Kozuka Gothic Pro R Swiss R Mac 31 x 43 40 % Kozuka Gothic Pro R Swiss R Western 31 x 43 40 % Kozuka Mincho Pr6N B Roman B Baltic 31 x 54 70 % Kozuka Mincho Pr6N B Roman B Central European 31 x 54 70 % Kozuka Mincho Pr6N B Roman B Cyrillic 31 x 54 70 % Kozuka Mincho Pr6N B Roman B Greek 31 x 54 70 % Kozuka Mincho Pr6N B Roman B Japanese 31 x 54 70 % Kozuka Mincho Pr6N B Roman B Mac 31 x 54 70 % Kozuka Mincho Pr6N B Roman B Turkish 31 x 54 70 % Kozuka Mincho Pr6N B Roman B Western 31 x 54 70 % Kozuka Mincho Pr6N EL Roman EL Baltic 31 x 52 25 % Kozuka Mincho Pr6N EL Roman EL Central European 31 x 52 25 % Kozuka Mincho Pr6N EL Roman EL Cyrillic 31 x 52 25 % Kozuka Mincho Pr6N EL Roman EL Greek 31 x 52 25 % Kozuka Mincho Pr6N EL Roman EL Japanese 31 x 52 25 % Kozuka Mincho Pr6N EL Roman EL Mac 31 x 52 25 % Kozuka Mincho Pr6N EL Roman EL Turkish 31 x 52 25 % Kozuka Mincho Pr6N EL Roman EL Western 31 x 52 25 % Kozuka Mincho Pr6N H Roman H Baltic 31 x 55 90 % Kozuka Mincho Pr6N H Roman H Central European 31 x 55 90 % Kozuka Mincho Pr6N H Roman H Cyrillic 31 x 55 90 % Kozuka Mincho Pr6N H Roman H Greek 31 x 55 90 % Kozuka Mincho Pr6N H Roman H Japanese 31 x 55 90 % Kozuka Mincho Pr6N H Roman H Mac 31 x 55 90 % Kozuka Mincho Pr6N H Roman H Turkish 31 x 55 90 % Kozuka Mincho Pr6N H Roman H Western 31 x 55 90 % Kozuka Mincho Pr6N L Roman L Baltic 31 x 53 30 % Kozuka Mincho Pr6N L Roman L Central European 31 x 53 30 % Kozuka Mincho Pr6N L Roman L Cyrillic 31 x 53 30 % Kozuka Mincho Pr6N L Roman L Greek 31 x 53 30 % Kozuka Mincho Pr6N L Roman L Japanese 31 x 53 30 % Kozuka Mincho Pr6N L Roman L Mac 31 x 53 30 % Kozuka Mincho Pr6N L Roman L Turkish 31 x 53 30 % Kozuka Mincho Pr6N L Roman L Western 31 x 53 30 % Kozuka Mincho Pr6N M Roman M Baltic 31 x 53 50 % Kozuka Mincho Pr6N M Roman M Central European 31 x 53 50 % Kozuka Mincho Pr6N M Roman M Cyrillic 31 x 53 50 % Kozuka Mincho Pr6N M Roman M Greek 31 x 53 50 % Kozuka Mincho Pr6N M Roman M Japanese 31 x 53 50 % Kozuka Mincho Pr6N M Roman M Mac 31 x 53 50 % Kozuka Mincho Pr6N M Roman M Turkish 31 x 53 50 % Kozuka Mincho Pr6N M Roman M Western 31 x 53 50 % Kozuka Mincho Pr6N R Roman R Baltic 31 x 53 40 % Kozuka Mincho Pr6N R Roman R Central European 31 x 53 40 % Kozuka Mincho Pr6N R Roman R Cyrillic 31 x 53 40 % Kozuka Mincho Pr6N R Roman R Greek 31 x 53 40 % Kozuka Mincho Pr6N R Roman R Japanese 31 x 53 40 % Kozuka Mincho Pr6N R Roman R Mac 31 x 53 40 % Kozuka Mincho Pr6N R Roman R Turkish 31 x 53 40 % Kozuka Mincho Pr6N R Roman R Western 31 x 53 40 % Kozuka Mincho Pro B Roman B Cyrillic 31 x 44 70 % Kozuka Mincho Pro B Roman B Japanese 31 x 44 70 % Kozuka Mincho Pro B Roman B Mac 31 x 44 70 % Kozuka Mincho Pro B Roman B Western 31 x 44 70 % Kozuka Mincho Pro EL Roman EL Cyrillic 31 x 43 25 % Kozuka Mincho Pro EL Roman EL Japanese 31 x 43 25 % Kozuka Mincho Pro EL Roman EL Mac 31 x 43 25 % Kozuka Mincho Pro EL Roman EL Western 31 x 43 25 % Kozuka Mincho Pro H Roman H Cyrillic 31 x 44 90 % Kozuka Mincho Pro H Roman H Japanese 31 x 44 90 % Kozuka Mincho Pro H Roman H Mac 31 x 44 90 % Kozuka Mincho Pro H Roman H Western 31 x 44 90 % Kozuka Mincho Pro L Roman L Cyrillic 31 x 43 30 % Kozuka Mincho Pro L Roman L Japanese 31 x 43 30 % Kozuka Mincho Pro L Roman L Mac 31 x 43 30 % Kozuka Mincho Pro L Roman L Western 31 x 43 30 % Kozuka Mincho Pro M Roman M Cyrillic 31 x 43 50 % Kozuka Mincho Pro M Roman M Japanese 31 x 43 50 % Kozuka Mincho Pro M Roman M Mac 31 x 43 50 % Kozuka Mincho Pro M Roman M Western 31 x 43 50 % Kozuka Mincho Pro R Roman R Cyrillic 31 x 43 40 % Kozuka Mincho Pro R Roman R Japanese 31 x 43 40 % Kozuka Mincho Pro R Roman R Mac 31 x 43 40 % Kozuka Mincho Pro R Roman R Western 31 x 43 40 % Kristen ITC Script Regular Western 16 x 44 40 % Kunstler Script Script Regular Western 8 x 35 40 % Lao UI Swiss Regular Western 18 x 43 40 % Latha Swiss Regular Western 23 x 44 40 % Leelawadee Swiss Regular Thai 17 x 38 40 % Leelawadee Swiss Regular Western 17 x 38 40 % Letter Gothic Std Modern Bold Mac 19 x 40 70 % Letter Gothic Std Modern Bold Western 19 x 40 70 % Levenim MT Special Regular Hebrew 16 x 42 40 % LilyUPC Swiss Regular Thai 9 x 30 40 % LilyUPC Swiss Regular Western 9 x 30 40 % Lithos Pro Regular Decorative Black Baltic 22 x 41 85 % Lithos Pro Regular Decorative Black Central European 22 x 41 85 % Lithos Pro Regular Decorative Black Greek 22 x 41 85 % Lithos Pro Regular Decorative Black Mac 22 x 41 85 % Lithos Pro Regular Decorative Black Turkish 22 x 41 85 % Lithos Pro Regular Decorative Black Western 22 x 41 85 % Lucida Bright Roman Regular Western 16 x 36 40 % Lucida Calligraphy Script Italic Western 17 x 40 40 % Lucida Console Modern Regular Central European 19 x 32 40 % Lucida Console Modern Regular Cyrillic 19 x 32 40 % Lucida Console Modern Regular Greek 19 x 32 40 % Lucida Console Modern Regular Turkish 19 x 32 40 % Lucida Console Modern Regular Western 19 x 32 40 % Lucida Fax Roman Regular Western 16 x 37 40 % Lucida Handwriting Script Italic Western 18 x 41 40 % Lucida Sans Typewriter Modern Regular Western 19 x 36 40 % Lucida Sans Unicode Swiss Regular Baltic 16 x 49 40 % Lucida Sans Unicode Swiss Regular Central European 16 x 49 40 % Lucida Sans Unicode Swiss Regular Cyrillic 16 x 49 40 % Lucida Sans Unicode Swiss Regular Greek 16 x 49 40 % Lucida Sans Unicode Swiss Regular Hebrew 16 x 49 40 % Lucida Sans Unicode Swiss Regular Turkish 16 x 49 40 % Lucida Sans Unicode Swiss Regular Western 16 x 49 40 % Lucida Sans Swiss Regular Western 16 x 36 40 % Magneto Decorative Bold Western 18 x 39 70 % Maiandra GD Swiss Regular Western 14 x 38 40 % Malgun Gothic Swiss Regular Hangul 15 x 43 40 % Malgun Gothic Swiss Regular Western 15 x 43 40 % Mangal Roman Regular Western 19 x 54 40 % Marlett Special Regular Symbol 31 x 32 50 % Mathematica1 Special Regular Symbol 16 x 37 40 % Mathematica1Mono Roman Regular Symbol 16 x 35 40 % Mathematica2 Special Regular Symbol 16 x 208 40 % Mathematica2Mono Special Regular Symbol 16 x 210 40 % Mathematica3 Special Regular Symbol 19 x 35 40 % Mathematica3Mono Special Regular Symbol 17 x 32 40 % Mathematica4 Special Regular Symbol 19 x 39 40 % Mathematica4Mono Special Regular Symbol 22 x 35 40 % Mathematica5 Special Regular Symbol 25 x 74 40 % Mathematica5Mono Special Regular Symbol 24 x 73 40 % Mathematica6 Special Regular Turkish 11 x 33 40 % Mathematica6 Special Regular Western 11 x 33 40 % Mathematica6Mono Special Regular Turkish 10 x 32 40 % Mathematica6Mono Special Regular Western 10 x 32 40 % Mathematica7 Special Regular Turkish 11 x 33 40 % Mathematica7 Special Regular Western 11 x 33 40 % Mathematica7Mono Special Regular Turkish 11 x 31 40 % Mathematica7Mono Special Regular Western 11 x 31 40 % Matura MT Script Capitals Script Regular Western 14 x 43 40 % Meiryo UI Swiss Regular Baltic 17 x 41 40 % Meiryo UI Swiss Regular Central European 17 x 41 40 % Meiryo UI Swiss Regular Cyrillic 17 x 41 40 % Meiryo UI Swiss Regular Greek 17 x 41 40 % Meiryo UI Swiss Regular Japanese 17 x 41 40 % Meiryo UI Swiss Regular Turkish 17 x 41 40 % Meiryo UI Swiss Regular Western 17 x 41 40 % Meiryo Swiss Regular Baltic 31 x 48 40 % Meiryo Swiss Regular Central European 31 x 48 40 % Meiryo Swiss Regular Cyrillic 31 x 48 40 % Meiryo Swiss Regular Greek 31 x 48 40 % Meiryo Swiss Regular Japanese 31 x 48 40 % Meiryo Swiss Regular Turkish 31 x 48 40 % Meiryo Swiss Regular Western 31 x 48 40 % Mesquite Std Decorative Medium Mac 9 x 38 50 % Mesquite Std Decorative Medium Western 9 x 38 50 % Microsoft Himalaya Special Regular Western 13 x 32 40 % Microsoft JhengHei UI Swiss Regular CHINESE_BIG5 15 x 41 40 % Microsoft JhengHei UI Swiss Regular Greek 15 x 41 40 % Microsoft JhengHei UI Swiss Regular Western 15 x 41 40 % Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 % Microsoft JhengHei Swiss Regular Greek 15 x 43 40 % Microsoft JhengHei Swiss Regular Western 15 x 43 40 % Microsoft New Tai Lue Swiss Regular Western 19 x 42 40 % Microsoft PhagsPa Swiss Regular Western 24 x 41 40 % Microsoft Sans Serif Swiss Regular Arabic 14 x 36 40 % Microsoft Sans Serif Swiss Regular Baltic 14 x 36 40 % Microsoft Sans Serif Swiss Regular Central European 14 x 36 40 % Microsoft Sans Serif Swiss Regular Cyrillic 14 x 36 40 % Microsoft Sans Serif Swiss Regular Greek 14 x 36 40 % Microsoft Sans Serif Swiss Regular Hebrew 14 x 36 40 % Microsoft Sans Serif Swiss Regular Thai 14 x 36 40 % Microsoft Sans Serif Swiss Regular Turkish 14 x 36 40 % Microsoft Sans Serif Swiss Regular Vietnamese 14 x 36 40 % Microsoft Sans Serif Swiss Regular Western 14 x 36 40 % Microsoft Tai Le Swiss Regular Western 19 x 41 40 % Microsoft Uighur Special Regular Arabic 13 x 32 40 % Microsoft Uighur Special Regular Western 13 x 32 40 % Microsoft YaHei UI Swiss Regular Central European 15 x 41 40 % Microsoft YaHei UI Swiss Regular CHINESE_GB2312 15 x 41 40 % Microsoft YaHei UI Swiss Regular Cyrillic 15 x 41 40 % Microsoft YaHei UI Swiss Regular Greek 15 x 41 40 % Microsoft YaHei UI Swiss Regular Turkish 15 x 41 40 % Microsoft YaHei UI Swiss Regular Western 15 x 41 40 % Microsoft YaHei Swiss Regular Central European 15 x 42 40 % Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 % Microsoft YaHei Swiss Regular Cyrillic 15 x 42 40 % Microsoft YaHei Swiss Regular Greek 15 x 42 40 % Microsoft YaHei Swiss Regular Turkish 15 x 42 40 % Microsoft YaHei Swiss Regular Western 15 x 42 40 % Microsoft Yi Baiti Script Regular Western 21 x 32 40 % MingLiU_HKSCS Roman Regular CHINESE_BIG5 16 x 32 40 % MingLiU_HKSCS Roman Regular Western 16 x 32 40 % MingLiU_HKSCS-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % MingLiU_HKSCS-ExtB Roman Regular Western 16 x 32 40 % MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 % MingLiU Modern Regular Western 16 x 32 40 % MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % MingLiU-ExtB Roman Regular Western 16 x 32 40 % Minion Pro Cond Roman Bold Cond Baltic 17 x 44 70 % Minion Pro Cond Roman Bold Cond Central European 17 x 44 70 % Minion Pro Cond Roman Bold Cond Cyrillic 17 x 44 70 % Minion Pro Cond Roman Bold Cond Greek 17 x 44 70 % Minion Pro Cond Roman Bold Cond Mac 17 x 44 70 % Minion Pro Cond Roman Bold Cond Turkish 17 x 44 70 % Minion Pro Cond Roman Bold Cond Western 17 x 44 70 % Minion Pro Med Roman Medium Baltic 17 x 43 50 % Minion Pro Med Roman Medium Central European 17 x 43 50 % Minion Pro Med Roman Medium Cyrillic 17 x 43 50 % Minion Pro Med Roman Medium Greek 17 x 43 50 % Minion Pro Med Roman Medium Mac 17 x 43 50 % Minion Pro Med Roman Medium Turkish 17 x 43 50 % Minion Pro Med Roman Medium Western 17 x 43 50 % Minion Pro SmBd Roman Semibold Baltic 18 x 44 60 % Minion Pro SmBd Roman Semibold Central European 18 x 44 60 % Minion Pro SmBd Roman Semibold Cyrillic 18 x 44 60 % Minion Pro SmBd Roman Semibold Greek 18 x 44 60 % Minion Pro SmBd Roman Semibold Mac 18 x 44 60 % Minion Pro SmBd Roman Semibold Turkish 18 x 44 60 % Minion Pro SmBd Roman Semibold Western 18 x 44 60 % Minion Pro Roman Bold Baltic 18 x 44 70 % Minion Pro Roman Bold Central European 18 x 44 70 % Minion Pro Roman Bold Cyrillic 18 x 44 70 % Minion Pro Roman Bold Greek 18 x 44 70 % Minion Pro Roman Bold Mac 18 x 44 70 % Minion Pro Roman Bold Turkish 18 x 44 70 % Minion Pro Roman Bold Western 18 x 44 70 % Miriam Fixed Modern Regular Hebrew 19 x 32 40 % Miriam Swiss Regular Hebrew 13 x 32 40 % Mistral Script Regular Baltic 10 x 39 40 % Mistral Script Regular Central European 10 x 39 40 % Mistral Script Regular Cyrillic 10 x 39 40 % Mistral Script Regular Greek 10 x 39 40 % Mistral Script Regular Turkish 10 x 39 40 % Mistral Script Regular Western 10 x 39 40 % Modern No. 20 Roman Regular Western 13 x 33 40 % Modern Modern OEM/DOS 19 x 37 40 % Mongolian Baiti Script Regular Western 14 x 34 40 % Monotype Corsiva Script Regular Baltic 11 x 35 40 % Monotype Corsiva Script Regular Central European 11 x 35 40 % Monotype Corsiva Script Regular Cyrillic 11 x 35 40 % Monotype Corsiva Script Regular Greek 11 x 35 40 % Monotype Corsiva Script Regular Turkish 11 x 35 40 % Monotype Corsiva Script Regular Western 11 x 35 40 % MoolBoran Swiss Regular Western 13 x 43 40 % MS Gothic Modern Regular Baltic 16 x 32 40 % MS Gothic Modern Regular Central European 16 x 32 40 % MS Gothic Modern Regular Cyrillic 16 x 32 40 % MS Gothic Modern Regular Greek 16 x 32 40 % MS Gothic Modern Regular Japanese 16 x 32 40 % MS Gothic Modern Regular Turkish 16 x 32 40 % MS Gothic Modern Regular Western 16 x 32 40 % MS Mincho Modern Regular Baltic 16 x 32 40 % MS Mincho Modern Regular Central European 16 x 32 40 % MS Mincho Modern Regular Cyrillic 16 x 32 40 % MS Mincho Modern Regular Greek 16 x 32 40 % MS Mincho Modern Regular Japanese 16 x 32 40 % MS Mincho Modern Regular Turkish 16 x 32 40 % MS Mincho Modern Regular Western 16 x 32 40 % MS Outlook Special Regular Symbol 31 x 33 40 % MS PGothic Swiss Regular Baltic 13 x 32 40 % MS PGothic Swiss Regular Central European 13 x 32 40 % MS PGothic Swiss Regular Cyrillic 13 x 32 40 % MS PGothic Swiss Regular Greek 13 x 32 40 % MS PGothic Swiss Regular Japanese 13 x 32 40 % MS PGothic Swiss Regular Turkish 13 x 32 40 % MS PGothic Swiss Regular Western 13 x 32 40 % MS PMincho Roman Regular Baltic 13 x 32 40 % MS PMincho Roman Regular Central European 13 x 32 40 % MS PMincho Roman Regular Cyrillic 13 x 32 40 % MS PMincho Roman Regular Greek 13 x 32 40 % MS PMincho Roman Regular Japanese 13 x 32 40 % MS PMincho Roman Regular Turkish 13 x 32 40 % MS PMincho Roman Regular Western 13 x 32 40 % MS Reference Sans Serif Swiss Regular Baltic 16 x 39 40 % MS Reference Sans Serif Swiss Regular Central European 16 x 39 40 % MS Reference Sans Serif Swiss Regular Cyrillic 16 x 39 40 % MS Reference Sans Serif Swiss Regular Greek 16 x 39 40 % MS Reference Sans Serif Swiss Regular Turkish 16 x 39 40 % MS Reference Sans Serif Swiss Regular Vietnamese 16 x 39 40 % MS Reference Sans Serif Swiss Regular Western 16 x 39 40 % MS Reference Specialty Special Regular Symbol 23 x 39 40 % MS Sans Serif Swiss Western 5 x 13 40 % MS Serif Roman Western 5 x 13 40 % MS UI Gothic Swiss Regular Baltic 13 x 32 40 % MS UI Gothic Swiss Regular Central European 13 x 32 40 % MS UI Gothic Swiss Regular Cyrillic 13 x 32 40 % MS UI Gothic Swiss Regular Greek 13 x 32 40 % MS UI Gothic Swiss Regular Japanese 13 x 32 40 % MS UI Gothic Swiss Regular Turkish 13 x 32 40 % MS UI Gothic Swiss Regular Western 13 x 32 40 % MT Extra Roman Regular Symbol 20 x 32 40 % MV Boli Special Regular Western 18 x 52 40 % Myriad Arabic Modern Bold Arabic 14 x 47 70 % Myriad Arabic Modern Bold Central European 14 x 47 70 % Myriad Arabic Modern Bold Mac 14 x 47 70 % Myriad Arabic Modern Bold Western 14 x 47 70 % Myriad Hebrew Modern Bold Central European 15 x 40 70 % Myriad Hebrew Modern Bold Hebrew 15 x 40 70 % Myriad Hebrew Modern Bold Mac 15 x 40 70 % Myriad Hebrew Modern Bold Western 15 x 40 70 % Myriad Pro Cond Swiss Bold Condensed Baltic 13 x 39 70 % Myriad Pro Cond Swiss Bold Condensed Central European 13 x 39 70 % Myriad Pro Cond Swiss Bold Condensed Cyrillic 13 x 39 70 % Myriad Pro Cond Swiss Bold Condensed Greek 13 x 39 70 % Myriad Pro Cond Swiss Bold Condensed Mac 13 x 39 70 % Myriad Pro Cond Swiss Bold Condensed Turkish 13 x 39 70 % Myriad Pro Cond Swiss Bold Condensed Western 13 x 39 70 % Myriad Pro Light Swiss Semibold Baltic 16 x 39 60 % Myriad Pro Light Swiss Semibold Central European 16 x 39 60 % Myriad Pro Light Swiss Semibold Cyrillic 16 x 39 60 % Myriad Pro Light Swiss Semibold Greek 16 x 39 60 % Myriad Pro Light Swiss Semibold Mac 16 x 39 60 % Myriad Pro Light Swiss Semibold Turkish 16 x 39 60 % Myriad Pro Light Swiss Semibold Western 16 x 39 60 % Myriad Pro Swiss Bold Baltic 17 x 40 70 % Myriad Pro Swiss Bold Central European 17 x 40 70 % Myriad Pro Swiss Bold Cyrillic 17 x 40 70 % Myriad Pro Swiss Bold Greek 17 x 40 70 % Myriad Pro Swiss Bold Mac 17 x 40 70 % Myriad Pro Swiss Bold Turkish 17 x 40 70 % Myriad Pro Swiss Bold Western 17 x 40 70 % Narkisim Swiss Regular Hebrew 12 x 32 40 % Niagara Engraved Decorative Regular Western 8 x 34 40 % Niagara Solid Decorative Regular Western 8 x 34 40 % Nirmala UI Swiss Regular Western 31 x 43 40 % NSimSun Modern Regular CHINESE_GB2312 16 x 32 40 % NSimSun Modern Regular Western 16 x 32 40 % Nueva Std Cond Swiss Bold Condensed Mac 12 x 32 70 % Nueva Std Cond Swiss Bold Condensed Western 12 x 32 70 % Nueva Std Swiss Bold Mac 15 x 33 70 % Nueva Std Swiss Bold Western 15 x 33 70 % Nyala Special Regular Baltic 18 x 33 40 % Nyala Special Regular Central European 18 x 33 40 % Nyala Special Regular Turkish 18 x 33 40 % Nyala Special Regular Western 18 x 33 40 % OCR A Extended Modern Regular Western 19 x 33 40 % OCR A Std Modern Regular Mac 23 x 34 40 % OCR A Std Modern Regular Western 23 x 34 40 % Old English Text MT Script Regular Western 12 x 39 40 % Onyx Decorative Regular Western 8 x 37 40 % Orator Std Modern Slanted Mac 19 x 43 40 % Orator Std Modern Slanted Western 19 x 43 40 % Palace Script MT Script Regular Western 7 x 30 40 % Palatino Linotype Roman Regular Baltic 14 x 43 40 % Palatino Linotype Roman Regular Central European 14 x 43 40 % Palatino Linotype Roman Regular Cyrillic 14 x 43 40 % Palatino Linotype Roman Regular Greek 14 x 43 40 % Palatino Linotype Roman Regular Turkish 14 x 43 40 % Palatino Linotype Roman Regular Vietnamese 14 x 43 40 % Palatino Linotype Roman Regular Western 14 x 43 40 % Papyrus Script Regular Western 13 x 50 40 % Parchment Script Regular Western 6 x 34 40 % Perpetua Titling MT Roman Bold Western 21 x 39 70 % Perpetua Roman Regular Western 12 x 37 40 % Plantagenet Cherokee Roman Regular Western 14 x 41 40 % Playbill Decorative Regular Western 8 x 32 40 % PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 % PMingLiU Roman Regular Western 16 x 32 40 % PMingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 % PMingLiU-ExtB Roman Regular Western 16 x 32 40 % Poor Richard Roman Regular Western 12 x 36 40 % Poplar Std Decorative Black Mac 13 x 38 70 % Poplar Std Decorative Black Western 13 x 38 70 % Prestige Elite Std Modern Bold Mac 19 x 36 70 % Prestige Elite Std Modern Bold Western 19 x 36 70 % Pristina Script Regular Western 10 x 42 40 % Raavi Swiss Regular Western 13 x 53 40 % Rage Italic Script Regular Western 11 x 40 40 % Ravie Decorative Regular Western 22 x 43 40 % Rockwell Condensed Roman Regular Western 11 x 38 40 % Rockwell Extra Bold Roman Regular Western 19 x 38 80 % Rockwell Roman Regular Western 15 x 38 40 % Rod Modern Regular Hebrew 19 x 31 40 % Roman Roman OEM/DOS 22 x 37 40 % Rosewood Std Regular Decorative Regular Mac 16 x 37 70 % Rosewood Std Regular Decorative Regular Western 16 x 37 70 % Sakkal Majalla Special Regular Arabic 16 x 45 40 % Sakkal Majalla Special Regular Baltic 16 x 45 40 % Sakkal Majalla Special Regular Central European 16 x 45 40 % Sakkal Majalla Special Regular Turkish 16 x 45 40 % Sakkal Majalla Special Regular Western 16 x 45 40 % Script MT Bold Script Regular Western 13 x 39 70 % Script Script OEM/DOS 16 x 36 40 % Segoe Marker Script Regular Western 14 x 37 40 % Segoe Print Special Regular Baltic 21 x 56 40 % Segoe Print Special Regular Central European 21 x 56 40 % Segoe Print Special Regular Cyrillic 21 x 56 40 % Segoe Print Special Regular Greek 21 x 56 40 % Segoe Print Special Regular Turkish 21 x 56 40 % Segoe Print Special Regular Western 21 x 56 40 % Segoe Script Swiss Regular Baltic 22 x 51 40 % Segoe Script Swiss Regular Central European 22 x 51 40 % Segoe Script Swiss Regular Cyrillic 22 x 51 40 % Segoe Script Swiss Regular Greek 22 x 51 40 % Segoe Script Swiss Regular Turkish 22 x 51 40 % Segoe Script Swiss Regular Western 22 x 51 40 % Segoe UI Light Swiss Regular Baltic 17 x 43 30 % Segoe UI Light Swiss Regular Central European 17 x 43 30 % Segoe UI Light Swiss Regular Cyrillic 17 x 43 30 % Segoe UI Light Swiss Regular Greek 17 x 43 30 % Segoe UI Light Swiss Regular Turkish 17 x 43 30 % Segoe UI Light Swiss Regular Vietnamese 17 x 43 30 % Segoe UI Light Swiss Regular Western 17 x 43 30 % Segoe UI Semibold Swiss Regular Baltic 18 x 43 60 % Segoe UI Semibold Swiss Regular Central European 18 x 43 60 % Segoe UI Semibold Swiss Regular Cyrillic 18 x 43 60 % Segoe UI Semibold Swiss Regular Greek 18 x 43 60 % Segoe UI Semibold Swiss Regular Turkish 18 x 43 60 % Segoe UI Semibold Swiss Regular Vietnamese 18 x 43 60 % Segoe UI Semibold Swiss Regular Western 18 x 43 60 % Segoe UI Semilight Swiss Regular Arabic 17 x 43 35 % Segoe UI Semilight Swiss Regular Baltic 17 x 43 35 % Segoe UI Semilight Swiss Regular Central European 17 x 43 35 % Segoe UI Semilight Swiss Regular Cyrillic 17 x 43 35 % Segoe UI Semilight Swiss Regular Greek 17 x 43 35 % Segoe UI Semilight Swiss Regular Hebrew 17 x 43 35 % Segoe UI Semilight Swiss Regular Turkish 17 x 43 35 % Segoe UI Semilight Swiss Regular Vietnamese 17 x 43 35 % Segoe UI Semilight Swiss Regular Western 17 x 43 35 % Segoe UI Symbol Swiss Regular Western 23 x 43 40 % Segoe UI Swiss Regular Arabic 17 x 43 40 % Segoe UI Swiss Regular Baltic 17 x 43 40 % Segoe UI Swiss Regular Central European 17 x 43 40 % Segoe UI Swiss Regular Cyrillic 17 x 43 40 % Segoe UI Swiss Regular Greek 17 x 43 40 % Segoe UI Swiss Regular Turkish 17 x 43 40 % Segoe UI Swiss Regular Vietnamese 17 x 43 40 % Segoe UI Swiss Regular Western 17 x 43 40 % Shonar Bangla Swiss Regular Western 16 x 41 40 % Showcard Gothic Decorative Regular Western 18 x 40 40 % Shruti Swiss Regular Western 14 x 54 40 % SimHei Modern Regular CHINESE_GB2312 16 x 32 40 % SimHei Modern Regular Western 16 x 32 40 % Simplified Arabic Fixed Modern Regular Arabic 19 x 35 40 % Simplified Arabic Fixed Modern Regular Western 19 x 35 40 % Simplified Arabic Roman Regular Arabic 13 x 53 40 % Simplified Arabic Roman Regular Western 13 x 53 40 % SimSun Special Regular CHINESE_GB2312 16 x 32 40 % SimSun Special Regular Western 16 x 32 40 % SimSun-ExtB Modern Regular CHINESE_GB2312 16 x 32 40 % SimSun-ExtB Modern Regular Western 16 x 32 40 % SketchFlow Print Special Regular Baltic 17 x 34 40 % SketchFlow Print Special Regular Central European 17 x 34 40 % SketchFlow Print Special Regular Turkish 17 x 34 40 % SketchFlow Print Special Regular Vietnamese 17 x 34 40 % SketchFlow Print Special Regular Western 17 x 34 40 % Small Fonts Swiss Western 1 x 3 40 % Snap ITC Decorative Regular Western 19 x 41 40 % Stencil Std Decorative Bold Mac 20 x 42 70 % Stencil Std Decorative Bold Western 20 x 42 70 % Stencil Decorative Regular Western 18 x 38 40 % Sylfaen Roman Regular Baltic 13 x 42 40 % Sylfaen Roman Regular Central European 13 x 42 40 % Sylfaen Roman Regular Cyrillic 13 x 42 40 % Sylfaen Roman Regular Greek 13 x 42 40 % Sylfaen Roman Regular Turkish 13 x 42 40 % Sylfaen Roman Regular Western 13 x 42 40 % Symbol Roman Regular Symbol 19 x 39 40 % System Swiss Western 7 x 16 70 % Tahoma Swiss Regular Arabic 14 x 39 40 % Tahoma Swiss Regular Baltic 14 x 39 40 % Tahoma Swiss Regular Central European 14 x 39 40 % Tahoma Swiss Regular Cyrillic 14 x 39 40 % Tahoma Swiss Regular Greek 14 x 39 40 % Tahoma Swiss Regular Hebrew 14 x 39 40 % Tahoma Swiss Regular Thai 14 x 39 40 % Tahoma Swiss Regular Turkish 14 x 39 40 % Tahoma Swiss Regular Vietnamese 14 x 39 40 % Tahoma Swiss Regular Western 14 x 39 40 % Tekton Pro Cond Swiss Bold Condensed Baltic 12 x 39 70 % Tekton Pro Cond Swiss Bold Condensed Central European 12 x 39 70 % Tekton Pro Cond Swiss Bold Condensed Mac 12 x 39 70 % Tekton Pro Cond Swiss Bold Condensed Turkish 12 x 39 70 % Tekton Pro Cond Swiss Bold Condensed Western 12 x 39 70 % Tekton Pro Ext Swiss Bold Extended Baltic 19 x 39 70 % Tekton Pro Ext Swiss Bold Extended Central European 19 x 39 70 % Tekton Pro Ext Swiss Bold Extended Mac 19 x 39 70 % Tekton Pro Ext Swiss Bold Extended Turkish 19 x 39 70 % Tekton Pro Ext Swiss Bold Extended Western 19 x 39 70 % Tekton Pro Swiss Bold Baltic 15 x 39 70 % Tekton Pro Swiss Bold Central European 15 x 39 70 % Tekton Pro Swiss Bold Mac 15 x 39 70 % Tekton Pro Swiss Bold Turkish 15 x 39 70 % Tekton Pro Swiss Bold Western 15 x 39 70 % Tempus Sans ITC Decorative Regular Western 13 x 42 40 % Terminal Modern OEM/DOS 8 x 12 40 % Times New Roman Roman Regular Arabic 13 x 35 40 % Times New Roman Roman Regular Baltic 13 x 35 40 % Times New Roman Roman Regular Central European 13 x 35 40 % Times New Roman Roman Regular Cyrillic 13 x 35 40 % Times New Roman Roman Regular Greek 13 x 35 40 % Times New Roman Roman Regular Hebrew 13 x 35 40 % Times New Roman Roman Regular Turkish 13 x 35 40 % Times New Roman Roman Regular Vietnamese 13 x 35 40 % Times New Roman Roman Regular Western 13 x 35 40 % Traditional Arabic Roman Regular Arabic 15 x 48 40 % Traditional Arabic Roman Regular Western 15 x 48 40 % Trajan Pro Roman Bold Baltic 21 x 41 70 % Trajan Pro Roman Bold Central European 21 x 41 70 % Trajan Pro Roman Bold Mac 21 x 41 70 % Trajan Pro Roman Bold Turkish 21 x 41 70 % Trajan Pro Roman Bold Western 21 x 41 70 % Trebuchet MS Swiss Regular Baltic 15 x 37 40 % Trebuchet MS Swiss Regular Central European 15 x 37 40 % Trebuchet MS Swiss Regular Cyrillic 15 x 37 40 % Trebuchet MS Swiss Regular Greek 15 x 37 40 % Trebuchet MS Swiss Regular Turkish 15 x 37 40 % Trebuchet MS Swiss Regular Western 15 x 37 40 % Tunga Swiss Regular Western 18 x 53 40 % Tw Cen MT Condensed Extra Bold Swiss Regular Central European 12 x 35 40 % Tw Cen MT Condensed Extra Bold Swiss Regular Western 12 x 35 40 % Tw Cen MT Condensed Swiss Bold Central European 11 x 34 70 % Tw Cen MT Condensed Swiss Bold Western 11 x 34 70 % Tw Cen MT Swiss Regular Central European 13 x 35 40 % Tw Cen MT Swiss Regular Western 13 x 35 40 % Utsaah Swiss Regular Western 13 x 36 40 % Vani Swiss Regular Western 23 x 54 40 % Verdana Swiss Regular Baltic 16 x 39 40 % Verdana Swiss Regular Central European 16 x 39 40 % Verdana Swiss Regular Cyrillic 16 x 39 40 % Verdana Swiss Regular Greek 16 x 39 40 % Verdana Swiss Regular Turkish 16 x 39 40 % Verdana Swiss Regular Vietnamese 16 x 39 40 % Verdana Swiss Regular Western 16 x 39 40 % Vijaya Swiss Regular Western 19 x 32 40 % Viner Hand ITC Script Regular Western 15 x 52 40 % Vivaldi Script Italic Western 9 x 38 40 % Vladimir Script Script Regular Western 10 x 39 40 % Vrinda Swiss Regular Western 20 x 44 40 % Webdings Roman Regular Symbol 31 x 32 40 % Wide Latin Roman Regular Western 26 x 39 40 % Wingdings 2 Roman Regular Symbol 27 x 34 40 % Wingdings 3 Roman Regular Symbol 25 x 36 40 % Wingdings Special Regular Symbol 28 x 36 40 % ZWAdobeF Special Regular Arabic 6 x 21 40 % ZWAdobeF Special Regular Baltic 6 x 21 40 % ZWAdobeF Special Regular Central European 6 x 21 40 % ZWAdobeF Special Regular Cyrillic 6 x 21 40 % ZWAdobeF Special Regular Greek 6 x 21 40 % ZWAdobeF Special Regular Hebrew 6 x 21 40 % ZWAdobeF Special Regular Turkish 6 x 21 40 % ZWAdobeF Special Regular Vietnamese 6 x 21 40 % ZWAdobeF Special Regular Western 6 x 21 40 % --------[ Windows Audio ]----------------------------------------------------------------------------------------------- midi-out.0 0001 001B Microsoft GS Wavetable Synth mixer.0 0001 0068 Speakers (Realtek High Definiti mixer.1 0001 0068 Realtek Digital Output(Optical) mixer.2 0001 0068 HF199H-1 (NVIDIA High Definitio mixer.3 0001 0068 Realtek Digital Output (Realtek mixer.4 0001 0068 Stereo Mix (Realtek High Defini mixer.5 0001 0068 Microphone (Realtek High Defini wave-in.0 0001 0065 Microphone (Realtek High Defini wave-in.1 0001 0065 Stereo Mix (Realtek High Defini wave-out.0 0001 0064 Speakers (Realtek High Definiti wave-out.1 0001 0064 Realtek Digital Output(Optical) wave-out.2 0001 0064 HF199H-1 (NVIDIA High Definitio wave-out.3 0001 0064 Realtek Digital Output (Realtek --------[ PCI / PnP Audio ]--------------------------------------------------------------------------------------------- nVIDIA HDMI/DP @ nVIDIA GF104 - High Definition Audio Controller PCI nVIDIA HDMI/DP @ nVIDIA GF104 - High Definition Audio Controller PCI nVIDIA HDMI/DP @ nVIDIA GF104 - High Definition Audio Controller PCI nVIDIA HDMI/DP @ nVIDIA GF104 - High Definition Audio Controller PCI Realtek ALC889 @ ATI SB900 - High Definition Audio Controller PCI --------[ HD Audio ]---------------------------------------------------------------------------------------------------- [ ATI SB900 - High Definition Audio Controller ] Device Properties: Device Description ATI SB900 - High Definition Audio Controller Device Description (Windows) High Definition Audio Controller Bus Type PCI Bus / Device / Function 0 / 20 / 2 Device ID 1002-4383 Subsystem ID 1458-A002 Revision 40 Hardware ID PCI\VEN_1002&DEV_4383&SUBSYS_A0021458&REV_40 Device Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/chipsets Driver Download http://support.amd.com BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ Realtek ALC889 ] Device Properties: Device Description Realtek ALC889 Device Description (Windows) Realtek High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10EC-0889 Subsystem ID 1458-A002 Revision 1000 Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_1458A002&REV_1000 Device Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ nVIDIA GF104 - High Definition Audio Controller ] Device Properties: Device Description nVIDIA GF104 - High Definition Audio Controller Device Description (Windows) High Definition Audio Controller Bus Type PCI Bus / Device / Function 1 / 0 / 1 Device ID 10DE-0BEB Subsystem ID 3842-1370 Revision A1 Hardware ID PCI\VEN_10DE&DEV_0BEB&SUBSYS_13703842&REV_A1 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp BIOS Upgrades http://www.aida64.com/bios-updates Driver Update http://www.aida64.com/driver-updates [ nVIDIA HDMI/DP ] Device Properties: Device Description nVIDIA HDMI/DP Device Description (Windows) NVIDIA High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10DE-0012 Subsystem ID 10DE-0101 Revision 1001 Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ nVIDIA HDMI/DP ] Device Properties: Device Description nVIDIA HDMI/DP Device Description (Windows) NVIDIA High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10DE-0012 Subsystem ID 10DE-0101 Revision 1001 Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ nVIDIA HDMI/DP ] Device Properties: Device Description nVIDIA HDMI/DP Device Description (Windows) NVIDIA High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10DE-0012 Subsystem ID 10DE-0101 Revision 1001 Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ nVIDIA HDMI/DP ] Device Properties: Device Description nVIDIA HDMI/DP Device Description (Windows) NVIDIA High Definition Audio Device Type Audio Bus Type HDAUDIO Device ID 10DE-0012 Subsystem ID 10DE-0101 Revision 1001 Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ Audio Codecs ]------------------------------------------------------------------------------------------------ [ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ] ACM Driver Properties: Driver Description Fraunhofer IIS MPEG Layer-3 Codec (decode only) Copyright Notice Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS Driver Features decoder only version Driver Version 1.09 [ Microsoft ADPCM CODEC ] ACM Driver Properties: Driver Description Microsoft ADPCM CODEC Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Compresses and decompresses Microsoft ADPCM audio data. Driver Version 4.00 [ Microsoft CCITT G.711 A-Law and u-Law CODEC ] ACM Driver Properties: Driver Description Microsoft CCITT G.711 A-Law and u-Law CODEC Copyright Notice Copyright (c) 1993-1996 Microsoft Corporation Driver Features Compresses and decompresses CCITT G.711 A-Law and u-Law audio data. Driver Version 4.00 [ Microsoft GSM 6.10 Audio CODEC ] ACM Driver Properties: Driver Description Microsoft GSM 6.10 Audio CODEC Copyright Notice Copyright (C) 1993-1996 Microsoft Corporation Driver Features Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10. Driver Version 4.00 [ Microsoft IMA ADPCM CODEC ] ACM Driver Properties: Driver Description Microsoft IMA ADPCM CODEC Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Compresses and decompresses IMA ADPCM audio data. Driver Version 4.00 [ Microsoft PCM Converter ] ACM Driver Properties: Driver Description Microsoft PCM Converter Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation Driver Features Converts frequency and bits per sample of PCM audio data. Driver Version 5.00 --------[ Video Codecs ]------------------------------------------------------------------------------------------------ C:\Windows\SysWOW64\tsc2_codec32.dll 1.0.6.0 frapsvid.dll 3.5.99.15618 Fraps Video Decompressor iccvid.dll 1.10.0.11 Cinepak® Codec iyuv_32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Intel Indeo(R) Video YUV Codec msrle32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft RLE Compressor msvidc32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Video 1 Compressor msyuv.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Microsoft UYVY Video Decompressor tsbyuv.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Toshiba Video Codec tsccvid.dll 3.1.12331.01 TechSmith Screen Capture Codec --------[ MCI ]--------------------------------------------------------------------------------------------------------- [ AVIVideo ] MCI Device Properties: Device AVIVideo Name Video for Windows Description Video For Windows MCI driver Type Digital Video Device Driver mciavi32.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Play In Reverse Yes Can Record No Can Save Data No Can Freeze Data No Can Lock Data No Can Stretch Frame Yes Can Stretch Input No Can Test Yes Audio Capable Yes Video Capable Yes Still Image Capable No [ CDAudio ] MCI Device Properties: Device CDAudio Name CD Audio Description MCI driver for cdaudio devices Type CD Audio Device Driver mcicda.dll Status Enabled MCI Device Features: Compound Device No File Based Device No Can Eject Yes Can Play Yes Can Record No Can Save Data No Audio Capable Yes Video Capable No [ MPEGVideo ] MCI Device Properties: Device MPEGVideo Name DirectShow Description DirectShow MCI Driver Type Digital Video Device Driver mciqtz32.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Play In Reverse No Can Record No Can Save Data No Can Freeze Data No Can Lock Data No Can Stretch Frame Yes Can Stretch Input No Can Test Yes Audio Capable Yes Video Capable Yes Still Image Capable No [ Sequencer ] MCI Device Properties: Device Sequencer Name MIDI Sequencer Description MCI driver for MIDI sequencer Type Sequencer Device Driver mciseq.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Record No Can Save Data No Audio Capable Yes Video Capable No [ WaveAudio ] MCI Device Properties: Device WaveAudio Name Sound Description MCI driver for waveform audio Type Waveform Audio Device Driver mciwave.dll Status Enabled MCI Device Features: Compound Device Yes File Based Device Yes Can Eject No Can Play Yes Can Record Yes Can Save Data Yes Audio Capable Yes Video Capable No --------[ SAPI ]-------------------------------------------------------------------------------------------------------- SAPI Properties: SAPI4 Version - SAPI5 Version 5.3.13120.0 Voice (SAPI5): Name Microsoft Anna - English (United States) Description Microsoft Anna - English (United States) Voice Name M1033DSK Voice Path C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk Age Adult Gender Female Language English (United States) Vendor Microsoft Version 2.0 DLL File C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll (x86) CLSID {F51C7B23-6566-424C-94CF-2C4F83EE96FF} Frontend {55DFB4F7-4175-4B3B-B247-D9B399ADB119} Speech Recognizer (SAPI5): Name Microsoft Speech Recognizer 8.0 for Windows (English - UK) Description Microsoft Speech Recognizer 8.0 for Windows (English - UK) FE Config Data File C:\Windows\Speech\Engines\SR\en-GB\c2057dsk.fe Language English (United Kingdom) Speaking Style Discrete;Continuous Supported Locales English (United Kingdom); English (Australia); English (New Zealand); English (Ireland); English (South Africa); English (Jamaica); English (Caribbean); English (Belize); English (Trinidad and Tobago); English (Zimbabwe); English (India); English (Malaysia); English (Singapore); English Vendor Microsoft Version 8.0 DLL File C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64) CLSID {DAC9F469-0C67-4643-9258-87EC128C5941} RecoExtension {4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC} Speech Recognizer (SAPI5): Name Microsoft Speech Recognizer 8.0 for Windows (English - US) Description Microsoft Speech Recognizer 8.0 for Windows (English - US) FE Config Data File C:\Windows\Speech\Engines\SR\en-US\c1033dsk.fe Language English (United States); English Speaking Style Discrete;Continuous Supported Locales English (United States); English (Canada); English (Republic of the Philippines); English Vendor Microsoft Version 8.0 DLL File C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64) CLSID {DAC9F469-0C67-4643-9258-87EC128C5941} RecoExtension {4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC} --------[ Windows Storage ]--------------------------------------------------------------------------------------------- [ Hitachi HDS721050CLA362 ATA Device ] Device Properties: Driver Description Hitachi HDS721050CLA362 ATA Device Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Disk Device Physical Info: Manufacturer Hitachi Hard Disk Family Deskstar 7K1000.C Form Factor 3.5" Formatted Capacity 500 GB Disks 1 Recording Surfaces 2 Physical Dimensions 147 x 101.6 x 26.1 mm Max. Weight 400 g Average Rotational Latency 4.17 ms Rotational Speed 7200 RPM Max. Internal Data Rate 1589 Mbit/s Interface SATA-II Buffer-to-Host Data Rate 300 MB/s Buffer Size 16 MB Device Manufacturer: Company Name Hitachi Global Storage Technologies Product Information http://www.hgst.com [ WDC WD6400AAKS-22A7B2 ATA Device ] Device Properties: Driver Description WDC WD6400AAKS-22A7B2 ATA Device Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Disk Device Physical Info: Manufacturer Western Digital Hard Disk Family Caviar Blue Form Factor 3.5" Formatted Capacity 640 GB Physical Dimensions 147 x 101.6 x 25.4 mm Max. Weight 630 g Average Rotational Latency 4.2 ms Rotational Speed 7200 RPM Max. Internal Data Rate 1008 Mbit/s Average Seek 8.9 ms Track-To-Track Seek 2 ms Full Seek 21 ms Interface SATA-II Buffer-to-Host Data Rate 300 MB/s Buffer Size 16 MB Device Manufacturer: Company Name Western Digital Corporation Product Information http://www.wdc.com/en [ Optiarc DVD RW AD-7203S ATA Device ] Device Properties: Driver Description Optiarc DVD RW AD-7203S ATA Device Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf Optical Drive Properties: Manufacturer Optiarc Device Type DVD+RW/DVD-RW/DVD-RAM Interface SATA Writing Speeds: DVD+R9 Dual Layer 8x DVD+R 20x DVD+RW 8x DVD-R9 Dual Layer 12x DVD-R 20x DVD-RW 6x DVD-RAM 12x CD-R 48x CD-RW 32x Reading Speeds: DVD-ROM 16x CD-ROM 48x Device Manufacturer: Company Name Sony Optiarc Product Information http://www.sony-optiarc.us Firmware Download http://www.sony-optiarc.us [ ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf [ ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: IRQ 14 Port 01F0-01F7 Port 03F6-03F6 [ ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: IRQ 15 Port 0170-0177 Port 0376-0376 [ ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf [ Standard Dual Channel PCI IDE Controller ] Device Properties: Driver Description Standard Dual Channel PCI IDE Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: IRQ 19 Memory FDFFF000-FDFFF3FF Port FB00-FB0F Port FC00-FC03 Port FD00-FD07 Port FE00-FE03 Port FF00-FF07 [ Standard Dual Channel PCI IDE Controller ] Device Properties: Driver Description Standard Dual Channel PCI IDE Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Device Resources: Port FA00-FA0F --------[ Logical Drives ]---------------------------------------------------------------------------------------------- C: Local Disk NTFS 282523 MB 123516 MB 159007 MB 56 % 3633-292E D: (Storage) Local Disk NTFS 476936 MB 262468 MB 214468 MB 45 % 64A8-C5C9 E: (Games) Local Disk NTFS 307199 MB 224167 MB 83032 MB 27 % 3F31-BE92 F: (GTX-690) Local Disk NTFS 20652 MB 17390 MB 3262 MB 16 % C040-450F G: Optical Drive --------[ Physical Drives ]--------------------------------------------------------------------------------------------- [ Drive #1 - Hitachi HDS721050CLA362 (465 GB) ] #1 (Active) NTFS D: (Storage) 1 MB 476937 MB [ Drive #2 - WDC WD6400AAKS-22A7B2 (596 GB) ] #1 (Active) NTFS 1 MB 100 MB #2 NTFS C: 101 MB 282524 MB #3 NTFS E: (Games) 282625 MB 307200 MB #4 NTFS F: (GTX-690) 589825 MB 20653 MB --------[ Optical Drives ]---------------------------------------------------------------------------------------------- [ G:\ Optiarc DVD RW AD-7203S ATA Device ] Optical Drive Properties: Device Description Optiarc DVD RW AD-7203S ATA Device Serial Number F1191EL03Bqt Firmware Revision 1-B0 Firmware Date 3/19/2008 Buffer Size 2 MB Manufacturer Optiarc Device Type DVD+RW/DVD-RW/DVD-RAM Interface SATA Extra Features LabelFlash Region Code 1 Remaining User Changes 4 Remaining Vendor Changes 4 Writing Speeds: DVD+R9 Dual Layer 8x DVD+R 20x DVD+RW 8x DVD-R9 Dual Layer 12x DVD-R 20x DVD-RW 6x DVD-RAM 12x CD-R 48x CD-RW 32x Reading Speeds: DVD-ROM 16x CD-ROM 48x Supported Disk Types: BD-ROM Not Supported BD-R Not Supported BD-RE Not Supported HD DVD-ROM Not Supported HD DVD-R Dual Layer Not Supported HD DVD-RW Dual Layer Not Supported HD DVD-R Not Supported HD DVD-RW Not Supported HD DVD-RAM Not Supported DVD-ROM Read DVD+R9 Dual Layer Read + Write DVD+RW9 Dual Layer Not Supported DVD+R Read + Write DVD+RW Read + Write DVD-R9 Dual Layer Read + Write DVD-RW9 Dual Layer Not Supported DVD-R Read + Write DVD-RW Read + Write DVD-RAM Read + Write CD-ROM Read CD-R Read + Write CD-RW Read + Write Optical Drive Features: AACS Not Supported BD CPS Not Supported Buffer Underrun Protection Supported C2 Error Pointers Supported CD+G Not Supported CD-Text Supported DVD-Download Disc Recording Not Supported Hybrid Disc Not Supported JustLink Supported CPRM Supported CSS Supported LabelFlash Supported Layer-Jump Recording Supported LightScribe Not Supported Mount Rainier Not Supported OSSC Not Supported Qflix Recording Not Supported SecurDisc Not Supported SMART Not Supported VCPS Not Supported Device Manufacturer: Company Name Sony Optiarc Product Information http://www.sony-optiarc.us Firmware Download http://www.sony-optiarc.us Driver Update http://www.aida64.com/driver-updates --------[ ATA ]--------------------------------------------------------------------------------------------------------- [ Hitachi HDS721050CLA362 (JP1572JE16MDNK) ] ATA Device Properties: Model ID Hitachi HDS721050CLA362 Serial Number JP1572JE16MDNK Revision JP2OA50E World Wide Name 5-000CCA-397D11A96 Device Type SATA-II Parameters 969021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector LBA Sectors 976773168 Physical / Logical Sector Size 512 bytes / 512 bytes Buffer 14111 KB (Dual Ported, Read Ahead) Multiple Sectors 16 ECC Bytes 56 Max. PIO Transfer Mode PIO 4 Max. MWDMA Transfer Mode MWDMA 2 Max. UDMA Transfer Mode UDMA 6 Active UDMA Transfer Mode UDMA 6 Unformatted Capacity 476940 MB Form Factor 3.5" Rotational Speed 7200 RPM ATA Standard ATA8-ACS ATA Device Features: 48-bit LBA Supported Advanced Power Management Supported, Disabled Automatic Acoustic Management Not Supported Device Configuration Overlay Supported DMA Setup Auto-Activate Supported, Disabled Extended Power Conditions Not Supported Free-Fall Control Not Supported General Purpose Logging Supported Host Protected Area Supported, Enabled In-Order Data Delivery Supported, Disabled Native Command Queuing Supported NCQ Priority Information Supported Phy Event Counters Supported Power Management Supported, Enabled Power-Up In Standby Supported, Disabled Read Look-Ahead Supported, Enabled Release Interrupt Not Supported Security Mode Supported, Disabled Sense Data Reporting Not Supported SMART Supported, Enabled SMART Error Logging Supported SMART Self-Test Supported Software Settings Preservation Supported, Enabled Streaming Supported Tagged Command Queuing Not Supported Write Cache Supported, Enabled Write-Read-Verify Not Supported SSD Features: Data Set Management Not Supported Deterministic Read After TRIM Not Supported TRIM Command Not Supported ATA Device Physical Info: Manufacturer Hitachi Hard Disk Family Deskstar 7K1000.C Form Factor 3.5" Formatted Capacity 500 GB Disks 1 Recording Surfaces 2 Physical Dimensions 147 x 101.6 x 26.1 mm Max. Weight 400 g Average Rotational Latency 4.17 ms Rotational Speed 7200 RPM Max. Internal Data Rate 1589 Mbit/s Interface SATA-II Buffer-to-Host Data Rate 300 MB/s Buffer Size 16 MB ATA Device Manufacturer: Company Name Hitachi Global Storage Technologies Product Information http://www.hgst.com Driver Update http://www.aida64.com/driver-updates [ WDC WD6400AAKS-22A7B2 (WD-WCASY3905444) ] ATA Device Properties: Model ID WDC WD6400AAKS-22A7B2 Serial Number WD-WCASY3905444 Revision 01.03B01 World Wide Name 5-0014EE-257C8A741 Device Type SATA-II Parameters 1240341 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector LBA Sectors 1250263728 Physical / Logical Sector Size 512 bytes / 512 bytes Buffer 16 MB Multiple Sectors 16 ECC Bytes 50 Max. PIO Transfer Mode PIO 4 Max. MWDMA Transfer Mode MWDMA 2 Max. UDMA Transfer Mode UDMA 6 Active UDMA Transfer Mode UDMA 6 Unformatted Capacity 610480 MB ATA Standard ATA8-ACS ATA Device Features: 48-bit LBA Supported Advanced Power Management Not Supported Automatic Acoustic Management Supported, Disabled Device Configuration Overlay Supported DMA Setup Auto-Activate Supported, Disabled Extended Power Conditions Not Supported Free-Fall Control Not Supported General Purpose Logging Supported Host Protected Area Supported, Enabled In-Order Data Delivery Not Supported Native Command Queuing Supported NCQ Priority Information Not Supported Phy Event Counters Supported Power Management Supported, Enabled Power-Up In Standby Supported, Disabled Read Look-Ahead Supported, Enabled Release Interrupt Not Supported Security Mode Supported, Disabled Sense Data Reporting Not Supported SMART Supported, Enabled SMART Error Logging Supported SMART Self-Test Supported Software Settings Preservation Supported, Enabled Streaming Not Supported Tagged Command Queuing Not Supported Write Cache Supported, Enabled Write-Read-Verify Not Supported SSD Features: Data Set Management Not Supported Deterministic Read After TRIM Not Supported TRIM Command Not Supported ATA Device Physical Info: Manufacturer Western Digital Hard Disk Family Caviar Blue Form Factor 3.5" Formatted Capacity 640 GB Physical Dimensions 147 x 101.6 x 25.4 mm Max. Weight 630 g Average Rotational Latency 4.2 ms Rotational Speed 7200 RPM Max. Internal Data Rate 1008 Mbit/s Average Seek 8.9 ms Track-To-Track Seek 2 ms Full Seek 21 ms Interface SATA-II Buffer-to-Host Data Rate 300 MB/s Buffer Size 16 MB ATA Device Manufacturer: Company Name Western Digital Corporation Product Information http://www.wdc.com/en Driver Update http://www.aida64.com/driver-updates --------[ SMART ]------------------------------------------------------------------------------------------------------- [ Hitachi HDS721050CLA362 (JP1572JE16MDNK) ] 01 Raw Read Error Rate 16 100 100 0 OK: Value is normal 02 Throughput Performance 54 135 135 98 OK: Value is normal 03 Spinup Time 24 117 117 12779715 OK: Value is normal 04 Start/Stop Count 0 99 99 4676 OK: Always passes 05 Reallocated Sector Count 5 100 100 0 OK: Value is normal 07 Seek Error Rate 67 100 100 0 OK: Value is normal 08 Seek Time Performance 20 140 140 30 OK: Value is normal 09 Power-On Time Count 0 98 98 14322 OK: Always passes 0A Spinup Retry Count 60 100 100 0 OK: Value is normal 0C Power Cycle Count 0 100 100 48 OK: Always passes C0 Power-Off Retract Count 0 96 96 4969 OK: Always passes C1 Load/Unload Cycle Count 0 96 96 4969 OK: Always passes C2 Temperature 0 230 230 46, 11, 26 OK: Always passes C4 Reallocation Event Count 0 100 100 0 OK: Always passes C5 Current Pending Sector Count 0 100 100 0 OK: Always passes C6 Offline Uncorrectable Sector Count 0 100 100 0 OK: Always passes C7 Ultra ATA CRC Error Rate 0 200 200 0 OK: Always passes [ WDC WD6400AAKS-22A7B2 (WD-WCASY3905444) ] 01 Raw Read Error Rate 51 200 200 492 OK: Value is normal 03 Spinup Time 21 162 159 4866 OK: Value is normal 04 Start/Stop Count 0 100 100 614 OK: Always passes 05 Reallocated Sector Count 140 199 199 7 OK: Value is normal 07 Seek Error Rate 0 200 200 0 OK: Always passes 09 Power-On Time Count 0 46 46 39919 OK: Always passes 0A Spinup Retry Count 0 100 100 0 OK: Always passes 0B Calibration Retry Count 0 100 100 0 OK: Always passes 0C Power Cycle Count 0 100 100 576 OK: Always passes C0 Power-Off Retract Count 0 200 200 395 OK: Always passes C1 Load/Unload Cycle Count 0 200 200 614 OK: Always passes C2 Temperature 0 118 96 29 OK: Always passes C4 Reallocation Event Count 0 199 199 1 OK: Always passes C5 Current Pending Sector Count 0 200 200 0 OK: Always passes C6 Offline Uncorrectable Sector Count 0 200 200 0 OK: Always passes C7 Ultra ATA CRC Error Rate 0 200 200 10 OK: Always passes C8 Write Error Rate 0 200 200 0 OK: Always passes --------[ Windows Network ]--------------------------------------------------------------------------------------------- [ Realtek PCIe GBE Family Controller ] Network Adapter Properties: Network Adapter Realtek PCIe GBE Family Controller Interface Type Ethernet Hardware Address 50-E5-49-C2-27-97 Connection Name Local Area Connection Connection Speed 100 Mbps MTU 1500 bytes DHCP Lease Obtained 12/24/2013 11:11:11 PM DHCP Lease Expires 12/25/2013 11:11:11 PM Bytes Received 14158997 (13.5 MB) Bytes Sent 1462736 (1.4 MB) Network Adapter Addresses: IP / Subnet Mask 192.168.1.138 / 255.255.255.0 Gateway 192.168.1.1 DHCP 192.168.1.1 DNS 192.168.1.1 Network Adapter Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ VirtualBox Host-Only Ethernet Adapter ] Network Adapter Properties: Network Adapter VirtualBox Host-Only Ethernet Adapter Interface Type Ethernet Hardware Address 08-00-27-00-AC-19 Connection Name VirtualBox Host-Only Network Connection Speed 100 Mbps MTU 1500 bytes Bytes Received 0 Bytes Sent 121974 (119.1 KB) Network Adapter Addresses: IP / Subnet Mask 192.168.56.1 / 255.255.255.0 Network Adapter Manufacturer: Company Name Oracle Corporation Product Information http://www.virtualbox.org Driver Download http://www.virtualbox.org Driver Update http://www.aida64.com/driver-updates --------[ PCI / PnP Network ]------------------------------------------------------------------------------------------- Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter (PHY: Realtek RTL8211/8212) PCI --------[ IAM ]--------------------------------------------------------------------------------------------------------- [ Microsoft Communities ] Account Properties: Account Name Microsoft Communities Account ID account{3EB4B5C9-55CC-47A1-8C7D-B04367E2E426}.oeaccount Account Type News (Default) Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) NNTP Server msnews.microsoft.com Account Features: NNTP Prompt For Password No NNTP Secure Authentication No NNTP Secure Connection No NNTP Use Group Descriptions No NNTP Post Using Plain Text Format No NNTP Post Using HTML Format No [ Active Directory ] Account Properties: Account Name Active Directory Account ID account{51196024-D982-42E3-A352-B6DCFA5C3379}.oeaccount Account Type LDAP Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) LDAP Server NULL:3268 LDAP User Name NULL LDAP Search Base NULL LDAP Search Timeout 1 min Account Features: LDAP Authentication Required Yes LDAP Secure Authentication Yes LDAP Secure Connection No LDAP Simple Search Filter No [ VeriSign Internet Directory Service ] Account Properties: Account Name VeriSign Internet Directory Service Account ID account{EEC17F55-C232-4233-A87D-8F5A25E8FE32}.oeaccount Account Type LDAP Application Name Microsoft Windows Mail Connection Name Not Specified (IE Default) LDAP Server directory.verisign.com LDAP URL http://www.verisign.com LDAP Search Base NULL LDAP Search Timeout 1 min Account Features: LDAP Authentication Required No LDAP Secure Authentication No LDAP Secure Connection No LDAP Simple Search Filter Yes --------[ Internet ]---------------------------------------------------------------------------------------------------- Internet Settings: Start Page http://go.microsoft.com/fwlink/?LinkId=69157 Search Page http://go.microsoft.com/fwlink/?LinkId=54896 Local Page C:\Windows\system32\blank.htm Download Folder Current Proxy: Proxy Status Disabled LAN Proxy: Proxy Status Disabled --------[ Routes ]------------------------------------------------------------------------------------------------------ Active 0.0.0.0 0.0.0.0 192.168.1.1 20 192.168.1.138 (Realtek PCIe GBE Family Controller) Active 127.0.0.0 255.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 127.0.0.1 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 127.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 192.168.1.0 255.255.255.0 192.168.1.138 276 192.168.1.138 (Realtek PCIe GBE Family Controller) Active 192.168.1.138 255.255.255.255 192.168.1.138 276 192.168.1.138 (Realtek PCIe GBE Family Controller) Active 192.168.1.255 255.255.255.255 192.168.1.138 276 192.168.1.138 (Realtek PCIe GBE Family Controller) Active 192.168.56.0 255.255.255.0 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active 192.168.56.1 255.255.255.255 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active 192.168.56.255 255.255.255.255 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active 224.0.0.0 240.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 224.0.0.0 240.0.0.0 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active 224.0.0.0 240.0.0.0 192.168.1.138 276 192.168.1.138 (Realtek PCIe GBE Family Controller) Active 255.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1) Active 255.255.255.255 255.255.255.255 192.168.56.1 276 192.168.56.1 (VirtualBox Host-Only Ethernet Adapter) Active 255.255.255.255 255.255.255.255 192.168.1.138 276 192.168.1.138 (Realtek PCIe GBE Family Controller) --------[ IE Cookie ]--------------------------------------------------------------------------------------------------- 2013-12-20 09:28:14 devihaka@google.com/ 2013-12-22 13:41:12 devihaka@c9.webzen.com/ 2013-12-22 15:03:31 devihaka@c.atdmt.com/ 2013-12-23 23:38:07 devihaka@doubleclick.net/ 2013-12-24 22:17:01 devihaka@skype.com/ 2013-12-24 22:17:29 devihaka@c.msn.com/ 2013-12-24 22:18:07 devihaka@bs.serving-sys.com/ 2013-12-24 22:18:28 devihaka@scorecardresearch.com/ 2013-12-24 22:18:28 devihaka@serving-sys.com/ 2013-12-24 23:12:41 devihaka@justgetflux.com/ 2013-12-24 23:13:33 devihaka@localhost/ --------[ Browser History ]--------------------------------------------------------------------------------------------- 2013-12-22 13:40:51 Devihaka@res://E:\C9\C9Launcher.exe/105 2013-12-22 13:40:57 Devihaka@http://c9.webzen.com/Launcher 2013-12-22 14:35:37 Devihaka@file:///C:/Users/Devihaka/Downloads/clip%20(2013-12-22%20at%2002.32.10).jpg 2013-12-22 17:19:15 Devihaka@file:///C:/Users/Devihaka/Downloads/J9JfzG4.jpg 2013-12-22 17:20:03 Devihaka@file:///F:/=Presentation/orgasmic/anime_girl_headphones_by_mystical7-d32axko.png 2013-12-22 17:20:05 Devihaka@file:///F:/=Presentation/orgasmic/cfmClgy.png 2013-12-22 17:26:36 Devihaka@file:///F:/=Presentation/orgasmic/J9JfzG4.jpg 2013-12-22 21:42:27 Devihaka@file:///D:/Eclipse_Workspace/DailyIncome/.project 2013-12-22 21:44:36 Devihaka@file:///E:/Bukkit-Dev/Vault.jar 2013-12-22 21:44:38 Devihaka@file:///E:/Bukkit-Dev/craftbukkit-1.6.4-R2.0.jar 2013-12-22 21:46:38 Devihaka@file:///E:/Bukkit-Dev/SQLibrary-6.1.jar 2013-12-22 21:47:07 Devihaka@file:///E:/Bukkit-Dev/DailyIncome.jar 2013-12-23 02:40:23 Devihaka@file:///C:/Users/Devihaka/Downloads/9Ss28ID.jpg 2013-12-23 02:41:38 Devihaka@file:///F:/=Presentation/orgasmic/3cXbuTz.jpg 2013-12-23 14:13:09 Devihaka@file:///E:/AT%20Launcher/Instances/OnTheEdgeResonantRise/crash-reports/crash-2013-11-10_11.23.25-server.txt 2013-12-23 15:03:30 Devihaka@https://apps.skype.com/shared/adexpert/frame-hider.html 2013-12-23 18:35:16 Devihaka@file:///D:/Media/Movies/The%20Great%20Gatsby%202013%201080p%20BRRip%20x264%20AC3-JYK.avi 2013-12-23 20:03:13 Devihaka@file:///C:/Users/Devihaka/Downloads/1387835580929.gif 2013-12-23 20:08:07 Devihaka@file:///C:/Users/Devihaka/Downloads/1387835811408.gif 2013-12-23 20:08:58 Devihaka@file:///C:/Users/Devihaka/Downloads/1387835335130.gif 2013-12-23 20:16:07 Devihaka@file:///F:/=Presentation/vidya/Ashlynn%20Brooke%20Blowjob,%20asslick,%20ball%20lick%20-%20Pornhub.com.mp4 2013-12-23 20:20:54 Devihaka@file:///C:/Users/Devihaka/Downloads/905083-anielly-campos.jpg 2013-12-24 14:08:50 Devihaka@file:///C:/Users/Devihaka/Google%20Drive/Vocaroo_s05D94maQaid.flac 2013-12-24 14:51:44 Devihaka@file:///C:/Users/Devihaka/Google%20Drive/Whitelist.txt 2013-12-24 15:03:30 Devihaka@https://secure.skypeassets.com/channels/skype-home/en/tips/tip-call-phones.html 2013-12-24 19:40:37 Devihaka@file:///C:/Users/Devihaka/Downloads/3606251-awesome-cum-covered-solo-animation-featuring-hot-lesbian.gif 2013-12-24 22:17:21 Devihaka@https://apps.skype.com/home/?uiversion=6.3.0.105&language=en 2013-12-24 22:17:28 Devihaka@https://m.hotmail.com/ 2013-12-24 22:17:28 Devihaka@https://s-static.ak.facebook.com/connect/xd_arbiter.php?version=28 2013-12-24 22:17:28 Devihaka@javascript:false 2013-12-24 22:17:41 Devihaka@https://az361816.vo.msecnd.net/flextag/flextag.html?guid=fe4e1784-6095-48f7-8fa2-84975f30fc41 2013-12-24 22:17:41 Devihaka@https://static.skypeassets.com/adserver/AdLoader.html 2013-12-24 22:18:05 Devihaka@about:blank --------[ DirectX Files ]----------------------------------------------------------------------------------------------- amstream.dll 6.06.7601.17514 Final Retail English 70656 11/20/2010 7:18:03 AM bdaplgin.ax 6.01.7600.16385 Final Retail English 74240 7/13/2009 8:14:10 PM d3d8.dll 6.01.7600.16385 Final Retail English 1036800 7/13/2009 8:15:08 PM d3d8thk.dll 6.01.7600.16385 Final Retail English 11264 7/13/2009 8:15:08 PM d3d9.dll 6.01.7601.17514 Final Retail English 1828352 11/20/2010 7:18:25 AM d3dim.dll 6.01.7600.16385 Final Retail English 386048 7/13/2009 8:15:08 PM d3dim700.dll 6.01.7600.16385 Final Retail English 817664 7/13/2009 8:15:08 PM d3dramp.dll 6.01.7600.16385 Final Retail English 593920 7/13/2009 8:15:08 PM d3dref9.dll 6.02.9200.16384 Final Retail English 383944 7/25/2012 8:25:28 PM d3dxof.dll 6.01.7600.16385 Final Retail English 53760 7/13/2009 8:15:08 PM ddraw.dll 6.01.7600.16385 Final Retail English 531968 7/13/2009 8:15:10 PM ddrawex.dll 6.01.7600.16385 Final Retail English 30208 7/13/2009 8:15:10 PM devenum.dll 6.06.7600.16385 Final Retail English 66560 7/13/2009 8:15:10 PM dinput.dll 6.01.7600.16385 Final Retail English 136704 7/13/2009 8:15:11 PM dinput8.dll 6.01.7600.16385 Final Retail English 145408 7/13/2009 8:15:11 PM dmband.dll 6.01.7600.16385 Final Retail English 30720 7/13/2009 8:15:12 PM dmcompos.dll 6.01.7600.16385 Final Retail English 63488 7/13/2009 8:15:12 PM dmime.dll 6.01.7600.16385 Final Retail English 179712 7/13/2009 8:15:12 PM dmloader.dll 6.01.7600.16385 Final Retail English 38400 7/13/2009 8:15:12 PM dmscript.dll 6.01.7600.16385 Final Retail English 86016 7/13/2009 8:15:12 PM dmstyle.dll 6.01.7600.16385 Final Retail English 105984 7/13/2009 8:15:12 PM dmsynth.dll 6.01.7600.16385 Final Retail English 105472 7/13/2009 8:15:12 PM dmusic.dll 6.01.7600.16385 Final Retail English 101376 7/13/2009 8:15:12 PM dplaysvr.exe 6.01.7600.16385 Final Retail English 29184 7/13/2009 8:14:18 PM dplayx.dll 6.01.7600.16385 Final Retail English 213504 7/13/2009 8:15:12 PM dpmodemx.dll 6.01.7600.16385 Final Retail English 23040 7/13/2009 8:15:12 PM dpnaddr.dll 6.01.7601.17514 Final Retail English 2560 11/20/2010 6:57:57 AM dpnet.dll 6.01.7601.17989 Final Retail English 376832 11/2/2012 12:11:31 AM dpnhpast.dll 6.01.7600.16385 Final Retail English 7168 7/13/2009 8:15:12 PM dpnhupnp.dll 6.01.7600.16385 Final Retail English 7168 7/13/2009 8:15:12 PM dpnlobby.dll 6.01.7600.16385 Final Retail English 2560 7/13/2009 8:04:52 PM dpnsvr.exe 6.01.7600.16385 Final Retail English 33280 7/13/2009 8:14:18 PM dpwsockx.dll 6.01.7600.16385 Final Retail English 44032 7/13/2009 8:15:12 PM dsdmo.dll 6.01.7600.16385 Final Retail English 173568 7/13/2009 8:15:13 PM dsound.dll 6.01.7600.16385 Final Retail English 453632 7/13/2009 8:15:13 PM dswave.dll 6.01.7600.16385 Final Retail English 20992 7/13/2009 8:15:13 PM dx7vb.dll 5.03.2600.5512 Final Retail English 619008 4/13/2008 6:11:52 PM dxdiagn.dll 6.01.7601.17514 Final Retail English 210432 11/20/2010 7:18:36 AM dxmasf.dll 12.00.7601.17514 Final Retail English 4096 11/20/2010 7:21:22 AM encapi.dll 6.01.7600.16385 Final Retail English 20992 7/13/2009 8:15:14 PM gcdef.dll 6.01.7600.16385 Final Retail English 120832 7/13/2009 8:15:22 PM iac25_32.ax 2.00.0005.0053 Final Retail English 197632 7/13/2009 8:14:10 PM ir41_32.ax 4.51.0016.0003 Final Retail English 839680 7/13/2009 8:14:10 PM ir41_qc.dll 4.30.0062.0002 Final Retail English 120320 7/13/2009 8:15:34 PM ir41_qcx.dll 4.30.0062.0002 Final Retail English 120320 7/13/2009 8:15:34 PM ir50_32.dll 5.2562.0015.0055 Final Retail English 746496 7/13/2009 8:15:34 PM ir50_qc.dll 5.00.0063.0048 Final Retail English 200192 7/13/2009 8:15:34 PM ir50_qcx.dll 5.00.0063.0048 Final Retail English 200192 7/13/2009 8:15:34 PM ivfsrc.ax 5.10.0002.0051 Final Retail English 146944 7/13/2009 8:14:10 PM joy.cpl 6.01.7600.16385 Final Retail English 138240 7/13/2009 8:14:09 PM ksproxy.ax 6.01.7601.17514 Final Retail English 193536 11/20/2010 7:16:52 AM kstvtune.ax 6.01.7601.17514 Final Retail English 84480 11/20/2010 7:16:52 AM ksuser.dll 6.01.7600.16385 Final Retail English 4608 7/13/2009 8:15:35 PM kswdmcap.ax 6.01.7601.17514 Final Retail English 107008 11/20/2010 7:16:52 AM ksxbar.ax 6.01.7601.17514 Final Retail English 48640 11/20/2010 7:16:52 AM mciqtz32.dll 6.06.7601.17514 Final Retail English 36352 11/20/2010 7:19:32 AM mfc40.dll 4.01.0000.6151 Beta Retail English 954752 11/20/2010 7:19:33 AM mfc42.dll 6.06.8064.0000 Beta Retail English 1137664 3/11/2011 12:33:59 AM Microsoft.DirectX.AudioVideoPlayback.dll 5.04.0000.2904 Final Retail English 53248 10/20/2013 2:19:13 AM Microsoft.DirectX.Diagnostics.dll 5.04.0000.2904 Final Retail English 12800 10/20/2013 2:19:13 AM Microsoft.DirectX.Direct3D.dll 9.05.0132.0000 Final Retail English 473600 10/20/2013 2:19:13 AM Microsoft.DirectX.Direct3DX.dll 5.04.0000.3900 Final Retail English 2676224 10/20/2013 2:19:10 AM Microsoft.DirectX.Direct3DX.dll 9.04.0091.0000 Final Retail English 2846720 10/20/2013 2:19:10 AM Microsoft.DirectX.Direct3DX.dll 9.05.0132.0000 Final Retail English 563712 10/20/2013 2:19:10 AM Microsoft.DirectX.Direct3DX.dll 9.06.0168.0000 Final Retail English 567296 10/20/2013 2:19:10 AM Microsoft.DirectX.Direct3DX.dll 9.07.0239.0000 Final Retail English 576000 10/20/2013 2:19:10 AM Microsoft.DirectX.Direct3DX.dll 9.08.0299.0000 Final Retail English 577024 10/20/2013 2:19:11 AM Microsoft.DirectX.Direct3DX.dll 9.09.0376.0000 Final Retail English 577536 10/20/2013 2:19:11 AM Microsoft.DirectX.Direct3DX.dll 9.10.0455.0000 Final Retail English 577536 10/20/2013 2:19:11 AM Microsoft.DirectX.Direct3DX.dll 9.11.0519.0000 Final Retail English 578560 10/20/2013 2:19:11 AM Microsoft.DirectX.Direct3DX.dll 9.12.0589.0000 Final Retail English 578560 10/20/2013 2:19:13 AM Microsoft.DirectX.DirectDraw.dll 5.04.0000.2904 Final Retail English 145920 10/20/2013 2:19:13 AM Microsoft.DirectX.DirectInput.dll 5.04.0000.2904 Final Retail English 159232 10/20/2013 2:19:13 AM Microsoft.DirectX.DirectPlay.dll 5.04.0000.2904 Final Retail English 364544 10/20/2013 2:19:13 AM Microsoft.DirectX.DirectSound.dll 5.04.0000.2904 Final Retail English 178176 10/20/2013 2:19:13 AM Microsoft.DirectX.dll 5.04.0000.2904 Final Retail English 223232 10/20/2013 2:19:13 AM mpeg2data.ax 6.06.7601.17514 Final Retail English 72704 11/20/2010 7:16:52 AM mpg2splt.ax 6.06.7601.17528 Final Retail English 199680 12/23/2010 12:50:23 AM msdmo.dll 6.06.7601.17514 Final Retail English 30720 11/20/2010 7:19:46 AM msdvbnp.ax 6.06.7601.17514 Final Retail English 59904 11/20/2010 7:16:52 AM msvidctl.dll 6.05.7601.17514 Final Retail English 2291712 11/20/2010 7:19:55 AM msyuv.dll 6.01.7601.17514 Final Retail English 22528 11/20/2010 7:19:56 AM pid.dll 6.01.7600.16385 Final Retail English 36352 7/13/2009 8:16:12 PM psisdecd.dll 6.06.7601.17669 Final Retail English 465408 8/16/2011 11:24:12 PM psisrndr.ax 6.06.7601.17669 Final Retail English 75776 8/16/2011 11:19:27 PM qasf.dll 12.00.7601.17514 Final Retail English 206848 11/20/2010 7:20:57 AM qcap.dll 6.06.7601.17514 Final Retail English 190976 11/20/2010 7:20:57 AM qdv.dll 6.06.7601.17514 Final Retail English 283136 11/20/2010 7:20:57 AM qdvd.dll 6.06.7601.17835 Final Retail English 514560 5/4/2012 4:59:54 AM qedit.dll 6.06.7601.18175 Final Retail English 509440 6/3/2013 11:53:07 PM qedwipes.dll 6.06.7600.16385 Final Retail English 733184 7/13/2009 8:09:35 PM quartz.dll 6.06.7601.17713 Final Retail English 1328128 10/25/2011 11:32:11 PM vbisurf.ax 6.01.7601.17514 Final Retail English 33792 11/20/2010 7:16:52 AM vfwwdm32.dll 6.01.7601.17514 Final Retail English 56832 11/20/2010 7:21:34 AM wsock32.dll 6.01.7600.16385 Final Retail English 15360 7/13/2009 8:16:20 PM --------[ DirectX Video ]----------------------------------------------------------------------------------------------- [ Primary Display Driver ] DirectDraw Device Properties: DirectDraw Driver Name display DirectDraw Driver Description Primary Display Driver Hardware Driver nvd3dum.dll (9.18.13.3182 - nVIDIA ForceWare 331.82) Hardware Description NVIDIA GeForce GTX 460 Direct3D Device Properties: Total / Free Video Memory 1024 MB / 806 MB Rendering Bit Depths 8, 16, 32 Z-Buffer Bit Depths 16, 24, 32 Multisample Anti-Aliasing Modes MSAA 2x, MSAA 4x, MSAA 8x, CSAA 8x, CSAA 8xQ, CSAA 16x, CSAA 16xQ Min Texture Size 1 x 1 Max Texture Size 16384 x 16384 Unified Shader Version 5.0 DirectX Hardware Support DirectX v11.0 Direct3D Device Features: Additive Texture Blending Supported AGP Texturing Supported Anisotropic Filtering Supported Automatic Mipmap Generation Supported Bilinear Filtering Supported Compute Shader Supported Cubic Environment Mapping Supported Cubic Filtering Not Supported Decal-Alpha Texture Blending Supported Decal Texture Blending Supported DirectX Texture Compression Not Supported DirectX Volumetric Texture Compression Not Supported Dithering Supported Dot3 Texture Blending Supported Double-Precision Floating-Point Supported Driver Concurrent Creates Supported Driver Command Lists Supported Dynamic Textures Supported Edge Anti-Aliasing Supported Environmental Bump Mapping Supported Environmental Bump Mapping + Luminance Supported Factor Alpha Blending Supported Geometric Hidden-Surface Removal Not Supported Geometry Shader Supported Guard Band Supported Hardware Scene Rasterization Supported Hardware Transform & Lighting Supported Legacy Depth Bias Supported Mipmap LOD Bias Adjustments Supported Mipmapped Cube Textures Supported Mipmapped Volume Textures Supported Modulate-Alpha Texture Blending Supported Modulate Texture Blending Supported Non-Square Textures Supported N-Patches Not Supported Perspective Texture Correction Supported Point Sampling Supported Projective Textures Supported Quintic Bezier Curves & B-Splines Not Supported Range-Based Fog Supported Rectangular & Triangular Patches Not Supported Rendering In Windowed Mode Supported Scissor Test Supported Slope-Scale Based Depth Bias Supported Specular Flat Shading Supported Specular Gouraud Shading Supported Specular Phong Shading Not Supported Spherical Mapping Supported Stencil Buffers Supported Sub-Pixel Accuracy Supported Subtractive Texture Blending Supported Table Fog Supported Texture Alpha Blending Supported Texture Clamping Supported Texture Mirroring Supported Texture Transparency Supported Texture Wrapping Supported Triangle Culling Not Supported Trilinear Filtering Supported Two-Sided Stencil Test Supported Vertex Alpha Blending Supported Vertex Fog Supported Vertex Tweening Not Supported Volume Textures Supported W-Based Fog Supported W-Buffering Not Supported Z-Based Fog Supported Z-Bias Supported Z-Test Supported Supported FourCC Codes: 3x11 Supported 3x16 Supported AI44 Supported AIP8 Supported ATOC Supported AV12 Supported AYUV Supported NV12 Supported NV24 Supported NVDB Supported NVDP Supported NVMD Supported PLFF Supported SSAA Supported UYVY Supported YUY2 Supported YV12 Supported Video Adapter Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/products.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates --------[ DirectX Sound ]----------------------------------------------------------------------------------------------- [ Primary Sound Driver ] DirectSound Device Properties: Device Description Primary Sound Driver Driver Module Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ Speakers (Realtek High Definition Audio) ] DirectSound Device Properties: Device Description Speakers (Realtek High Definition Audio) Driver Module {0.0.0.00000000}.{9e094cb7-7a75-4319-b9a6-199a2035ef10} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ Realtek Digital Output(Optical) (Realtek High Definition Audio) ] DirectSound Device Properties: Device Description Realtek Digital Output(Optical) (Realtek High Definition Audio) Driver Module {0.0.0.00000000}.{11c0cdac-796b-484d-bdd1-f6a6559dadd8} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ HF199H-1 (NVIDIA High Definition Audio) ] DirectSound Device Properties: Device Description HF199H-1 (NVIDIA High Definition Audio) Driver Module {0.0.0.00000000}.{5c694831-3bf6-4c86-a9a5-f75c9d366313} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported [ Realtek Digital Output (Realtek High Definition Audio) ] DirectSound Device Properties: Device Description Realtek Digital Output (Realtek High Definition Audio) Driver Module {0.0.0.00000000}.{ca1df343-28a4-4be3-8425-51ae3d401803} Primary Buffers 1 Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo Total / Free Sound Buffers 1 / 0 Total / Free Static Sound Buffers 1 / 0 Total / Free Streaming Sound Buffers 1 / 0 Total / Free 3D Sound Buffers 0 / 0 Total / Free 3D Static Sound Buffers 0 / 0 Total / Free 3D Streaming Sound Buffers 0 / 0 DirectSound Device Features: Certified Driver No Emulated Device No Precise Sample Rate Supported DirectSound3D Not Supported Creative EAX 1.0 Not Supported Creative EAX 2.0 Not Supported Creative EAX 3.0 Not Supported Creative EAX 4.0 Not Supported Creative EAX 5.0 Not Supported I3DL2 Not Supported Sensaura ZoomFX Not Supported --------[ DirectX Input ]----------------------------------------------------------------------------------------------- [ Mouse ] DirectInput Device Properties: Device Description Mouse Device Type Unknown Device Subtype Unknown Axes 3 Buttons/Keys 8 DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported [ Keyboard ] DirectInput Device Properties: Device Description Keyboard Device Type Unknown Device Subtype Unknown Buttons/Keys 128 DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported [ G510 Gaming Keyboard ] DirectInput Device Properties: Device Description G510 Gaming Keyboard Device Type Unknown Device Subtype Unknown Buttons/Keys 7 DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported [ G510 Gaming Keyboard ] DirectInput Device Properties: Device Description G510 Gaming Keyboard Device Type Unknown Device Subtype Unknown DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported [ Gaming Mouse G600 ] DirectInput Device Properties: Device Description Gaming Mouse G600 Device Type Unknown Device Subtype Unknown DirectInput Device Features: Emulated Device Yes Alias Device No Polled Device No Polled Data Format No Attack Force Feedback Not Supported Deadband Force Feedback Not Supported Fade Force Feedback Not Supported Force Feedback Not Supported Saturation Force Feedback Not Supported +/- Force Feedback Coefficients Not Supported +/- Force Feedback Saturation Not Supported --------[ Windows Devices ]--------------------------------------------------------------------------------------------- [ Devices ] Computer: ACPI x64-based PC 6.1.7600.16385 Disk drives: Hitachi HDS721050CLA362 ATA Device 6.1.7600.16385 WDC WD6400AAKS-22A7B2 ATA Device 6.1.7600.16385 Display adapters: NVIDIA GeForce GTX 460 9.18.13.3182 DVD/CD-ROM drives: Optiarc DVD RW AD-7203S ATA Device 6.1.7601.17514 Human Interface Devices: HID-compliant consumer control device 6.1.7600.16385 HID-compliant device 6.1.7601.18199 HID-compliant device 6.1.7601.18199 Logitech Gaming Virtual Keyboard 3.4.131.0 Logitech Gaming Virtual Mouse 3.4.131.0 USB Input Device 6.1.7601.18199 USB Input Device 6.1.7601.18199 USB Input Device 6.1.7601.18199 USB Input Device 6.1.7601.18199 IDE ATA/ATAPI controllers: ATA Channel 0 6.1.7601.18231 ATA Channel 0 6.1.7601.18231 ATA Channel 1 6.1.7601.18231 ATA Channel 1 6.1.7601.18231 Standard Dual Channel PCI IDE Controller 6.1.7601.18231 Standard Dual Channel PCI IDE Controller 6.1.7601.18231 IEEE 1394 Bus host controllers: VIA 1394 OHCI Compliant Host Controller 6.1.7601.17514 Imaging devices: HP Officejet 6600 (NET) 26.0.0.0 Keyboards: HID Keyboard Device 6.1.7601.17514 HID Keyboard Device 6.1.7601.17514 HID Keyboard Device 6.1.7601.17514 Mice and other pointing devices: HID-compliant mouse 6.1.7600.16385 Logitech Gaming Mouse G600 8.45.35.0 Monitors: Generic PnP Monitor 6.1.7600.16385 HSD HF199H 1.0.0.0 Network adapters: Microsoft ISATAP Adapter #2 6.1.7600.16385 Microsoft ISATAP Adapter 6.1.7600.16385 RAS Async Adapter 6.1.7600.16385 Realtek PCIe GBE Family Controller - VirtualBox Bridged Networking Driver Miniport4.3.0.0 Realtek PCIe GBE Family Controller 7.38.113.2011 Teredo Tunneling Pseudo-Interface 6.1.7600.16385 VirtualBox Host-Only Ethernet Adapter 4.3.0.0 WAN Miniport (IKEv2) 6.1.7601.17514 WAN Miniport (IP) 6.1.7600.16385 WAN Miniport (IPv6) 6.1.7600.16385 WAN Miniport (L2TP) 6.1.7600.16385 WAN Miniport (Network Monitor) 6.1.7600.16385 WAN Miniport (PPPOE) 6.1.7600.16385 WAN Miniport (PPTP) 6.1.7600.16385 WAN Miniport (SSTP) 6.1.7600.16385 Non-Plug and Play Drivers: Ancillary Function Driver for Winsock AppleCharger Beep Bitlocker Drive Encryption Filter Driver CNG Common Log (CLFS) Disk Virtual Machine Bus Acceleration Filter Driver Dynamic Volume Manager gdrv Hardware Policy Driver HTTP Kernel Mode Driver Frameworks service KSecDD KSecPkg LDDM Graphics Subsystem Link-Layer Topology Discovery Mapper I/O Driver Link-Layer Topology Discovery Responder Microsoft Network Inspection System Mount Point Manager msisadrv NDIS System Driver NDProxy NETBT NetIO Legacy TDI Support Driver NSI proxy service driver. Null nvraid Offline Files Driver PEAUTH Performance Counters for Windows Driver QoS Packet Scheduler RDP Encoder Mirror Driver RDPCDD Reflector Display Driver used to gain access to graphics data Remote Access IPv6 ARP Driver Security Driver Security Processor Loader Driver Storage volumes System Attribute Cache TCP/IP Protocol Driver TCP/IP Registry Compatibility User Mode Driver Frameworks Platform Driver usj VgaSave Virtual Machine Bus Virtual PC Network Filter Driver VirtualBox Service VirtualBox USB Monitor Driver WFP Lightweight Filter Windows Firewall Authorization Driver Ports (COM & LPT): Communications Port (COM1) 6.1.7600.16385 Printers: Fax - HP Officejet 6600 3.0.0.0 HP Officejet 6600 9.84.0.1189 Processors: AMD Phenom(tm) II X6 1100T Processor 6.1.7600.16385 AMD Phenom(tm) II X6 1100T Processor 6.1.7600.16385 AMD Phenom(tm) II X6 1100T Processor 6.1.7600.16385 AMD Phenom(tm) II X6 1100T Processor 6.1.7600.16385 AMD Phenom(tm) II X6 1100T Processor 6.1.7600.16385 AMD Phenom(tm) II X6 1100T Processor 6.1.7600.16385 Sound, video and game controllers: NVIDIA High Definition Audio 1.3.26.4 NVIDIA High Definition Audio 1.3.26.4 NVIDIA High Definition Audio 1.3.26.4 NVIDIA High Definition Audio 1.3.26.4 NVIDIA Virtual Audio Device (Wave Extensible) (WDM)1.2.9.0 Realtek High Definition Audio 6.0.1.6433 Storage volume shadow copies: Generic volume shadow copy 6.1.7600.16385 Storage Volumes: Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 Generic volume 6.1.7601.17514 System devices: ACPI Fixed Feature Button 6.1.7601.17514 ACPI Power Button 6.1.7601.17514 ATI I/O Communications Processor PCI Bus Controller6.1.7601.17514 ATI I/O Communications Processor SMBus Controller 6.1.7601.17514 Composite Bus Enumerator 6.1.7601.17514 Direct memory access controller 6.1.7601.17514 File as Volume Driver 6.1.7600.16385 High Definition Audio Controller 6.1.7601.17514 High Definition Audio Controller 6.1.7601.17514 High precision event timer 6.1.7601.17514 Logitech GamePanel Virtual Bus Enumerator 3.4.131.0 Microsoft ACPI-Compliant System 6.1.7601.17514 Microsoft System Management BIOS Driver 6.1.7601.17514 Microsoft Virtual Drive Enumerator Driver 6.1.7601.17514 Microsoft Windows Management Interface for ACPI 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Motherboard resources 6.1.7601.17514 Numeric data processor 6.1.7601.17514 PCI bus 6.1.7601.17514 PCI standard host CPU bridge 6.1.7601.17514 PCI standard host CPU bridge 6.1.7601.17514 PCI standard host CPU bridge 6.1.7601.17514 PCI standard host CPU bridge 6.1.7601.17514 PCI standard host CPU bridge 6.1.7601.17514 PCI standard host CPU bridge 6.1.7601.17514 PCI standard ISA bridge 6.1.7601.17514 PCI standard PCI-to-PCI bridge 6.1.7601.17514 PCI standard PCI-to-PCI bridge 6.1.7601.17514 PCI standard PCI-to-PCI bridge 6.1.7601.17514 PCI standard PCI-to-PCI bridge 6.1.7601.17514 PCI standard PCI-to-PCI bridge 6.1.7601.17514 Plug and Play Software Device Enumerator 6.1.7601.17514 Programmable interrupt controller 6.1.7601.17514 Remote Desktop Device Redirector Bus 6.1.7600.16385 System board 6.1.7601.17514 System CMOS/real time clock 6.1.7601.17514 System speaker 6.1.7601.17514 System timer 6.1.7601.17514 Terminal Server Keyboard Driver 6.1.7601.17514 Terminal Server Mouse Driver 6.1.7601.17514 UMBus Enumerator 6.1.7601.17514 UMBus Root Bus Enumerator 6.1.7601.17514 Virtual PC Host Bus Driver 6.1.7084.0 Volume Manager 6.1.7601.17514 Universal Serial Bus controllers: Etron USB 3.0 Extensible Host Controller 1.0.0.104 Etron USB 3.0 Extensible Host Controller 1.0.0.104 Etron USB 3.0 Extensible Root Hub 1.0.0.104 Etron USB 3.0 Extensible Root Hub 1.0.0.104 Standard Enhanced PCI to USB Host Controller 6.1.7601.18251 Standard Enhanced PCI to USB Host Controller 6.1.7601.18251 Standard Enhanced PCI to USB Host Controller 6.1.7601.18251 Standard OpenHCD USB Host Controller 6.1.7601.18251 Standard OpenHCD USB Host Controller 6.1.7601.18251 Standard OpenHCD USB Host Controller 6.1.7601.18251 Standard OpenHCD USB Host Controller 6.1.7601.18251 USB Composite Device 6.1.7601.18251 USB Composite Device 6.1.7601.18251 USB Root Hub 6.1.7601.18251 USB Root Hub 6.1.7601.18251 USB Root Hub 6.1.7601.18251 USB Root Hub 6.1.7601.18251 USB Root Hub 6.1.7601.18251 USB Root Hub 6.1.7601.18251 USB Root Hub 6.1.7601.18251 Unknown: Logitech Gaming HID Device USB Virtualization: USB Virtualization Connector Driver 6.1.7084.0 [ Computer / ACPI x64-based PC ] Device Properties: Driver Description ACPI x64-based PC Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File hal.inf Hardware ID acpiapic [ Disk drives / Hitachi HDS721050CLA362 ATA Device ] Device Properties: Driver Description Hitachi HDS721050CLA362 ATA Device Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Hardware ID IDE\DiskHitachi_HDS721050CLA362_________________JP2OA50E Location Information Channel 0, Target 0, Lun 0 Device Manufacturer: Company Name Hitachi Global Storage Technologies Product Information http://www.hgst.com Driver Update http://www.aida64.com/driver-updates [ Disk drives / WDC WD6400AAKS-22A7B2 ATA Device ] Device Properties: Driver Description WDC WD6400AAKS-22A7B2 ATA Device Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File disk.inf Hardware ID IDE\DiskWDC_WD6400AAKS-22A7B2___________________01.03B01 Location Information Channel 0, Target 1, Lun 0 Device Manufacturer: Company Name Western Digital Corporation Product Information http://www.wdc.com/en Driver Update http://www.aida64.com/driver-updates [ Display adapters / NVIDIA GeForce GTX 460 ] Device Properties: Driver Description NVIDIA GeForce GTX 460 Driver Date 11/11/2013 Driver Version 9.18.13.3182 Driver Provider NVIDIA INF File oem156.inf Hardware ID PCI\VEN_10DE&DEV_0E22&SUBSYS_13703842&REV_A1 Location Information PCI bus 1, device 0, function 0 PCI Device EVGA e-GeForce GTX 460 Video Adapter Device Resources: IRQ 18 Memory 000A0000-000BFFFF Memory D0000000-D7FFFFFF Memory DC000000-DFFFFFFF Memory F8000000-F9FFFFFF Port 03B0-03BB Port 03C0-03DF Port CF00-CF7F Video Adapter Manufacturer: Company Name EVGA Corporation Product Information http://eu.evga.com/products/prodlist.asp Driver Download http://www.evga.com/Support/Drivers/Default.asp Driver Update http://www.aida64.com/driver-updates [ DVD/CD-ROM drives / Optiarc DVD RW AD-7203S ATA Device ] Device Properties: Driver Description Optiarc DVD RW AD-7203S ATA Device Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File cdrom.inf Hardware ID IDE\CdRomOptiarc_DVD_RW_AD-7203S_________________1-B0____ Location Information Channel 0, Target 1, Lun 0 Device Manufacturer: Company Name Sony Optiarc Product Information http://www.sony-optiarc.us Firmware Download http://www.sony-optiarc.us Driver Update http://www.aida64.com/driver-updates [ Human Interface Devices / HID-compliant consumer control device ] Device Properties: Driver Description HID-compliant consumer control device Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File hidserv.inf Hardware ID HID\VID_046D&PID_C22D&REV_0165&MI_01&Col01 [ Human Interface Devices / HID-compliant device ] Device Properties: Driver Description HID-compliant device Driver Date 6/21/2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID HID\VID_046D&PID_C22D&REV_0165&MI_01&Col02 [ Human Interface Devices / HID-compliant device ] Device Properties: Driver Description HID-compliant device Driver Date 6/21/2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID HID\VID_046D&PID_C24A&REV_7701&MI_01&Col02 [ Human Interface Devices / Logitech Gaming Virtual Keyboard ] Device Properties: Driver Description Logitech Gaming Virtual Keyboard Driver Date 11/23/2009 Driver Version 3.4.131.0 Driver Provider Logitech INF File oem143.inf Hardware ID LogiDevice\VID_046D&PID_C232 [ Human Interface Devices / Logitech Gaming Virtual Mouse ] Device Properties: Driver Description Logitech Gaming Virtual Mouse Driver Date 11/23/2009 Driver Version 3.4.131.0 Driver Provider Logitech INF File oem143.inf Hardware ID LogiDevice\VID_046D&PID_C231 [ Human Interface Devices / USB Input Device ] Device Properties: Driver Description USB Input Device Driver Date 6/21/2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID USB\VID_046D&PID_C22D&REV_0165&MI_00 Location Information 0000.0016.0000.003.000.000.000.000.000 [ Human Interface Devices / USB Input Device ] Device Properties: Driver Description USB Input Device Driver Date 6/21/2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID USB\VID_046D&PID_C22D&REV_0165&MI_01 Location Information 0000.0016.0000.003.000.000.000.000.000 [ Human Interface Devices / USB Input Device ] Device Properties: Driver Description USB Input Device Driver Date 6/21/2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID USB\VID_046D&PID_C24A&REV_7701&MI_00 Location Information 0000.0016.0000.004.000.000.000.000.000 [ Human Interface Devices / USB Input Device ] Device Properties: Driver Description USB Input Device Driver Date 6/21/2006 Driver Version 6.1.7601.18199 Driver Provider Microsoft INF File input.inf Hardware ID USB\VID_046D&PID_C24A&REV_7701&MI_01 Location Information 0000.0016.0000.004.000.000.000.000.000 [ IDE ATA/ATAPI controllers / ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID 1002-4390 Location Information Channel 0 [ IDE ATA/ATAPI controllers / ATA Channel 0 ] Device Properties: Driver Description ATA Channel 0 Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID 1002-439c Location Information Channel 0 Device Resources: IRQ 14 Port 01F0-01F7 Port 03F6-03F6 [ IDE ATA/ATAPI controllers / ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID 1002-439c Location Information Channel 1 Device Resources: IRQ 15 Port 0170-0177 Port 0376-0376 [ IDE ATA/ATAPI controllers / ATA Channel 1 ] Device Properties: Driver Description ATA Channel 1 Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID 1002-4390 Location Information Channel 1 [ IDE ATA/ATAPI controllers / Standard Dual Channel PCI IDE Controller ] Device Properties: Driver Description Standard Dual Channel PCI IDE Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID PCI\VEN_1002&DEV_4390&SUBSYS_B0021458&REV_40 Location Information PCI bus 0, device 17, function 0 PCI Device ATI SB900 - SATA Controller Device Resources: IRQ 19 Memory FDFFF000-FDFFF3FF Port FB00-FB0F Port FC00-FC03 Port FD00-FD07 Port FE00-FE03 Port FF00-FF07 [ IDE ATA/ATAPI controllers / Standard Dual Channel PCI IDE Controller ] Device Properties: Driver Description Standard Dual Channel PCI IDE Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18231 Driver Provider Microsoft INF File mshdc.inf Hardware ID PCI\VEN_1002&DEV_439C&SUBSYS_50021458&REV_40 Location Information PCI bus 0, device 20, function 1 PCI Device ATI SB900 - IDE Controller Device Resources: Port FA00-FA0F [ IEEE 1394 Bus host controllers / VIA 1394 OHCI Compliant Host Controller ] Device Properties: Driver Description VIA 1394 OHCI Compliant Host Controller Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File 1394.inf Hardware ID PCI\VEN_1106&DEV_3044&SUBSYS_10001458&REV_C0 Location Information PCI bus 5, device 14, function 0 PCI Device VIA VT6308 Fire IIM IEEE1394 Host Controller Device Resources: IRQ 22 Memory FDBFF000-FDBFF7FF Port AF00-AF7F [ Imaging devices / HP Officejet 6600 (NET) ] Device Properties: Driver Description HP Officejet 6600 (NET) Driver Date 7/19/2011 Driver Version 26.0.0.0 Driver Provider Hewlett-Packard INF File oem154.inf Hardware ID mf\officejet_6600&wsd&ip_scan [ Keyboards / HID Keyboard Device ] Device Properties: Driver Description HID Keyboard Device Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File keyboard.inf Hardware ID HID\VID_046D&PID_C22D&REV_0165&MI_00 [ Keyboards / HID Keyboard Device ] Device Properties: Driver Description HID Keyboard Device Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File keyboard.inf Hardware ID HID\VID_046D&PID_C24A&REV_7701&MI_01&Col01 [ Keyboards / HID Keyboard Device ] Device Properties: Driver Description HID Keyboard Device Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File keyboard.inf Hardware ID HID\VID_046D&PID_C232 [ Mice and other pointing devices / HID-compliant mouse ] Device Properties: Driver Description HID-compliant mouse Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File msmouse.inf Hardware ID HID\VID_046D&PID_C231 [ Mice and other pointing devices / Logitech Gaming Mouse G600 ] Device Properties: Driver Description Logitech Gaming Mouse G600 Driver Date 1/17/2013 Driver Version 8.45.35.0 Driver Provider Logitech INF File oem140.inf Hardware ID HID\VID_046D&PID_C24A&REV_7701&MI_00 Mouse Manufacturer: Company Name Logitech, Inc. Product Information http://www.logitech.com/index.cfm/mice_pointers/&cl=us,en Driver Download http://www.logitech.com/index.cfm/support_downloads/downloads/&cl=us,en Driver Update http://www.aida64.com/driver-updates [ Monitors / Generic PnP Monitor ] Device Properties: Driver Description Generic PnP Monitor Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File monitor.inf Hardware ID MONITOR\EMA061C [ Monitors / HSD HF199H ] Device Properties: Driver Description HSD HF199H Driver Date 12/19/2007 Driver Version 1.0.0.0 Driver Provider Hannstar Inc. INF File oem148.inf Hardware ID MONITOR\HSD1843 [ Network adapters / Microsoft ISATAP Adapter #2 ] Device Properties: Driver Description Microsoft ISATAP Adapter #2 Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *ISATAP [ Network adapters / Microsoft ISATAP Adapter ] Device Properties: Driver Description Microsoft ISATAP Adapter Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *ISATAP [ Network adapters / RAS Async Adapter ] Device Properties: Driver Description RAS Async Adapter Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID SW\{eeab7790-c514-11d1-b42b-00805fc1270e} [ Network adapters / Realtek PCIe GBE Family Controller - VirtualBox Bridged Networking Driver Miniport ] Device Properties: Driver Description Realtek PCIe GBE Family Controller - VirtualBox Bridged Networking Driver Miniport Driver Date 10/15/2013 Driver Version 4.3.0.0 Driver Provider Oracle Corporation INF File oem146.inf Hardware ID sun_VBoxNetFltmp Network Adapter Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ Network adapters / Realtek PCIe GBE Family Controller ] Device Properties: Driver Description Realtek PCIe GBE Family Controller Driver Date 1/13/2011 Driver Version 7.38.113.2011 Driver Provider Realtek INF File oem132.inf Hardware ID PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06 Location Information PCI bus 3, device 0, function 0 PCI Device Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter Device Resources: IRQ 65536 Memory FDEF8000-FDEFBFFF Memory FDEFF000-FDEFFFFF Port EE00-EEFF Network Adapter Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ Network adapters / Teredo Tunneling Pseudo-Interface ] Device Properties: Driver Description Teredo Tunneling Pseudo-Interface Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File nettun.inf Hardware ID *TEREDO [ Network adapters / VirtualBox Host-Only Ethernet Adapter ] Device Properties: Driver Description VirtualBox Host-Only Ethernet Adapter Driver Date 10/15/2013 Driver Version 4.3.0.0 Driver Provider Oracle Corporation INF File vboxnetadp.inf Hardware ID sun_vboxnetadp Network Adapter Manufacturer: Company Name Oracle Corporation Product Information http://www.virtualbox.org Driver Download http://www.virtualbox.org Driver Update http://www.aida64.com/driver-updates [ Network adapters / WAN Miniport (IKEv2) ] Device Properties: Driver Description WAN Miniport (IKEv2) Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File netavpna.inf Hardware ID ms_agilevpnminiport [ Network adapters / WAN Miniport (IP) ] Device Properties: Driver Description WAN Miniport (IP) Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanip [ Network adapters / WAN Miniport (IPv6) ] Device Properties: Driver Description WAN Miniport (IPv6) Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanipv6 [ Network adapters / WAN Miniport (L2TP) ] Device Properties: Driver Description WAN Miniport (L2TP) Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_l2tpminiport [ Network adapters / WAN Miniport (Network Monitor) ] Device Properties: Driver Description WAN Miniport (Network Monitor) Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_ndiswanbh [ Network adapters / WAN Miniport (PPPOE) ] Device Properties: Driver Description WAN Miniport (PPPOE) Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_pppoeminiport [ Network adapters / WAN Miniport (PPTP) ] Device Properties: Driver Description WAN Miniport (PPTP) Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netrasa.inf Hardware ID ms_pptpminiport [ Network adapters / WAN Miniport (SSTP) ] Device Properties: Driver Description WAN Miniport (SSTP) Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File netsstpa.inf Hardware ID ms_sstpminiport [ Non-Plug and Play Drivers / Ancillary Function Driver for Winsock ] Device Properties: Driver Description Ancillary Function Driver for Winsock [ Non-Plug and Play Drivers / AppleCharger ] Device Properties: Driver Description AppleCharger [ Non-Plug and Play Drivers / Beep ] Device Properties: Driver Description Beep [ Non-Plug and Play Drivers / Bitlocker Drive Encryption Filter Driver ] Device Properties: Driver Description Bitlocker Drive Encryption Filter Driver [ Non-Plug and Play Drivers / CNG ] Device Properties: Driver Description CNG [ Non-Plug and Play Drivers / Common Log (CLFS) ] Device Properties: Driver Description Common Log (CLFS) [ Non-Plug and Play Drivers / Disk Virtual Machine Bus Acceleration Filter Driver ] Device Properties: Driver Description Disk Virtual Machine Bus Acceleration Filter Driver [ Non-Plug and Play Drivers / Dynamic Volume Manager ] Device Properties: Driver Description Dynamic Volume Manager [ Non-Plug and Play Drivers / gdrv ] Device Properties: Driver Description gdrv [ Non-Plug and Play Drivers / Hardware Policy Driver ] Device Properties: Driver Description Hardware Policy Driver [ Non-Plug and Play Drivers / HTTP ] Device Properties: Driver Description HTTP [ Non-Plug and Play Drivers / Kernel Mode Driver Frameworks service ] Device Properties: Driver Description Kernel Mode Driver Frameworks service [ Non-Plug and Play Drivers / KSecDD ] Device Properties: Driver Description KSecDD [ Non-Plug and Play Drivers / KSecPkg ] Device Properties: Driver Description KSecPkg [ Non-Plug and Play Drivers / LDDM Graphics Subsystem ] Device Properties: Driver Description LDDM Graphics Subsystem [ Non-Plug and Play Drivers / Link-Layer Topology Discovery Mapper I/O Driver ] Device Properties: Driver Description Link-Layer Topology Discovery Mapper I/O Driver [ Non-Plug and Play Drivers / Link-Layer Topology Discovery Responder ] Device Properties: Driver Description Link-Layer Topology Discovery Responder [ Non-Plug and Play Drivers / Microsoft Network Inspection System ] Device Properties: Driver Description Microsoft Network Inspection System [ Non-Plug and Play Drivers / Mount Point Manager ] Device Properties: Driver Description Mount Point Manager [ Non-Plug and Play Drivers / msisadrv ] Device Properties: Driver Description msisadrv [ Non-Plug and Play Drivers / NDIS System Driver ] Device Properties: Driver Description NDIS System Driver [ Non-Plug and Play Drivers / NDProxy ] Device Properties: Driver Description NDProxy [ Non-Plug and Play Drivers / NETBT ] Device Properties: Driver Description NETBT [ Non-Plug and Play Drivers / NetIO Legacy TDI Support Driver ] Device Properties: Driver Description NetIO Legacy TDI Support Driver [ Non-Plug and Play Drivers / NSI proxy service driver. ] Device Properties: Driver Description NSI proxy service driver. [ Non-Plug and Play Drivers / Null ] Device Properties: Driver Description Null [ Non-Plug and Play Drivers / nvraid ] Device Properties: Driver Description nvraid [ Non-Plug and Play Drivers / Offline Files Driver ] Device Properties: Driver Description Offline Files Driver [ Non-Plug and Play Drivers / PEAUTH ] Device Properties: Driver Description PEAUTH [ Non-Plug and Play Drivers / Performance Counters for Windows Driver ] Device Properties: Driver Description Performance Counters for Windows Driver [ Non-Plug and Play Drivers / QoS Packet Scheduler ] Device Properties: Driver Description QoS Packet Scheduler [ Non-Plug and Play Drivers / RDP Encoder Mirror Driver ] Device Properties: Driver Description RDP Encoder Mirror Driver [ Non-Plug and Play Drivers / RDPCDD ] Device Properties: Driver Description RDPCDD [ Non-Plug and Play Drivers / Reflector Display Driver used to gain access to graphics data ] Device Properties: Driver Description Reflector Display Driver used to gain access to graphics data [ Non-Plug and Play Drivers / Remote Access IPv6 ARP Driver ] Device Properties: Driver Description Remote Access IPv6 ARP Driver [ Non-Plug and Play Drivers / Security Driver ] Device Properties: Driver Description Security Driver [ Non-Plug and Play Drivers / Security Processor Loader Driver ] Device Properties: Driver Description Security Processor Loader Driver [ Non-Plug and Play Drivers / Storage volumes ] Device Properties: Driver Description Storage volumes [ Non-Plug and Play Drivers / System Attribute Cache ] Device Properties: Driver Description System Attribute Cache [ Non-Plug and Play Drivers / TCP/IP Protocol Driver ] Device Properties: Driver Description TCP/IP Protocol Driver [ Non-Plug and Play Drivers / TCP/IP Registry Compatibility ] Device Properties: Driver Description TCP/IP Registry Compatibility [ Non-Plug and Play Drivers / User Mode Driver Frameworks Platform Driver ] Device Properties: Driver Description User Mode Driver Frameworks Platform Driver [ Non-Plug and Play Drivers / usj ] Device Properties: Driver Description usj [ Non-Plug and Play Drivers / VgaSave ] Device Properties: Driver Description VgaSave [ Non-Plug and Play Drivers / Virtual Machine Bus ] Device Properties: Driver Description Virtual Machine Bus [ Non-Plug and Play Drivers / Virtual PC Network Filter Driver ] Device Properties: Driver Description Virtual PC Network Filter Driver [ Non-Plug and Play Drivers / VirtualBox Service ] Device Properties: Driver Description VirtualBox Service [ Non-Plug and Play Drivers / VirtualBox USB Monitor Driver ] Device Properties: Driver Description VirtualBox USB Monitor Driver [ Non-Plug and Play Drivers / WFP Lightweight Filter ] Device Properties: Driver Description WFP Lightweight Filter [ Non-Plug and Play Drivers / Windows Firewall Authorization Driver ] Device Properties: Driver Description Windows Firewall Authorization Driver [ Ports (COM & LPT) / Communications Port (COM1) ] Device Properties: Driver Description Communications Port (COM1) Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File msports.inf Hardware ID ACPI\PNP0501 PnP Device 16550A-compatible UART Serial Port Device Resources: IRQ 04 Port 03F8-03FF [ Printers / Fax - HP Officejet 6600 ] Device Properties: Driver Description Fax - HP Officejet 6600 Driver Date 9/12/2012 Driver Version 3.0.0.0 Driver Provider HP INF File oem153.inf Hardware ID mf\officejet_6600&wsd&ip_fax [ Printers / HP Officejet 6600 ] Device Properties: Driver Description HP Officejet 6600 Driver Date 9/12/2012 Driver Version 9.84.0.1189 Driver Provider HP INF File oem152.inf Hardware ID mf\officejet_6600&wsd&ip_print [ Processors / AMD Phenom(tm) II X6 1100T Processor ] Device Properties: Driver Description AMD Phenom(tm) II X6 1100T Processor Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\AuthenticAMD_-_AMD64_Family_16_Model_10 CPU Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/processors Driver Update http://www.aida64.com/driver-updates [ Processors / AMD Phenom(tm) II X6 1100T Processor ] Device Properties: Driver Description AMD Phenom(tm) II X6 1100T Processor Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\AuthenticAMD_-_AMD64_Family_16_Model_10 CPU Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/processors Driver Update http://www.aida64.com/driver-updates [ Processors / AMD Phenom(tm) II X6 1100T Processor ] Device Properties: Driver Description AMD Phenom(tm) II X6 1100T Processor Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\AuthenticAMD_-_AMD64_Family_16_Model_10 CPU Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/processors Driver Update http://www.aida64.com/driver-updates [ Processors / AMD Phenom(tm) II X6 1100T Processor ] Device Properties: Driver Description AMD Phenom(tm) II X6 1100T Processor Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\AuthenticAMD_-_AMD64_Family_16_Model_10 CPU Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/processors Driver Update http://www.aida64.com/driver-updates [ Processors / AMD Phenom(tm) II X6 1100T Processor ] Device Properties: Driver Description AMD Phenom(tm) II X6 1100T Processor Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\AuthenticAMD_-_AMD64_Family_16_Model_10 CPU Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/processors Driver Update http://www.aida64.com/driver-updates [ Processors / AMD Phenom(tm) II X6 1100T Processor ] Device Properties: Driver Description AMD Phenom(tm) II X6 1100T Processor Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File cpu.inf Hardware ID ACPI\AuthenticAMD_-_AMD64_Family_16_Model_10 CPU Manufacturer: Company Name Advanced Micro Devices, Inc. Product Information http://www.amd.com/us/products/desktop/processors Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA High Definition Audio ] Device Properties: Driver Description NVIDIA High Definition Audio Driver Date 6/16/2013 Driver Version 1.3.26.4 Driver Provider NVIDIA Corporation INF File oem157.inf Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA High Definition Audio ] Device Properties: Driver Description NVIDIA High Definition Audio Driver Date 6/16/2013 Driver Version 1.3.26.4 Driver Provider NVIDIA Corporation INF File oem157.inf Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA High Definition Audio ] Device Properties: Driver Description NVIDIA High Definition Audio Driver Date 6/16/2013 Driver Version 1.3.26.4 Driver Provider NVIDIA Corporation INF File oem157.inf Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA High Definition Audio ] Device Properties: Driver Description NVIDIA High Definition Audio Driver Date 6/16/2013 Driver Version 1.3.26.4 Driver Provider NVIDIA Corporation INF File oem157.inf Hardware ID HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / NVIDIA Virtual Audio Device (Wave Extensible) (WDM) ] Device Properties: Driver Description NVIDIA Virtual Audio Device (Wave Extensible) (WDM) Driver Date 9/30/2013 Driver Version 1.2.9.0 Driver Provider NVIDIA INF File oem159.inf Hardware ID USB\VID_0955&PID_9000 Device Manufacturer: Company Name NVIDIA Corporation Product Information http://www.nvidia.com/page/mobo.html Driver Download http://www.nvidia.com/content/drivers/drivers.asp Driver Update http://www.aida64.com/driver-updates [ Sound, video and game controllers / Realtek High Definition Audio ] Device Properties: Driver Description Realtek High Definition Audio Driver Date 8/12/2011 Driver Version 6.0.1.6433 Driver Provider Realtek Semiconductor Corp. INF File oem131.inf Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_1458A002&REV_1000 Location Information Internal High Definition Audio Bus Device Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ Storage volume shadow copies / Generic volume shadow copy ] Device Properties: Driver Description Generic volume shadow copy Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File volsnap.inf Hardware ID STORAGE\VolumeSnapshot [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ Storage Volumes / Generic volume ] Device Properties: Driver Description Generic volume Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File volume.inf Hardware ID STORAGE\Volume [ System devices / ACPI Fixed Feature Button ] Device Properties: Driver Description ACPI Fixed Feature Button Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\FixedButton [ System devices / ACPI Power Button ] Device Properties: Driver Description ACPI Power Button Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C0C PnP Device Power Button [ System devices / ATI I/O Communications Processor PCI Bus Controller ] Device Properties: Driver Description ATI I/O Communications Processor PCI Bus Controller Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_40 Location Information PCI bus 0, device 20, function 4 PCI Device ATI SB900 - PCI-PCI Bridge Device Resources: Memory FDA00000-FDAFFFFF Memory FDB00000-FDBFFFFF Port A000-AFFF [ System devices / ATI I/O Communications Processor SMBus Controller ] Device Properties: Driver Description ATI I/O Communications Processor SMBus Controller Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_4385&SUBSYS_00000000&REV_42 Location Information PCI bus 0, device 20, function 0 PCI Device ATI SB900 - SMBus Controller [ System devices / Composite Bus Enumerator ] Device Properties: Driver Description Composite Bus Enumerator Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File compositebus.inf Hardware ID ROOT\CompositeBus [ System devices / Direct memory access controller ] Device Properties: Driver Description Direct memory access controller Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0200 PnP Device DMA Controller Device Resources: DMA 04 Port 0000-000F Port 0080-0090 Port 0094-009F Port 00C0-00DF [ System devices / File as Volume Driver ] Device Properties: Driver Description File as Volume Driver Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File blbdrive.inf Hardware ID ROOT\BLBDRIVE [ System devices / High Definition Audio Controller ] Device Properties: Driver Description High Definition Audio Controller Driver Date 11/19/2010 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File hdaudbus.inf Hardware ID PCI\VEN_1002&DEV_4383&SUBSYS_A0021458&REV_40 Location Information PCI bus 0, device 20, function 2 PCI Device ATI SB900 - High Definition Audio Controller Device Resources: IRQ 16 Memory FDFF4000-FDFF7FFF [ System devices / High Definition Audio Controller ] Device Properties: Driver Description High Definition Audio Controller Driver Date 11/19/2010 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File hdaudbus.inf Hardware ID PCI\VEN_10DE&DEV_0BEB&SUBSYS_13703842&REV_A1 Location Information PCI bus 1, device 0, function 1 PCI Device nVIDIA GF104 - High Definition Audio Controller Device Resources: IRQ 19 Memory FBFFC000-FBFFFFFF [ System devices / High precision event timer ] Device Properties: Driver Description High precision event timer Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0103 PnP Device High Precision Event Timer Device Resources: IRQ 00 IRQ 08 Memory FED00000-FED003FF [ System devices / Logitech GamePanel Virtual Bus Enumerator ] Device Properties: Driver Description Logitech GamePanel Virtual Bus Enumerator Driver Date 11/23/2009 Driver Version 3.4.131.0 Driver Provider Logitech INF File oem142.inf Hardware ID root\LogiGamePanelVirtualBus [ System devices / Microsoft ACPI-Compliant System ] Device Properties: Driver Description Microsoft ACPI-Compliant System Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File acpi.inf Hardware ID ACPI_HAL\PNP0C08 PnP Device ACPI Driver/BIOS Device Resources: IRQ 100 IRQ 101 IRQ 102 IRQ 103 IRQ 104 IRQ 105 IRQ 106 IRQ 107 IRQ 108 IRQ 109 IRQ 110 IRQ 111 IRQ 112 IRQ 113 IRQ 114 IRQ 115 IRQ 116 IRQ 117 IRQ 118 IRQ 119 IRQ 120 IRQ 121 IRQ 122 IRQ 123 IRQ 124 IRQ 125 IRQ 126 IRQ 127 IRQ 128 IRQ 129 IRQ 130 IRQ 131 IRQ 132 IRQ 133 IRQ 134 IRQ 135 IRQ 136 IRQ 137 IRQ 138 IRQ 139 IRQ 140 IRQ 141 IRQ 142 IRQ 143 IRQ 144 IRQ 145 IRQ 146 IRQ 147 IRQ 148 IRQ 149 IRQ 150 IRQ 151 IRQ 152 IRQ 153 IRQ 154 IRQ 155 IRQ 156 IRQ 157 IRQ 158 IRQ 159 IRQ 160 IRQ 161 IRQ 162 IRQ 163 IRQ 164 IRQ 165 IRQ 166 IRQ 167 IRQ 168 IRQ 169 IRQ 170 IRQ 171 IRQ 172 IRQ 173 IRQ 174 IRQ 175 IRQ 176 IRQ 177 IRQ 178 IRQ 179 IRQ 180 IRQ 181 IRQ 182 IRQ 183 IRQ 184 IRQ 185 IRQ 186 IRQ 187 IRQ 188 IRQ 189 IRQ 190 IRQ 81 IRQ 82 IRQ 83 IRQ 84 IRQ 85 IRQ 86 IRQ 87 IRQ 88 IRQ 89 IRQ 90 IRQ 91 IRQ 92 IRQ 93 IRQ 94 IRQ 95 IRQ 96 IRQ 97 IRQ 98 IRQ 99 [ System devices / Microsoft System Management BIOS Driver ] Device Properties: Driver Description Microsoft System Management BIOS Driver Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\mssmbios [ System devices / Microsoft Virtual Drive Enumerator Driver ] Device Properties: Driver Description Microsoft Virtual Drive Enumerator Driver Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\vdrvroot [ System devices / Microsoft Windows Management Interface for ACPI ] Device Properties: Driver Description Microsoft Windows Management Interface for ACPI Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File acpi.inf Hardware ID ACPI\PNP0C14 PnP Device ACPI Management Interface [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Port 0010-001F Port 0022-003F Port 0044-004D Port 0050-005F Port 0062-0063 Port 0065-006F Port 0074-007F Port 0091-0093 Port 00A2-00BF Port 00E0-00EF Port 0220-0225 Port 0290-0294 Port 04D0-04D1 [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Memory E0000000-EFFFFFFF [ System devices / Motherboard resources ] Device Properties: Driver Description Motherboard resources Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C02 PnP Device Thermal Monitoring ACPI Device Device Resources: Memory 00000000-00000FFF Memory FEE00400-FEE00FFF Port 0228-022F Port 040B-040B Port 04D6-04D6 Port 0800-08FE Port 0900-091F Port 0A10-0A17 Port 0B00-0B0F Port 0B10-0B1F Port 0B20-0B3F Port 0C00-0C01 Port 0C14-0C14 Port 0C50-0C52 Port 0C6C-0C6D Port 0C6F-0C6F Port 0CD0-0CD1 Port 0CD2-0CD3 Port 0CD4-0CDF [ System devices / Numeric data processor ] Device Properties: Driver Description Numeric data processor Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C04 PnP Device Numeric Data Processor Device Resources: IRQ 13 Port 00F0-00FF [ System devices / PCI bus ] Device Properties: Driver Description PCI bus Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0A03 PnP Device PCI Bus Device Resources: Memory 000A0000-000BFFFF Memory 000C0000-000DFFFF Memory D0000000-FEBFFFFF Memory FED40000-FED44FFF Port 0000-0CF7 Port 0D00-FFFF [ System devices / PCI standard host CPU bridge ] Device Properties: Driver Description PCI standard host CPU bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1022&DEV_1200&SUBSYS_00000000&REV_00 Location Information PCI bus 0, device 24, function 0 PCI Device AMD K10 - HyperTransport Technology Configuration [ System devices / PCI standard host CPU bridge ] Device Properties: Driver Description PCI standard host CPU bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1022&DEV_1201&SUBSYS_00000000&REV_00 Location Information PCI bus 0, device 24, function 1 PCI Device AMD K10 - Address Map [ System devices / PCI standard host CPU bridge ] Device Properties: Driver Description PCI standard host CPU bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1022&DEV_1202&SUBSYS_00000000&REV_00 Location Information PCI bus 0, device 24, function 2 PCI Device AMD K10 - DRAM Controller [ System devices / PCI standard host CPU bridge ] Device Properties: Driver Description PCI standard host CPU bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_5A14&SUBSYS_5A141002&REV_02 Location Information PCI bus 0, device 0, function 0 PCI Device ATI RD980/RD990/RX980 Chipset - Host Bridge [ System devices / PCI standard host CPU bridge ] Device Properties: Driver Description PCI standard host CPU bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1022&DEV_1203&SUBSYS_00000000&REV_00 Location Information PCI bus 0, device 24, function 3 PCI Device AMD K10 - Miscellaneous Control [ System devices / PCI standard host CPU bridge ] Device Properties: Driver Description PCI standard host CPU bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1022&DEV_1204&SUBSYS_00000000&REV_00 Location Information PCI bus 0, device 24, function 4 PCI Device AMD K10 - Link Control [ System devices / PCI standard ISA bridge ] Device Properties: Driver Description PCI standard ISA bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_439D&SUBSYS_439D1002&REV_40 Location Information PCI bus 0, device 20, function 3 PCI Device ATI SB900 - PCI-LPC Bridge [ System devices / PCI standard PCI-to-PCI bridge ] Device Properties: Driver Description PCI standard PCI-to-PCI bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_5A18&SUBSYS_5A141002&REV_00 Location Information PCI bus 0, device 4, function 0 PCI Device ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 0) Device Resources: IRQ 16 Memory FD600000-FD6FFFFF Memory FD900000-FD9FFFFF Port B000-BFFF [ System devices / PCI standard PCI-to-PCI bridge ] Device Properties: Driver Description PCI standard PCI-to-PCI bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_5A1C&SUBSYS_5A141002&REV_00 Location Information PCI bus 0, device 9, function 0 PCI Device ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 4) Device Resources: IRQ 17 Memory FD500000-FD5FFFFF Memory FDE00000-FDEFFFFF Port E000-EFFF [ System devices / PCI standard PCI-to-PCI bridge ] Device Properties: Driver Description PCI standard PCI-to-PCI bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_5A1D&SUBSYS_5A141002&REV_00 Location Information PCI bus 0, device 10, function 0 PCI Device ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 5) Device Resources: IRQ 18 Memory FDC00000-FDCFFFFF Memory FDD00000-FDDFFFFF Port D000-DFFF [ System devices / PCI standard PCI-to-PCI bridge ] Device Properties: Driver Description PCI standard PCI-to-PCI bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00 Location Information PCI bus 0, device 21, function 0 PCI Device ATI SB900 - PCI Express Port 0 Device Resources: IRQ 17 Memory FD700000-FD7FFFFF Memory FD800000-FD8FFFFF Port 9000-9FFF [ System devices / PCI standard PCI-to-PCI bridge ] Device Properties: Driver Description PCI standard PCI-to-PCI bridge Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID PCI\VEN_1002&DEV_5A16&SUBSYS_5A141002&REV_00 Location Information PCI bus 0, device 2, function 0 PCI Device ATI RD980/RD990/RX980 Chipset - PCI Express Port (GFX port 0) Device Resources: IRQ 18 Memory 000A0000-000BFFFF Memory D0000000-DFFFFFFF Memory F8000000-FBFFFFFF Port 03B0-03BB Port 03C0-03DF Port C000-CFFF [ System devices / Plug and Play Software Device Enumerator ] Device Properties: Driver Description Plug and Play Software Device Enumerator Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID root\swenum [ System devices / Programmable interrupt controller ] Device Properties: Driver Description Programmable interrupt controller Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0000 PnP Device Programmable Interrupt Controller Device Resources: Port 0020-0021 Port 00A0-00A1 [ System devices / Remote Desktop Device Redirector Bus ] Device Properties: Driver Description Remote Desktop Device Redirector Bus Driver Date 6/21/2006 Driver Version 6.1.7600.16385 Driver Provider Microsoft INF File rdpbus.inf Hardware ID ROOT\RDPBUS [ System devices / System board ] Device Properties: Driver Description System board Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0C01 PnP Device System Board Extension Device Resources: Memory 00000000-0009FFFF Memory 000CDA00-000CFFFF Memory 000F0000-000F7FFF Memory 000F8000-000FBFFF Memory 000FC000-000FFFFF Memory 00100000-CFD9FFFF Memory CFDA0000-CFDFFFFF Memory CFE00000-CFEFFFFF Memory CFF00000-CFFFFFFF Memory FEC00000-FEC00FFF Memory FEE00000-FEE00FFF Memory FFF80000-FFFEFFFF Memory FFFF0000-FFFFFFFF [ System devices / System CMOS/real time clock ] Device Properties: Driver Description System CMOS/real time clock Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0B00 PnP Device Real-Time Clock Device Resources: Port 0070-0073 [ System devices / System speaker ] Device Properties: Driver Description System speaker Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0800 PnP Device PC Speaker Device Resources: Port 0061-0061 [ System devices / System timer ] Device Properties: Driver Description System timer Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ACPI\PNP0100 PnP Device System Timer Device Resources: Port 0040-0043 [ System devices / Terminal Server Keyboard Driver ] Device Properties: Driver Description Terminal Server Keyboard Driver Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\RDP_KBD [ System devices / Terminal Server Mouse Driver ] Device Properties: Driver Description Terminal Server Mouse Driver Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\RDP_MOU [ System devices / UMBus Enumerator ] Device Properties: Driver Description UMBus Enumerator Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File umbus.inf Hardware ID UMB\UMBUS [ System devices / UMBus Root Bus Enumerator ] Device Properties: Driver Description UMBus Root Bus Enumerator Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File umbus.inf Hardware ID root\umbus [ System devices / Virtual PC Host Bus Driver ] Device Properties: Driver Description Virtual PC Host Bus Driver Driver Date 6/21/2006 Driver Version 6.1.7084.0 Driver Provider Microsoft INF File wvpchbus.inf Hardware ID root\VPCBus [ System devices / Volume Manager ] Device Properties: Driver Description Volume Manager Driver Date 6/21/2006 Driver Version 6.1.7601.17514 Driver Provider Microsoft INF File machine.inf Hardware ID ROOT\VOLMGR [ Universal Serial Bus controllers / Etron USB 3.0 Extensible Host Controller ] Device Properties: Driver Description Etron USB 3.0 Extensible Host Controller Driver Date 7/25/2011 Driver Version 1.0.0.104 Driver Provider Etron Technology Inc. INF File oem133.inf Hardware ID PCI\VEN_1B6F&DEV_7023&SUBSYS_50071458&REV_01 Location Information PCI bus 4, device 0, function 0 PCI Device Etron EJ168 USB 3.0 xHCI Controller Device Resources: IRQ 65536 Memory FDDF8000-FDDFFFFF [ Universal Serial Bus controllers / Etron USB 3.0 Extensible Host Controller ] Device Properties: Driver Description Etron USB 3.0 Extensible Host Controller Driver Date 7/25/2011 Driver Version 1.0.0.104 Driver Provider Etron Technology Inc. INF File oem133.inf Hardware ID PCI\VEN_1B6F&DEV_7023&SUBSYS_50071458&REV_01 Location Information PCI bus 2, device 0, function 0 PCI Device Etron EJ168 USB 3.0 xHCI Controller Device Resources: IRQ 65536 Memory FD9F8000-FD9FFFFF [ Universal Serial Bus controllers / Etron USB 3.0 Extensible Root Hub ] Device Properties: Driver Description Etron USB 3.0 Extensible Root Hub Driver Date 7/25/2011 Driver Version 1.0.0.104 Driver Provider Etron Technology Inc. INF File oem133.inf Hardware ID ENUSB3\ROOT_HUB30&VID1B6F&PID7023&REV0001 [ Universal Serial Bus controllers / Etron USB 3.0 Extensible Root Hub ] Device Properties: Driver Description Etron USB 3.0 Extensible Root Hub Driver Date 7/25/2011 Driver Version 1.0.0.104 Driver Provider Etron Technology Inc. INF File oem133.inf Hardware ID ENUSB3\ROOT_HUB30&VID1B6F&PID7023&REV0001 [ Universal Serial Bus controllers / Standard Enhanced PCI to USB Host Controller ] Device Properties: Driver Description Standard Enhanced PCI to USB Host Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00 Location Information PCI bus 0, device 18, function 2 PCI Device ATI SB900 - EHCI USB 2.0 Controller Device Resources: IRQ 17 Memory FDFFD000-FDFFD0FF [ Universal Serial Bus controllers / Standard Enhanced PCI to USB Host Controller ] Device Properties: Driver Description Standard Enhanced PCI to USB Host Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00 Location Information PCI bus 0, device 19, function 2 PCI Device ATI SB900 - EHCI USB 2.0 Controller Device Resources: IRQ 17 Memory FDFFB000-FDFFB0FF [ Universal Serial Bus controllers / Standard Enhanced PCI to USB Host Controller ] Device Properties: Driver Description Standard Enhanced PCI to USB Host Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_1002&DEV_4396&SUBSYS_50041458&REV_00 Location Information PCI bus 0, device 22, function 2 PCI Device ATI SB900 - EHCI USB 2.0 Controller Device Resources: IRQ 17 Memory FDFF8000-FDFF80FF [ Universal Serial Bus controllers / Standard OpenHCD USB Host Controller ] Device Properties: Driver Description Standard OpenHCD USB Host Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00 Location Information PCI bus 0, device 19, function 0 PCI Device ATI SB900 - OHCI USB Controller Device Resources: IRQ 18 Memory FDFFC000-FDFFCFFF [ Universal Serial Bus controllers / Standard OpenHCD USB Host Controller ] Device Properties: Driver Description Standard OpenHCD USB Host Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00 Location Information PCI bus 0, device 22, function 0 PCI Device ATI SB900 - OHCI USB Controller Device Resources: IRQ 18 Memory FDFF9000-FDFF9FFF [ Universal Serial Bus controllers / Standard OpenHCD USB Host Controller ] Device Properties: Driver Description Standard OpenHCD USB Host Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_1002&DEV_4399&SUBSYS_50041458&REV_00 Location Information PCI bus 0, device 20, function 5 PCI Device ATI SB900 - OHCI USB Controller Device Resources: IRQ 18 Memory FDFFA000-FDFFAFFF [ Universal Serial Bus controllers / Standard OpenHCD USB Host Controller ] Device Properties: Driver Description Standard OpenHCD USB Host Controller Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID PCI\VEN_1002&DEV_4397&SUBSYS_50041458&REV_00 Location Information PCI bus 0, device 18, function 0 PCI Device ATI SB900 - OHCI USB Controller Device Resources: IRQ 18 Memory FDFFE000-FDFFEFFF [ Universal Serial Bus controllers / USB Composite Device ] Device Properties: Driver Description USB Composite Device Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usb.inf Hardware ID USB\VID_046D&PID_C22D&REV_0165 Location Information Port_#0003.Hub_#0006 [ Universal Serial Bus controllers / USB Composite Device ] Device Properties: Driver Description USB Composite Device Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usb.inf Hardware ID USB\VID_046D&PID_C24A&REV_7701 Location Information Port_#0004.Hub_#0006 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB&VID1002&PID4397&REV0000 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB&VID1002&PID4397&REV0000 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB&VID1002&PID4397&REV0000 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB&VID1002&PID4399&REV0000 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB20&VID1002&PID4396&REV0000 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB20&VID1002&PID4396&REV0000 [ Universal Serial Bus controllers / USB Root Hub ] Device Properties: Driver Description USB Root Hub Driver Date 6/21/2006 Driver Version 6.1.7601.18251 Driver Provider Microsoft INF File usbport.inf Hardware ID USB\ROOT_HUB20&VID1002&PID4396&REV0000 [ Unknown / Logitech Gaming HID Device ] Device Properties: Driver Description Logitech Gaming HID Device Hardware ID LGS_RAW_PDO Location Information Logitech Gaming Hid Filter [ USB Virtualization / USB Virtualization Connector Driver ] Device Properties: Driver Description USB Virtualization Connector Driver Driver Date 6/21/2006 Driver Version 6.1.7084.0 Driver Provider Microsoft INF File vpcusb.inf Hardware ID root\VMUSBCONNECTOR --------[ Physical Devices ]-------------------------------------------------------------------------------------------- PCI Devices: Bus 0, Device 24, Function 1 AMD K10 - Address Map Bus 0, Device 24, Function 2 AMD K10 - DRAM Controller Bus 0, Device 24, Function 0 AMD K10 - HyperTransport Technology Configuration Bus 0, Device 24, Function 4 AMD K10 - Link Control Bus 0, Device 24, Function 3 AMD K10 - Miscellaneous Control Bus 0, Device 0, Function 0 ATI RD980/RD990/RX980 Chipset - Host Bridge Bus 0, Device 2, Function 0 ATI RD980/RD990/RX980 Chipset - PCI Express Port (GFX port 0) Bus 0, Device 4, Function 0 ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 0) Bus 0, Device 9, Function 0 ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 4) Bus 0, Device 10, Function 0 ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 5) Bus 0, Device 18, Function 2 ATI SB900 - EHCI USB 2.0 Controller Bus 0, Device 19, Function 2 ATI SB900 - EHCI USB 2.0 Controller Bus 0, Device 22, Function 2 ATI SB900 - EHCI USB 2.0 Controller Bus 0, Device 20, Function 2 ATI SB900 - High Definition Audio Controller Bus 0, Device 20, Function 1 ATI SB900 - IDE Controller Bus 0, Device 18, Function 0 ATI SB900 - OHCI USB Controller Bus 0, Device 19, Function 0 ATI SB900 - OHCI USB Controller Bus 0, Device 20, Function 5 ATI SB900 - OHCI USB Controller Bus 0, Device 22, Function 0 ATI SB900 - OHCI USB Controller Bus 0, Device 21, Function 0 ATI SB900 - PCI Express Port 0 Bus 0, Device 20, Function 3 ATI SB900 - PCI-LPC Bridge Bus 0, Device 20, Function 4 ATI SB900 - PCI-PCI Bridge Bus 0, Device 17, Function 0 ATI SB900 - SATA Controller Bus 0, Device 20, Function 0 ATI SB900 - SMBus Controller Bus 2, Device 0, Function 0 Etron EJ168 USB 3.0 xHCI Controller Bus 4, Device 0, Function 0 Etron EJ168 USB 3.0 xHCI Controller Bus 1, Device 0, Function 0 EVGA e-GeForce GTX 460 Video Adapter Bus 1, Device 0, Function 1 nVIDIA GF104 - High Definition Audio Controller Bus 3, Device 0, Function 0 Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter Bus 5, Device 14, Function 0 VIA VT6308 Fire IIM IEEE1394 Host Controller PnP Devices: PNP0501 16550A-compatible UART Serial Port PNP0C08 ACPI Driver/BIOS FIXEDBUTTON ACPI Fixed Feature Button PNP0C14 ACPI Management Interface AUTHENTICAMD_-_AMD64_FAMILY_16_MODEL_10_-_AMD_PHENOM(TM)_II_X6_1100T_PROCESSORAMD Phenom(tm) II X6 1100T Processor AUTHENTICAMD_-_AMD64_FAMILY_16_MODEL_10_-_AMD_PHENOM(TM)_II_X6_1100T_PROCESSORAMD Phenom(tm) II X6 1100T Processor AUTHENTICAMD_-_AMD64_FAMILY_16_MODEL_10_-_AMD_PHENOM(TM)_II_X6_1100T_PROCESSORAMD Phenom(tm) II X6 1100T Processor AUTHENTICAMD_-_AMD64_FAMILY_16_MODEL_10_-_AMD_PHENOM(TM)_II_X6_1100T_PROCESSORAMD Phenom(tm) II X6 1100T Processor AUTHENTICAMD_-_AMD64_FAMILY_16_MODEL_10_-_AMD_PHENOM(TM)_II_X6_1100T_PROCESSORAMD Phenom(tm) II X6 1100T Processor AUTHENTICAMD_-_AMD64_FAMILY_16_MODEL_10_-_AMD_PHENOM(TM)_II_X6_1100T_PROCESSORAMD Phenom(tm) II X6 1100T Processor PNP0200 DMA Controller PNP0103 High Precision Event Timer ISATAP Microsoft ISATAP Adapter #2 ISATAP Microsoft ISATAP Adapter PNP0C04 Numeric Data Processor PNP0800 PC Speaker PNP0A03 PCI Bus PNP0C0C Power Button PNP0000 Programmable Interrupt Controller PNP0B00 Real-Time Clock PNP0C01 System Board Extension PNP0100 System Timer TEREDO Teredo Tunneling Pseudo-Interface PNP0C02 Thermal Monitoring ACPI Device PNP0C02 Thermal Monitoring ACPI Device PNP0C02 Thermal Monitoring ACPI Device USB Devices: 046D C22D USB Composite Device 046D C24A USB Composite Device 046D C22D USB Input Device 046D C22D USB Input Device 046D C24A USB Input Device 046D C24A USB Input Device Ports: COM1 Communications Port (COM1) --------[ PCI Devices ]------------------------------------------------------------------------------------------------- [ AMD K10 - Address Map ] Device Properties: Device Description AMD K10 - Address Map Bus Type PCI Bus / Device / Function 0 / 24 / 1 Device ID 1022-1201 Subsystem ID 0000-0000 Device Class 0600 (Host/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ AMD K10 - DRAM Controller ] Device Properties: Device Description AMD K10 - DRAM Controller Bus Type PCI Bus / Device / Function 0 / 24 / 2 Device ID 1022-1202 Subsystem ID 0000-0000 Device Class 0600 (Host/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ AMD K10 - HyperTransport Technology Configuration ] Device Properties: Device Description AMD K10 - HyperTransport Technology Configuration Bus Type PCI Bus / Device / Function 0 / 24 / 0 Device ID 1022-1200 Subsystem ID 0000-0000 Device Class 0600 (Host/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled HyperTransport LDT0: HyperTransport Version 3.00 Link Type Noncoherent Link Status Connected Max Link Width In / Out 16-bit / 16-bit Utilized Link Width In / Out 16-bit / 16-bit Max Link Frequency 3200 MHz Current Link Frequency 2000 MHz Primary / Secondary Bus Number 0 / 0 Isochronous Flow Control Mode Supported, Disabled CRC Error Detected No CRC Test Mode Not Supported Extended CTL Required No Extended Register Set Not Supported HyperTransport Stop Mode Supported Link Failure Detected No [ AMD K10 - Link Control ] Device Properties: Device Description AMD K10 - Link Control Bus Type PCI Bus / Device / Function 0 / 24 / 4 Device ID 1022-1204 Subsystem ID 0000-0000 Device Class 0600 (Host/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ AMD K10 - Miscellaneous Control ] Device Properties: Device Description AMD K10 - Miscellaneous Control Bus Type PCI Bus / Device / Function 0 / 24 / 3 Device ID 1022-1203 Subsystem ID 0000-0000 Device Class 0600 (Host/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ ATI RD980/RD990/RX980 Chipset - Host Bridge ] Device Properties: Device Description ATI RD980/RD990/RX980 Chipset - Host Bridge Bus Type PCI Bus / Device / Function 0 / 0 / 0 Device ID 1002-5A14 Subsystem ID 1002-5A14 Device Class 0600 (Host/PCI Bridge) Revision 02 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Disabled [ ATI RD980/RD990/RX980 Chipset - PCI Express Port (GFX port 0) ] Device Properties: Device Description ATI RD980/RD990/RX980 Chipset - PCI Express Port (GFX port 0) Bus Type PCI Bus / Device / Function 0 / 2 / 0 Device ID 1002-5A16 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 0) ] Device Properties: Device Description ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 0) Bus Type PCI Bus / Device / Function 0 / 4 / 0 Device ID 1002-5A18 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 4) ] Device Properties: Device Description ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 4) Bus Type PCI Bus / Device / Function 0 / 9 / 0 Device ID 1002-5A1C Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 5) ] Device Properties: Device Description ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 5) Bus Type PCI Bus / Device / Function 0 / 10 / 0 Device ID 1002-5A1D Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ ATI SB900 - EHCI USB 2.0 Controller ] Device Properties: Device Description ATI SB900 - EHCI USB 2.0 Controller Bus Type PCI Bus / Device / Function 0 / 18 / 2 Device ID 1002-4396 Subsystem ID 1458-5004 Device Class 0C03 (USB Controller) Revision 00 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - EHCI USB 2.0 Controller ] Device Properties: Device Description ATI SB900 - EHCI USB 2.0 Controller Bus Type PCI Bus / Device / Function 0 / 19 / 2 Device ID 1002-4396 Subsystem ID 1458-5004 Device Class 0C03 (USB Controller) Revision 00 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - EHCI USB 2.0 Controller ] Device Properties: Device Description ATI SB900 - EHCI USB 2.0 Controller Bus Type PCI Bus / Device / Function 0 / 22 / 2 Device ID 1002-4396 Subsystem ID 1458-5004 Device Class 0C03 (USB Controller) Revision 00 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - High Definition Audio Controller ] Device Properties: Device Description ATI SB900 - High Definition Audio Controller Bus Type PCI Bus / Device / Function 0 / 20 / 2 Device ID 1002-4383 Subsystem ID 1458-A002 Device Class 0403 (High Definition Audio) Revision 40 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ ATI SB900 - IDE Controller ] Device Properties: Device Description ATI SB900 - IDE Controller Bus Type PCI Bus / Device / Function 0 / 20 / 1 Device ID 1002-439C Subsystem ID 1458-5002 Device Class 0101 (IDE Controller) Revision 40 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - OHCI USB Controller ] Device Properties: Device Description ATI SB900 - OHCI USB Controller Bus Type PCI Bus / Device / Function 0 / 18 / 0 Device ID 1002-4397 Subsystem ID 1458-5004 Device Class 0C03 (USB Controller) Revision 00 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - OHCI USB Controller ] Device Properties: Device Description ATI SB900 - OHCI USB Controller Bus Type PCI Bus / Device / Function 0 / 19 / 0 Device ID 1002-4397 Subsystem ID 1458-5004 Device Class 0C03 (USB Controller) Revision 00 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - OHCI USB Controller ] Device Properties: Device Description ATI SB900 - OHCI USB Controller Bus Type PCI Bus / Device / Function 0 / 20 / 5 Device ID 1002-4399 Subsystem ID 1458-5004 Device Class 0C03 (USB Controller) Revision 00 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - OHCI USB Controller ] Device Properties: Device Description ATI SB900 - OHCI USB Controller Bus Type PCI Bus / Device / Function 0 / 22 / 0 Device ID 1002-4397 Subsystem ID 1458-5004 Device Class 0C03 (USB Controller) Revision 00 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - PCI Express Port 0 ] Device Properties: Device Description ATI SB900 - PCI Express Port 0 Bus Type PCI Bus / Device / Function 0 / 21 / 0 Device ID 1002-43A0 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 00 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ ATI SB900 - PCI-LPC Bridge ] Device Properties: Device Description ATI SB900 - PCI-LPC Bridge Bus Type PCI Bus / Device / Function 0 / 20 / 3 Device ID 1002-439D Subsystem ID 1002-439D Device Class 0601 (PCI/ISA Bridge) Revision 40 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - PCI-PCI Bridge ] Device Properties: Device Description ATI SB900 - PCI-PCI Bridge Bus Type PCI Bus / Device / Function 0 / 20 / 4 Device ID 1002-4384 Subsystem ID 0000-0000 Device Class 0604 (PCI/PCI Bridge) Revision 40 Fast Back-to-Back Transactions Supported, Disabled Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - SATA Controller ] Device Properties: Device Description ATI SB900 - SATA Controller Bus Type PCI Bus / Device / Function 0 / 17 / 0 Device ID 1002-4390 Subsystem ID 1458-B002 Device Class 0101 (IDE Controller) Revision 40 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Supported Bus Mastering Enabled [ ATI SB900 - SMBus Controller ] Device Properties: Device Description ATI SB900 - SMBus Controller Bus Type PCI Bus / Device / Function 0 / 20 / 0 Device ID 1002-4385 Subsystem ID 0000-0000 Device Class 0C05 (SMBus Controller) Revision 42 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Supported Bus Mastering Disabled [ Etron EJ168 USB 3.0 xHCI Controller ] Device Properties: Device Description Etron EJ168 USB 3.0 xHCI Controller Bus Type PCI Express 2.0 x1 Bus / Device / Function 2 / 0 / 0 Device ID 1B6F-7023 Subsystem ID 1458-5007 Device Class 0C03 (USB Controller) Revision 01 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Etron EJ168 USB 3.0 xHCI Controller ] Device Properties: Device Description Etron EJ168 USB 3.0 xHCI Controller Bus Type PCI Express 2.0 x1 Bus / Device / Function 4 / 0 / 0 Device ID 1B6F-7023 Subsystem ID 1458-5007 Device Class 0C03 (USB Controller) Revision 01 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ EVGA e-GeForce GTX 460 Video Adapter ] Device Properties: Device Description EVGA e-GeForce GTX 460 Video Adapter Bus Type PCI Express 2.0 x16 Bus / Device / Function 1 / 0 / 0 Device ID 10DE-0E22 Subsystem ID 3842-1370 Device Class 0300 (VGA Display Controller) Revision A1 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled Video Adapter Manufacturer: Company Name EVGA Corporation Product Information http://eu.evga.com/products/prodlist.asp Driver Download http://www.evga.com/Support/Drivers/Default.asp Driver Update http://www.aida64.com/driver-updates [ nVIDIA GF104 - High Definition Audio Controller ] Device Properties: Device Description nVIDIA GF104 - High Definition Audio Controller Bus Type PCI Express 2.0 x16 Bus / Device / Function 1 / 0 / 1 Device ID 10DE-0BEB Subsystem ID 3842-1370 Device Class 0403 (High Definition Audio) Revision A1 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled [ Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter ] Device Properties: Device Description Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter Bus Type PCI Express 2.0 x1 Bus / Device / Function 3 / 0 / 0 Device ID 10EC-8168 Subsystem ID 1458-E000 Device Class 0200 (Ethernet Controller) Revision 06 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled Network Adapter Manufacturer: Company Name Realtek Semiconductor Corp. Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2 Driver Download http://www.realtek.com.tw/downloads Driver Update http://www.aida64.com/driver-updates [ VIA VT6308 Fire IIM IEEE1394 Host Controller ] Device Properties: Device Description VIA VT6308 Fire IIM IEEE1394 Host Controller Bus Type PCI Bus / Device / Function 5 / 14 / 0 Device ID 1106-3044 Subsystem ID 1458-1000 Device Class 0C00 (FireWire Controller) Revision C0 Fast Back-to-Back Transactions Not Supported Device Features: 66 MHz Operation Not Supported Bus Mastering Enabled --------[ USB Devices ]------------------------------------------------------------------------------------------------- [ USB Composite Device (G510 Gaming Keyboard) ] Device Properties: Device Description USB Composite Device Device ID 046D-C22D Device Class 03 / 01 (Human Interface Device) Device Protocol 01 Manufacturer Logitech Product G510 Gaming Keyboard Supported USB Version 2.00 Current Speed Full (USB 1.1) [ USB Composite Device (Gaming Mouse G600) ] Device Properties: Device Description USB Composite Device Device ID 046D-C24A Device Class 03 / 01 (Human Interface Device) Device Protocol 02 Manufacturer Logitech Product Gaming Mouse G600 Serial Number D232E7CE11520016 Supported USB Version 2.00 Current Speed Full (USB 1.1) --------[ Device Resources ]-------------------------------------------------------------------------------------------- DMA 04 Exclusive Direct memory access controller IRQ 00 Exclusive High precision event timer IRQ 04 Exclusive Communications Port (COM1) IRQ 08 Exclusive High precision event timer IRQ 100 Exclusive Microsoft ACPI-Compliant System IRQ 101 Exclusive Microsoft ACPI-Compliant System IRQ 102 Exclusive Microsoft ACPI-Compliant System IRQ 103 Exclusive Microsoft ACPI-Compliant System IRQ 104 Exclusive Microsoft ACPI-Compliant System IRQ 105 Exclusive Microsoft ACPI-Compliant System IRQ 106 Exclusive Microsoft ACPI-Compliant System IRQ 107 Exclusive Microsoft ACPI-Compliant System IRQ 108 Exclusive Microsoft ACPI-Compliant System IRQ 109 Exclusive Microsoft ACPI-Compliant System IRQ 110 Exclusive Microsoft ACPI-Compliant System IRQ 111 Exclusive Microsoft ACPI-Compliant System IRQ 112 Exclusive Microsoft ACPI-Compliant System IRQ 113 Exclusive Microsoft ACPI-Compliant System IRQ 114 Exclusive Microsoft ACPI-Compliant System IRQ 115 Exclusive Microsoft ACPI-Compliant System IRQ 116 Exclusive Microsoft ACPI-Compliant System IRQ 117 Exclusive Microsoft ACPI-Compliant System IRQ 118 Exclusive Microsoft ACPI-Compliant System IRQ 119 Exclusive Microsoft ACPI-Compliant System IRQ 120 Exclusive Microsoft ACPI-Compliant System IRQ 121 Exclusive Microsoft ACPI-Compliant System IRQ 122 Exclusive Microsoft ACPI-Compliant System IRQ 123 Exclusive Microsoft ACPI-Compliant System IRQ 124 Exclusive Microsoft ACPI-Compliant System IRQ 125 Exclusive Microsoft ACPI-Compliant System IRQ 126 Exclusive Microsoft ACPI-Compliant System IRQ 127 Exclusive Microsoft ACPI-Compliant System IRQ 128 Exclusive Microsoft ACPI-Compliant System IRQ 129 Exclusive Microsoft ACPI-Compliant System IRQ 13 Exclusive Numeric data processor IRQ 130 Exclusive Microsoft ACPI-Compliant System IRQ 131 Exclusive Microsoft ACPI-Compliant System IRQ 132 Exclusive Microsoft ACPI-Compliant System IRQ 133 Exclusive Microsoft ACPI-Compliant System IRQ 134 Exclusive Microsoft ACPI-Compliant System IRQ 135 Exclusive Microsoft ACPI-Compliant System IRQ 136 Exclusive Microsoft ACPI-Compliant System IRQ 137 Exclusive Microsoft ACPI-Compliant System IRQ 138 Exclusive Microsoft ACPI-Compliant System IRQ 139 Exclusive Microsoft ACPI-Compliant System IRQ 14 Exclusive ATA Channel 0 IRQ 140 Exclusive Microsoft ACPI-Compliant System IRQ 141 Exclusive Microsoft ACPI-Compliant System IRQ 142 Exclusive Microsoft ACPI-Compliant System IRQ 143 Exclusive Microsoft ACPI-Compliant System IRQ 144 Exclusive Microsoft ACPI-Compliant System IRQ 145 Exclusive Microsoft ACPI-Compliant System IRQ 146 Exclusive Microsoft ACPI-Compliant System IRQ 147 Exclusive Microsoft ACPI-Compliant System IRQ 148 Exclusive Microsoft ACPI-Compliant System IRQ 149 Exclusive Microsoft ACPI-Compliant System IRQ 15 Exclusive ATA Channel 1 IRQ 150 Exclusive Microsoft ACPI-Compliant System IRQ 151 Exclusive Microsoft ACPI-Compliant System IRQ 152 Exclusive Microsoft ACPI-Compliant System IRQ 153 Exclusive Microsoft ACPI-Compliant System IRQ 154 Exclusive Microsoft ACPI-Compliant System IRQ 155 Exclusive Microsoft ACPI-Compliant System IRQ 156 Exclusive Microsoft ACPI-Compliant System IRQ 157 Exclusive Microsoft ACPI-Compliant System IRQ 158 Exclusive Microsoft ACPI-Compliant System IRQ 159 Exclusive Microsoft ACPI-Compliant System IRQ 16 Shared High Definition Audio Controller IRQ 16 Shared PCI standard PCI-to-PCI bridge IRQ 160 Exclusive Microsoft ACPI-Compliant System IRQ 161 Exclusive Microsoft ACPI-Compliant System IRQ 162 Exclusive Microsoft ACPI-Compliant System IRQ 163 Exclusive Microsoft ACPI-Compliant System IRQ 164 Exclusive Microsoft ACPI-Compliant System IRQ 165 Exclusive Microsoft ACPI-Compliant System IRQ 166 Exclusive Microsoft ACPI-Compliant System IRQ 167 Exclusive Microsoft ACPI-Compliant System IRQ 168 Exclusive Microsoft ACPI-Compliant System IRQ 169 Exclusive Microsoft ACPI-Compliant System IRQ 17 Shared Standard Enhanced PCI to USB Host Controller IRQ 17 Shared Standard Enhanced PCI to USB Host Controller IRQ 17 Shared Standard Enhanced PCI to USB Host Controller IRQ 17 Shared PCI standard PCI-to-PCI bridge IRQ 17 Shared PCI standard PCI-to-PCI bridge IRQ 170 Exclusive Microsoft ACPI-Compliant System IRQ 171 Exclusive Microsoft ACPI-Compliant System IRQ 172 Exclusive Microsoft ACPI-Compliant System IRQ 173 Exclusive Microsoft ACPI-Compliant System IRQ 174 Exclusive Microsoft ACPI-Compliant System IRQ 175 Exclusive Microsoft ACPI-Compliant System IRQ 176 Exclusive Microsoft ACPI-Compliant System IRQ 177 Exclusive Microsoft ACPI-Compliant System IRQ 178 Exclusive Microsoft ACPI-Compliant System IRQ 179 Exclusive Microsoft ACPI-Compliant System IRQ 18 Shared NVIDIA GeForce GTX 460 IRQ 18 Shared Standard OpenHCD USB Host Controller IRQ 18 Shared Standard OpenHCD USB Host Controller IRQ 18 Shared Standard OpenHCD USB Host Controller IRQ 18 Shared Standard OpenHCD USB Host Controller IRQ 18 Shared PCI standard PCI-to-PCI bridge IRQ 18 Shared PCI standard PCI-to-PCI bridge IRQ 180 Exclusive Microsoft ACPI-Compliant System IRQ 181 Exclusive Microsoft ACPI-Compliant System IRQ 182 Exclusive Microsoft ACPI-Compliant System IRQ 183 Exclusive Microsoft ACPI-Compliant System IRQ 184 Exclusive Microsoft ACPI-Compliant System IRQ 185 Exclusive Microsoft ACPI-Compliant System IRQ 186 Exclusive Microsoft ACPI-Compliant System IRQ 187 Exclusive Microsoft ACPI-Compliant System IRQ 188 Exclusive Microsoft ACPI-Compliant System IRQ 189 Exclusive Microsoft ACPI-Compliant System IRQ 19 Shared High Definition Audio Controller IRQ 19 Shared Standard Dual Channel PCI IDE Controller IRQ 190 Exclusive Microsoft ACPI-Compliant System IRQ 22 Shared VIA 1394 OHCI Compliant Host Controller IRQ 65536 Exclusive Realtek PCIe GBE Family Controller IRQ 65536 Exclusive Etron USB 3.0 Extensible Host Controller IRQ 65536 Exclusive Etron USB 3.0 Extensible Host Controller IRQ 81 Exclusive Microsoft ACPI-Compliant System IRQ 82 Exclusive Microsoft ACPI-Compliant System IRQ 83 Exclusive Microsoft ACPI-Compliant System IRQ 84 Exclusive Microsoft ACPI-Compliant System IRQ 85 Exclusive Microsoft ACPI-Compliant System IRQ 86 Exclusive Microsoft ACPI-Compliant System IRQ 87 Exclusive Microsoft ACPI-Compliant System IRQ 88 Exclusive Microsoft ACPI-Compliant System IRQ 89 Exclusive Microsoft ACPI-Compliant System IRQ 90 Exclusive Microsoft ACPI-Compliant System IRQ 91 Exclusive Microsoft ACPI-Compliant System IRQ 92 Exclusive Microsoft ACPI-Compliant System IRQ 93 Exclusive Microsoft ACPI-Compliant System IRQ 94 Exclusive Microsoft ACPI-Compliant System IRQ 95 Exclusive Microsoft ACPI-Compliant System IRQ 96 Exclusive Microsoft ACPI-Compliant System IRQ 97 Exclusive Microsoft ACPI-Compliant System IRQ 98 Exclusive Microsoft ACPI-Compliant System IRQ 99 Exclusive Microsoft ACPI-Compliant System Memory 00000000-00000FFF Shared Motherboard resources Memory 00000000-0009FFFF Exclusive System board Memory 000A0000-000BFFFF Shared NVIDIA GeForce GTX 460 Memory 000A0000-000BFFFF Shared PCI bus Memory 000A0000-000BFFFF Undetermined PCI standard PCI-to-PCI bridge Memory 000C0000-000DFFFF Shared PCI bus Memory 000CDA00-000CFFFF Exclusive System board Memory 000F0000-000F7FFF Exclusive System board Memory 000F8000-000FBFFF Exclusive System board Memory 000FC000-000FFFFF Exclusive System board Memory 00100000-CFD9FFFF Exclusive System board Memory CFDA0000-CFDFFFFF Exclusive System board Memory CFE00000-CFEFFFFF Exclusive System board Memory CFF00000-CFFFFFFF Exclusive System board Memory D0000000-D7FFFFFF Exclusive NVIDIA GeForce GTX 460 Memory D0000000-DFFFFFFF Exclusive PCI standard PCI-to-PCI bridge Memory D0000000-FEBFFFFF Shared PCI bus Memory DC000000-DFFFFFFF Exclusive NVIDIA GeForce GTX 460 Memory E0000000-EFFFFFFF Exclusive Motherboard resources Memory F8000000-F9FFFFFF Exclusive NVIDIA GeForce GTX 460 Memory F8000000-FBFFFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FBFFC000-FBFFFFFF Exclusive High Definition Audio Controller Memory FD500000-FD5FFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FD600000-FD6FFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FD700000-FD7FFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FD800000-FD8FFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FD900000-FD9FFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FD9F8000-FD9FFFFF Exclusive Etron USB 3.0 Extensible Host Controller Memory FDA00000-FDAFFFFF Exclusive ATI I/O Communications Processor PCI Bus Controller Memory FDB00000-FDBFFFFF Exclusive ATI I/O Communications Processor PCI Bus Controller Memory FDBFF000-FDBFF7FF Exclusive VIA 1394 OHCI Compliant Host Controller Memory FDC00000-FDCFFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FDD00000-FDDFFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FDDF8000-FDDFFFFF Exclusive Etron USB 3.0 Extensible Host Controller Memory FDE00000-FDEFFFFF Exclusive PCI standard PCI-to-PCI bridge Memory FDEF8000-FDEFBFFF Exclusive Realtek PCIe GBE Family Controller Memory FDEFF000-FDEFFFFF Exclusive Realtek PCIe GBE Family Controller Memory FDFF4000-FDFF7FFF Exclusive High Definition Audio Controller Memory FDFF8000-FDFF80FF Exclusive Standard Enhanced PCI to USB Host Controller Memory FDFF9000-FDFF9FFF Exclusive Standard OpenHCD USB Host Controller Memory FDFFA000-FDFFAFFF Exclusive Standard OpenHCD USB Host Controller Memory FDFFB000-FDFFB0FF Exclusive Standard Enhanced PCI to USB Host Controller Memory FDFFC000-FDFFCFFF Exclusive Standard OpenHCD USB Host Controller Memory FDFFD000-FDFFD0FF Exclusive Standard Enhanced PCI to USB Host Controller Memory FDFFE000-FDFFEFFF Exclusive Standard OpenHCD USB Host Controller Memory FDFFF000-FDFFF3FF Exclusive Standard Dual Channel PCI IDE Controller Memory FEC00000-FEC00FFF Exclusive System board Memory FED00000-FED003FF Exclusive High precision event timer Memory FED40000-FED44FFF Shared PCI bus Memory FEE00000-FEE00FFF Exclusive System board Memory FEE00400-FEE00FFF Shared Motherboard resources Memory FFF80000-FFFEFFFF Exclusive System board Memory FFFF0000-FFFFFFFF Exclusive System board Port 0000-000F Exclusive Direct memory access controller Port 0000-0CF7 Shared PCI bus Port 0010-001F Exclusive Motherboard resources Port 0020-0021 Exclusive Programmable interrupt controller Port 0022-003F Exclusive Motherboard resources Port 0040-0043 Exclusive System timer Port 0044-004D Exclusive Motherboard resources Port 0050-005F Exclusive Motherboard resources Port 0061-0061 Exclusive System speaker Port 0062-0063 Exclusive Motherboard resources Port 0065-006F Exclusive Motherboard resources Port 0070-0073 Exclusive System CMOS/real time clock Port 0074-007F Exclusive Motherboard resources Port 0080-0090 Exclusive Direct memory access controller Port 0091-0093 Exclusive Motherboard resources Port 0094-009F Exclusive Direct memory access controller Port 00A0-00A1 Exclusive Programmable interrupt controller Port 00A2-00BF Exclusive Motherboard resources Port 00C0-00DF Exclusive Direct memory access controller Port 00E0-00EF Exclusive Motherboard resources Port 00F0-00FF Exclusive Numeric data processor Port 0170-0177 Exclusive ATA Channel 1 Port 01F0-01F7 Exclusive ATA Channel 0 Port 0220-0225 Exclusive Motherboard resources Port 0228-022F Exclusive Motherboard resources Port 0290-0294 Exclusive Motherboard resources Port 0376-0376 Exclusive ATA Channel 1 Port 03B0-03BB Shared NVIDIA GeForce GTX 460 Port 03B0-03BB Undetermined PCI standard PCI-to-PCI bridge Port 03C0-03DF Shared NVIDIA GeForce GTX 460 Port 03C0-03DF Undetermined PCI standard PCI-to-PCI bridge Port 03F6-03F6 Exclusive ATA Channel 0 Port 03F8-03FF Exclusive Communications Port (COM1) Port 040B-040B Exclusive Motherboard resources Port 04D0-04D1 Exclusive Motherboard resources Port 04D6-04D6 Exclusive Motherboard resources Port 0800-08FE Exclusive Motherboard resources Port 0900-091F Exclusive Motherboard resources Port 0A10-0A17 Exclusive Motherboard resources Port 0B00-0B0F Exclusive Motherboard resources Port 0B10-0B1F Exclusive Motherboard resources Port 0B20-0B3F Exclusive Motherboard resources Port 0C00-0C01 Exclusive Motherboard resources Port 0C14-0C14 Exclusive Motherboard resources Port 0C50-0C52 Exclusive Motherboard resources Port 0C6C-0C6D Exclusive Motherboard resources Port 0C6F-0C6F Exclusive Motherboard resources Port 0CD0-0CD1 Exclusive Motherboard resources Port 0CD2-0CD3 Exclusive Motherboard resources Port 0CD4-0CDF Exclusive Motherboard resources Port 0D00-FFFF Shared PCI bus Port 9000-9FFF Exclusive PCI standard PCI-to-PCI bridge Port A000-AFFF Exclusive ATI I/O Communications Processor PCI Bus Controller Port AF00-AF7F Exclusive VIA 1394 OHCI Compliant Host Controller Port B000-BFFF Exclusive PCI standard PCI-to-PCI bridge Port C000-CFFF Exclusive PCI standard PCI-to-PCI bridge Port CF00-CF7F Exclusive NVIDIA GeForce GTX 460 Port D000-DFFF Exclusive PCI standard PCI-to-PCI bridge Port E000-EFFF Exclusive PCI standard PCI-to-PCI bridge Port EE00-EEFF Exclusive Realtek PCIe GBE Family Controller Port FA00-FA0F Exclusive Standard Dual Channel PCI IDE Controller Port FB00-FB0F Exclusive Standard Dual Channel PCI IDE Controller Port FC00-FC03 Exclusive Standard Dual Channel PCI IDE Controller Port FD00-FD07 Exclusive Standard Dual Channel PCI IDE Controller Port FE00-FE03 Exclusive Standard Dual Channel PCI IDE Controller Port FF00-FF07 Exclusive Standard Dual Channel PCI IDE Controller --------[ Input ]------------------------------------------------------------------------------------------------------- [ HID Keyboard Device ] Keyboard Properties: Keyboard Name HID Keyboard Device Keyboard Type IBM enhanced (101- or 102-key) keyboard Keyboard Layout US ANSI Code Page 1252 - Western European (Windows) OEM Code Page 850 Repeat Delay 1 Repeat Rate 31 [ HID-compliant mouse ] Mouse Properties: Mouse Name HID-compliant mouse Mouse Buttons 16 Mouse Hand Right Pointer Speed 1 Double-Click Time 500 msec X/Y Threshold 6 / 10 Wheel Scroll Lines 3 Mouse Features: Active Window Tracking Disabled ClickLock Disabled Hide Pointer While Typing Enabled Mouse Wheel Present Move Pointer To Default Button Disabled Pointer Trails Disabled Sonar Disabled --------[ Printers ]---------------------------------------------------------------------------------------------------- [ Adobe PDF ] Printer Properties: Printer Name Adobe PDF Default Printer No Share Point Not shared Printer Port Documents\*.pdf Printer Driver Adobe PDF Converter (v6.00) Device Name Adobe PDF Print Processor winprint Separator Page None Availability 8:00 PM - 8:00 PM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 1200 x 1200 dpi Colo [ Fax - HP Officejet 6600 (Network) ] Printer Properties: Printer Name Fax - HP Officejet 6600 (Network) Default Printer No Share Point Not shared Printer Port CN3686SK9405RN_FAX Printer Driver Fax - HP Officejet 6600 (v6.00) Device Name Fax - HP Officejet 6600 (Networ Print Processor winprint Separator Page None Availability 8:00 PM - 8:00 PM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 200 x 200 dpi Color [ Fax ] Printer Properties: Printer Name Fax Default Printer No Share Point Not shared Printer Port SHRFAX: Printer Driver Microsoft Shared Fax Driver (v4.00) Device Name Fax Print Processor winprint Separator Page None Availability 8:00 PM - 8:00 PM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size Letter, 8.5 x 11 in Orientation Portrait Print Quality 200 x 200 dpi Mono [ Google Cloud Printer ] Printer Properties: Printer Name Google Cloud Printer Default Printer No Share Point Not shared Printer Port GCP: Printer Driver Google Cloud Printer (v6.00) Device Name Google Cloud Printer Comment Google Cloud Printer Location http://www.google.com/cloudprint Print Processor winprint Separator Page None Availability 8:00 PM - 8:00 PM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 600 x 600 dpi Color [ HP Officejet 6600 (Network) (Default) ] Printer Properties: Printer Name HP Officejet 6600 (Network) Default Printer Yes Share Point Not shared Printer Port CN3686SK9405RN Printer Driver HP Officejet 6600 (v6.00) Device Name HP Officejet 6600 (Network) Print Processor winprint Separator Page None Availability 8:00 PM - 8:00 PM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 600 x 600 dpi Color Printer Manufacturer: Company Name Hewlett-Packard Company Product Information http://www.hp.com/united-states/consumer/gateway/printing_multifunction.html Driver Update http://www.aida64.com/driver-updates [ Microsoft XPS Document Writer ] Printer Properties: Printer Name Microsoft XPS Document Writer Default Printer No Share Point Not shared Printer Port XPSPort: Printer Driver Microsoft XPS Document Writer (v6.00) Device Name Microsoft XPS Document Writer Print Processor winprint Separator Page None Availability 8:00 PM - 8:00 PM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 600 x 600 dpi Color [ Send To OneNote 2013 ] Printer Properties: Printer Name Send To OneNote 2013 Default Printer No Share Point Not shared Printer Port nul: Printer Driver Send to Microsoft OneNote 15 Driver (v6.00) Device Name Send To OneNote 2013 Print Processor winprint Separator Page None Availability 8:00 PM - 8:00 PM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 600 x 600 dpi Color [ Snagit 11 ] Printer Properties: Printer Name Snagit 11 Default Printer No Share Point Not shared Printer Port C:\ProgramData\TechSmith\Snagit 11\PrinterPortFile Printer Driver Snagit 11 Printer (v6.00) Device Name Snagit 11 Print Processor winprint Separator Page None Availability 8:00 PM - 8:00 PM Priority 1 Print Jobs Queued 0 Status Unknown Paper Properties: Paper Size A4, 210 x 297 mm Orientation Portrait Print Quality 200 x 200 dpi Color --------[ Auto Start ]-------------------------------------------------------------------------------------------------- Acrobat Assistant 8.0 Registry\Common\Run C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe Actual Multiple Monitors Registry\User\Run C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe Adobe ARM Registry\Common\Run C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe AdobeAAMUpdater-1.0 Registry\Common\Run C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe AdobeBridge Registry\User\Run AdobeCS6ServiceManager Registry\Common\Run C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin Akamai NetSession Interface Registry\User\Run C:\Users\Devihaka\AppData\Local\Akamai\netsession_win.exe f.lux Registry\User\Run C:\Users\Devihaka\AppData\Local\FluxSoftware\Flux\flux.exe /noshow GoogleDriveSync Registry\User\Run C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart HP Officejet 6600 (NET) Registry\User\Run C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe -deviceID "CN3686SK9405RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1 Launch LCore Registry\Common\Run C:\Program Files\Logitech Gaming Software\LCore.exe /minimized MSC Registry\Common\Run C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey Nvtmru Registry\Common\Run C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe Plex Media Server Registry\User\Run C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe puush Registry\User\Run C:\Program Files (x86)\puush\puush.exe RtHDVCpl Registry\Common\Run C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ShadowPlay Registry\Common\Run C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart Skype Registry\User\Run C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun Snagit 11 StartMenu\Common C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe Spotify Web Helper Registry\User\Run C:\Users\Devihaka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe Spotify Registry\User\Run C:\Users\Devihaka\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart Steam Registry\User\Run E:\Steam\Steam.exe -silent SunJavaUpdateSched Registry\Common\Run C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe SwitchBoard Registry\Common\Run C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe uTorrent Registry\User\Run C:\Users\Devihaka\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED --------[ Scheduled ]--------------------------------------------------------------------------------------------------- [ Adobe Flash Player Updater ] Task Properties: Task Name Adobe Flash Player Updater Status Enabled Application Name C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Application Parameters Working Folder Comment This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes. Account Name SYSTEM Creator Adobe Systems Incorporated Last Run 12/24/2013 9:06:00 PM Next Run 12/25/2013 12:06:00 AM Task Triggers: Daily At 7:06:00 PM every day - After triggered, repeat every 1 hour for a duration of 1 day [ AutoKMS ] Task Properties: Task Name AutoKMS Status Enabled Application Name C:\Windows\AutoKMS\AutoKMS.exe Application Parameters Working Folder Comment AutoKMS Account Name SYSTEM Creator Last Run Unknown Next Run 12/25/2013 11:15:09 PM Task Triggers: Daily At 23:15:09.653 every day At startup At system startup [ CCleanerSkipUAC ] Task Properties: Task Name CCleanerSkipUAC Status Enabled Application Name "C:\Program Files\CCleaner\CCleaner.exe" Application Parameters $(Arg0) Working Folder Comment Account Name Devihaka Creator Piriform Ltd Last Run 12/21/2013 10:39:34 PM Next Run Unknown [ GoogleUpdateTaskMachineCore ] Task Properties: Task Name GoogleUpdateTaskMachineCore Status Enabled Application Name C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Application Parameters /c Working Folder Comment Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. Account Name SYSTEM Creator Devihaka Last Run 12/24/2013 11:11:30 PM Next Run 12/25/2013 10:50:00 PM Task Triggers: At log on At log on of any user Daily At 10:50:00 PM every day [ GoogleUpdateTaskMachineUA ] Task Properties: Task Name GoogleUpdateTaskMachineUA Status Enabled Application Name C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Application Parameters /ua /installsource scheduler Working Folder Comment Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. Account Name SYSTEM Creator Devihaka Last Run 12/24/2013 9:50:00 PM Next Run 12/24/2013 11:50:00 PM Task Triggers: Daily At 10:50:00 PM every day - After triggered, repeat every 1 hour for a duration of 1 day [ HP Officejet 6600 ] --------[ Installed Programs ]------------------------------------------------------------------------------------------ µTorrent 3.4.0.30345 Unknown uTorrent BitTorrent Inc. µTorrent 3.4.0.30345 Unknown uTorrent BitTorrent Inc. 7-Zip 9.20 (x64 edition) 9.20.00.0 Unknown {23170F69-40C1-2702-0920-000001000000} Igor Pavlov 2013-10-20 Actual Multiple Monitors 8.0 8.0 Unknown Actual Multiple Monitors_is1 Actual Tools 2013-10-20 Adobe Acrobat XI Pro 11.0.03 Unknown {AC76BA86-1033-FFFF-7760-000000000006} Adobe Systems 2013-10-28 Adobe Flash Player 10 ActiveX 10.0.32.18 Unknown Adobe Flash Player ActiveX Adobe Systems Incorporated Adobe Flash Player 11 Plugin 11.9.900.170 Unknown Adobe Flash Player Plugin Adobe Systems Incorporated Adobe Photoshop CS6 13.0 Unknown {74EB3499-8B95-4B5C-96EB-7B342F3FD0C6} Adobe Systems Incorporated Adobe Reader XI (11.0.05) 11.0.05 Unknown {AC76BA86-7AD7-1033-7B44-AB0000000001} Adobe Systems Incorporated 2013-11-04 AIDA64 Extreme Edition v3.00 3.00 Unknown AIDA64 Extreme Edition_is1 FinalWire Ltd. 2013-11-28 Akamai NetSession Interface Unknown Akamai Akamai Technologies, Inc Akamai NetSession Interface Unknown Akamai Akamai Technologies, Inc Audacity 2.0.5 2.0.5 Unknown Audacity_is1 Audacity Team 2013-12-06 Blend for Visual Studio 2012 ENU resources 5.0.30709.0 Unknown {532DBCC8-9468-435C-AEF6-30B7F50735A2} Microsoft Corporation 2013-11-27 Blend for Visual Studio 2012 5.0.30709.0 Unknown {57F20F04-014D-453F-B6A3-AE9485C4DFAB} Microsoft Corporation 2013-11-27 Camtasia Studio 7 7.0.0 Unknown {53FA9A9F-3C19-4D43-AD6B-DEF365D469BA} TechSmith Corporation 2013-11-15 CCleaner 4.08 Unknown CCleaner Piriform Combined Community Codec Pack 2013-10-17 2013.10.17.0 Unknown Combined Community Codec Pack_is1 CCCP Project 2013-11-21 Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BED39C88-768C-4345-BF11-58436C984F2A} Microsoft Defraggler 2.16 Unknown Defraggler Piriform Dotfuscator and Analytics Community Edition 5.5.4521.29298 Unknown {372D17F6-A54E-4A01-B264-1314890FFE61} PreEmptive Solutions 2013-11-27 Entity Framework Designer for Visual Studio 2012 - enu 11.1.20702.00 Unknown {0A1A1D48-DB23-443A-BC7B-49255D138020} Microsoft Corporation 2013-11-27 Etron USB3.0 Host Controller 0.104 Unknown {DFBB738C-71D8-4DC5-B8D2-D65C37680E27} Etron Technology 2013-10-20 EVGA Precision X 4.2.1 4.2.1 Unknown PrecisionX EVGA Corporation ExamGuard [english] 1.02.0001 Unknown {D78149D7-480E-4012-8071-7B68B3E02527} Respondus, Inc. 2013-10-20 f.lux Unknown Flux f.lux Unknown Flux FileZilla Client 3.6.0.2 3.6.0.2 Unknown FileZilla Client FileZilla Project FormatFactory 3.2.0.1 3.2.0.1 Unknown FormatFactory Free Time Fraps (remove only) Unknown Fraps GeForce Experience NvStream Client Components [english (united kingdom)] 1.6.28 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC NVIDIA Corporation 2013-11-29 GeoGebra 4.2 4.2.60.0 Unknown GeoGebra 4.2 International GeoGebra Institute 2013-10-24 GitHub 1.2.5.0 Unknown 5f7eb300e2ea4ebf GitHub, Inc. GitHub 1.2.5.0 Unknown 5f7eb300e2ea4ebf GitHub, Inc. Google Chrome 31.0.1650.63 Unknown Google Chrome Google Inc. 2013-10-20 Google Cloud Printer 28.0.1489.0 Unknown {74AA24E0-AC50-4B28-BA46-9CF05467C9B7} Google Inc. Google Drive 1.13.5782.599 Unknown {56D4499E-AC3E-4B8D-91C9-C700C148C44B} Google, Inc. 2013-12-16 Google Update Helper 1.3.22.3 Unknown {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Inc. 2013-12-03 HP Officejet 6600 Basic Device Software 28.0.1315.0 Unknown {B407F586-D027-45C3-9109-CC2943E839FA} Hewlett-Packard Co. 2013-10-29 IIS 8.0 Express 8.0.1557 Unknown {7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7} Microsoft Corporation 2013-11-27 IIS Express Application Compatibility Database for x64 Unknown {9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb IIS Express Application Compatibility Database for x86 Unknown {fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb ImgBurn 2.5.8.0 Unknown ImgBurn LIGHTNING UK! 2013-12-24 Java 7 Update 40 (64-bit) 7.0.400 Unknown {26A24AE4-039D-4CA4-87B4-2F86417040FF} Oracle 2013-10-20 Java 7 Update 45 7.0.450 Unknown {26A24AE4-039D-4CA4-87B4-2F83217045FF} Oracle 2013-10-27 Java Auto Updater 2.1.9.8 Unknown {4A03706F-666A-4037-7777-5F2748764D10} Sun Microsystems, Inc. 2013-10-27 Java SE Development Kit 7 Update 40 (64-bit) 1.7.0.400 Unknown {64A3A4F4-B792-11D6-A78A-00B0D0170400} Oracle 2013-10-20 K-Lite Codec Pack 10.0.5 Basic 10.0.5 Unknown KLiteCodecPack_is1 2013-10-20 KVIrc Unknown KVIrc Szymon Stefanek and The KVIrc Development Team LAME v3.99.3 (for Windows) Unknown LAME_is1 2013-12-06 LocalESPC 8.59.25584 Unknown {BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6} Microsoft Corporation 2013-11-27 LocalESPCui for en-us 8.59.25584 Unknown {B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944} Microsoft 2013-11-27 Logitech Gaming Software 8.45 8.45.88 Unknown Logitech Gaming Software Logitech Inc. Logitech Gaming Software 8.45.88 Unknown {690285C2-2481-44FB-8402-162EA970A6DD} Logitech Inc. 2013-10-20 Malwarebytes Anti-Malware version 1.75.0.1300 1.75.0.1300 Unknown Malwarebytes' Anti-Malware_is1 Malwarebytes Corporation 2013-10-20 Mathematica Extras 9.0 (4055459) 9.0.1 Unknown A-WIN-Extras 9.0.1 4055459_is1 Wolfram Research, Inc. 2013-10-20 Microsoft .NET Framework 4 Multi-Targeting Pack 4.0.30319 Unknown {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE} Microsoft Corporation 2013-11-27 Microsoft .NET Framework 4.5 Multi-Targeting Pack 4.5.50709 Unknown {5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D} Microsoft Corporation 2013-11-27 Microsoft .NET Framework 4.5 SDK 4.5.50709 Unknown {1948E039-EC79-4591-951D-9867A8C14C90} Microsoft Corporation 2013-11-27 Microsoft .NET Framework 4.5.1 4.5.50938 Unknown {92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 Microsoft Corporation Microsoft .NET Framework 4.5.1 4.5.50938 Unknown {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} Microsoft Corporation 2013-10-20 Microsoft Access MUI (English) 2013 15.0.4420.1017 Unknown {90150000-0015-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-21 Microsoft Access Setup Metadata MUI (English) 2013 15.0.4420.1017 Unknown {90150000-0117-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-20 Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update 3.0.30710.0 Unknown {2F6CE32A-018D-4656-895B-9E5E20D7740A} Microsoft Corporation 2013-11-27 Microsoft ASP.NET MVC 3 3.0.20105.0 Unknown {DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA} Microsoft Corporation 2013-11-27 Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools 4.0.20710.0 Unknown {59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6} Microsoft Corporation 2013-11-27 Microsoft ASP.NET MVC 4 Runtime 4.0.20710.0 Unknown {942CC691-5B98-42A3-8BC5-A246BA69D983} Microsoft Corporation 2013-11-27 Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools 1.0.20710.0 Unknown {6F066545-40A2-4C38-A8F7-78581CC5C442} Microsoft Corporation 2013-11-27 Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools 2.0.20710.0 Unknown {57D782D7-49FD-48DE-AB47-A690A1519A2D} Microsoft Corporation 2013-11-27 Microsoft ASP.NET Web Pages 2 Runtime 2.0.20710.0 Unknown {FBBC8076-BB21-4E06-9FA0-309AEF6E35EE} Microsoft Corporation 2013-11-27 Microsoft ASP.NET Web Pages 1.0.20105.0 Unknown {631471BE-DEAB-454B-A9AC-CE3EB42C28B3} Microsoft Corporation 2013-11-27 Microsoft DCF MUI (English) 2013 15.0.4420.1017 Unknown {90150000-0090-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-20 Microsoft Excel MUI (English) 2013 15.0.4420.1017 Unknown {90150000-0016-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-21 Microsoft Groove MUI (English) 2013 15.0.4420.1017 Unknown {90150000-00BA-0409-1000-0000000FF1CE} Microsoft Corporation 2013-11-13 Microsoft Help Viewer 2.0 2.0.50727 Unknown Microsoft Help Viewer 2.0 Microsoft Corporation Microsoft Help Viewer 2.0 2.0.50727 Unknown {FEB375AB-6EEC-3929-8FAF-188ED81DD8B5} Microsoft Corporation 2013-11-27 Microsoft InfoPath MUI (English) 2013 15.0.4420.1017 Unknown {90150000-0044-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-20 Microsoft LightSwitch for Visual Studio 2012 Core 11.0.50727 Unknown {7437A4B9-314F-3B8F-827B-22909146E471} Microsoft Corporation 2013-11-27 Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU 11.0.50727 Unknown {E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF} Microsoft Corporation 2013-11-27 Microsoft Lync MUI (English) 2013 15.0.4420.1017 Unknown {90150000-012B-0409-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft NuGet - Visual Studio 2012 2.0.30625.9003 Unknown {00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05} Microsoft Corporation 2013-11-27 Microsoft Office 32-bit Components 2013 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-00C1-0000-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft Office OSM MUI (English) 2013 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-00E1-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-20 Microsoft Office OSM UX MUI (English) 2013 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-00E2-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-20 Microsoft Office Professional Plus 2013 15.0.4420.1017 - Office 2013 RTM Unknown Office15.PROPLUS Microsoft Corporation Microsoft Office Professional Plus 2013 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-0011-0000-1000-0000000FF1CE} Microsoft Corporation 2013-12-15 Microsoft Office Proofing (English) 2013 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-002C-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-20 Microsoft Office Proofing Tools 2013 - English 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-001F-0409-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft Office Proofing Tools 2013 - Español [spanish (spain, international sort)] 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-001F-0C0A-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft Office Shared 32-bit MUI (English) 2013 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-00C1-0409-1000-0000000FF1CE} Microsoft Corporation 2013-11-13 Microsoft Office Shared MUI (English) 2013 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-006E-0409-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft Office Shared Setup Metadata MUI (English) 2013 15.0.4420.1017 - Office 2013 RTM Unknown {90150000-0115-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-20 Microsoft OneNote MUI (English) 2013 15.0.4420.1017 Unknown {90150000-00A1-0409-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft Outlook MUI (English) 2013 15.0.4420.1017 Unknown {90150000-001A-0409-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft Portable Library Multi-Targeting Pack Language Pack - enu 11.0.50709.17929 Unknown {BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09} Microsoft Corporation 2013-11-27 Microsoft Portable Library Multi-Targeting Pack 11.0.50709.17929 Unknown {C4CAD994-6EA2-3121-8352-DA593150B322} Microsoft Corporation 2013-11-27 Microsoft PowerPoint MUI (English) 2013 15.0.4420.1017 Unknown {90150000-0018-0409-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft Publisher MUI (English) 2013 15.0.4420.1017 Unknown {90150000-0019-0409-1000-0000000FF1CE} Microsoft Corporation 2013-10-20 Microsoft Report Viewer Add-On for Visual Studio 2012 11.1.2802.16 Unknown {1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742} Microsoft Corporation 2013-11-27 Microsoft Security Client 4.4.0304.0 Unknown {E102B843-786A-4F58-AF75-6504570E207B} Microsoft Corporation 2013-11-19 Microsoft Security Essentials 4.4.304.0 Unknown Microsoft Security Client Microsoft Corporation 2013-11-19 Microsoft Silverlight 4 SDK 4.0.60310.0 Unknown {189AEA94-DAFB-487A-8CEE-F9D3DDE0A748} Microsoft Corporation 2013-11-27 Microsoft Silverlight 5 SDK 5.0.61118.0 Unknown {E1FBB3D4-ADB0-4949-B101-855DA061C735} Microsoft Corporation 2013-11-27 Microsoft Silverlight 5.1.20913.0 Unknown {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Corporation 2013-10-23 Microsoft SQL Server 2012 Command Line Utilities 11.0.2100.60 Unknown {9D573E71-1077-4C7E-B4DB-4E22A5D2B48B} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 Data-Tier App Framework 11.0.2316.0 Unknown {36E619BC-A234-4EC3-849B-779A7C865A45} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 Data-Tier App Framework 11.0.2316.0 Unknown {FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 Express LocalDB 11.0.2100.60 Unknown {13D558FE-A863-402C-B115-160007277033} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 Management Objects (x64) 11.0.2100.60 Unknown {FA0A244E-F3C2-4589-B42A-3D522DE79A42} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 Management Objects 11.0.2100.60 Unknown {DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 Native Client 11.0.2100.60 Unknown {49D665A2-4C2A-476E-9AB8-FCC425F526FC} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 Transact-SQL Compiler Service 11.0.2100.60 Unknown {BEB0F91E-F2EA-48A1-B938-7857ABF2A93D} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 Transact-SQL ScriptDom 11.0.2100.60 Unknown {0E8670B8-3965-4930-ADA6-570348B67153} Microsoft Corporation 2013-11-27 Microsoft SQL Server 2012 T-SQL Language Service 11.0.2100.60 Unknown {6D6D43E5-218C-4B05-92D3-2240810F4760} Microsoft Corporation 2013-11-27 Microsoft SQL Server Compact 4.0 SP1 x64 ENU 4.0.8876.1 Unknown {78909610-D229-459C-A936-25D92283D3FD} Microsoft Corporation 2013-11-27 Microsoft SQL Server Data Tools - enu (11.1.20627.00) 11.1.20627.00 Unknown {FA804794-2CCB-4301-954F-2C2894698876} Microsoft Corporation 2013-11-27 Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) 11.1.20627.00 Unknown {790E9425-8570-493F-9AE7-81AFC9E46930} Microsoft Corporation 2013-11-27 Microsoft SQL Server System CLR Types (x64) 10.50.1600.1 Unknown {4701DEDE-1888-49E0-BAE5-857875924CA2} Microsoft Corporation 2013-11-27 Microsoft SQL Server System CLR Types 10.50.1600.1 Unknown {A47FD1BF-A815-4A76-BE65-53A15BD5D25D} Microsoft Corporation 2013-11-27 Microsoft System CLR Types for SQL Server 2012 (x64) 11.0.2100.60 Unknown {F1949145-EB64-4DE7-9D81-E6D27937146C} Microsoft Corporation 2013-11-27 Microsoft System CLR Types for SQL Server 2012 11.0.2100.60 Unknown {E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2005 Redistributable (x64) 8.0.61000 Unknown {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} Microsoft Corporation 2013-11-14 Microsoft Visual C++ 2005 Redistributable 8.0.61001 Unknown {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Corporation 2013-11-14 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 9.0.30729 Unknown {8220EEFE-38CD-377E-8595-13398D740ACE} Microsoft Corporation 2013-10-20 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 9.0.30729.4148 Unknown {4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Corporation 2013-11-14 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 9.0.30729.6161 Unknown {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Corporation 2013-10-24 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 Unknown {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Corporation 2013-11-14 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161 Unknown {9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Corporation 2013-10-23 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 10.0.40219 Unknown {1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Corporation 2013-11-29 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219 Unknown {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Corporation 2013-11-29 Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 11.0.50727 Unknown {D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 Compilers - ENU Resources 11.0.50727 Unknown {A4366F69-CE22-4DB7-9C8C-46A5845AF997} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 Compilers 11.0.50727 Unknown {1F8E06E2-BA93-40DC-B183-E024CBD853A8} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 Core Libraries 11.0.50727 Unknown {AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 Extended Libraries 11.0.50727 Unknown {731C183B-86A0-3442-BE55-68A7C92581E9} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries 11.0.50727 Unknown {29F259D7-C517-3EED-84B4-237573CFD39C} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11.0.61030.0 Unknown {a55ac379-46b0-461a-95b1-fef5c08443f2} Microsoft Corporation Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 11.0.50727 Unknown {AC53FC8B-EE18-3F9C-9B59-60937D0B182C} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 11.0.50727 Unknown {2B997E80-3BEC-3222-9114-98DBE1182B2E} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 11.0.50727 Unknown {A2CB1ACB-94A2-32BA-A15E-7D80319F7589} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 11.0.61030 Unknown {B175520C-86A2-35A7-8619-86DC379688B9} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 11.0.50727 Unknown {1C163D33-33B3-33EB-A617-0D4D852BE8E1} Microsoft Corporation 2013-11-27 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 11.0.61030 Unknown {BD95A8CD-1D9F-35AD-981A-3E7925026EBB} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2010 Office Developer Tools (x64) 11.0.50727 Unknown {572E796D-C52B-3797-A685-2FB6F895D4BE} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) 10.0.40303 Unknown Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation Microsoft Visual Studio 2010 Tools for Office Runtime (x64) 10.0.40308 Unknown {B143BE44-8723-315E-9413-011C55873C0E} Microsoft Corporation 2013-11-29 Microsoft Visual Studio 2012 Devenv Resources 11.0.50727 Unknown {B1465D1D-6427-4CA1-AE29-8B699209E663} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 Devenv 11.0.50727 Unknown {330E5D98-20D2-4CA4-AE51-FCB8AA80F634} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 IntelliTrace Core amd64 11.0.50727 Unknown {6AAF4427-3039-4C8A-BE53-D6F01C21AD46} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 IntelliTrace Core x86 11.0.50727 Unknown {B3533B84-A8DF-4A7A-8E95-B15F08B26E96} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 IntelliTrace Front End x86 11.0.50727 Unknown {D971780F-A609-4F78-92AA-B56FBC3955B9} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 Performance Collection Tools - ENU 11.0.50727 Unknown {FE74AC04-F248-4641-B3A9-89C6AA4339CD} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 Performance Collection Tools 11.0.50727 Unknown {633AB014-DDE6-403E-A302-8920CC32C543} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 Preparation 11.0.50727 Unknown {246B0F46-F84E-4857-8C47-F2A86B598BC5} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack 11.0.50727 Unknown {B9F35D86-242E-3FA4-B9F8-A982E0DF918D} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 SharePoint Developer Tools 11.0.50727 Unknown {A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies 11.0.50727 Unknown {820C677A-41B2-48C3-8136-FEE35A052E73} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 Shell (Minimum) Resources 11.0.50727 Unknown {38FC6E9A-F719-431A-A83D-4C86D5FD6555} Microsoft Corporation 2013-11-27 Microsoft Visual Studio 2012 Shell (Minimum) 11.0.50727 Unknown {800F484E-9D69-492D-B656-7BAA32586142} Microsoft Corporation 2013-11-29 Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU 4.0.8876.1 Unknown {E818AE7C-244B-4A50-9C86-C0E4A8B69159} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Premium 2012 - ENU 11.0.50727 Unknown {6FC3B79F-47C6-38AF-B9A9-67DE3C639598} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Premium 2012 11.0.50727 Unknown {046806D1-0A38-3FCA-AF84-F71C50A0C363} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Professional 2012 - ENU 11.0.50727 Unknown {CFFDC0EC-6924-3347-B047-13339EDBEC28} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Professional 2012 11.0.50727 Unknown {93489CA8-6656-33A0-A5AC-E0EDEDB17C3E} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU 11.0.50727 Unknown {68A48EF1-DF03-394F-AF40-1E4FE42BB8DD} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Team Foundation Server 2012 Object Model 11.0.50727 Unknown {6F07A6C2-9068-3673-A120-DC10012468C6} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU 11.0.50727 Unknown {55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Team Foundation Server 2012 Storyboarding 11.0.50727 Unknown {28D85F24-B685-3364-BB7C-284C88C2FFE5} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU 11.0.50727 Unknown {1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Team Foundation Server 2012 Team Explorer 11.0.50727 Unknown {6DAB46E3-D017-3E2B-85D8-F57A230384C0} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Ultimate 2012 - ENU 11.0.50727 Unknown {1172AC15-080E-30E3-85B0-FF59AD2E6315} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core 11.0.50727 Unknown {C1BE4600-7D15-3D1E-8AA2-B3241DB1D063} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources 11.0.50727 Unknown {2C0CC01A-DDBC-3AED-AF18-E741242FD727} Microsoft Corporation 2013-11-27 Microsoft Visual Studio Ultimate 2012 11.0.50727.1 Unknown {f9024a51-ab45-4a46-b597-ce12f74963c7} Microsoft Corporation Microsoft Visual Studio Ultimate 2012 11.0.50727 Unknown {EFA87714-E75A-3BFC-A698-A3AABA5A8A0C} Microsoft Corporation 2013-11-27 Microsoft Web Deploy dbSqlPackage Provider - enu 10.3.20225.0 Unknown {E4C33F5B-1B2F-466E-957E-B274F08151A0} Microsoft Corporation 2013-11-27 Microsoft Web Developer Tools - Visual Studio 2012 1.0.30710.0 Unknown {B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E} Microsoft Corporation 2013-11-27 Microsoft Web Platform Installer 4.0 4.0.1622 Unknown {E2B8249D-895C-4685-8C83-00F3B1A13028} Microsoft Corporation 2013-11-27 Microsoft Word MUI (English) 2013 15.0.4420.1017 Unknown {90150000-001B-0409-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 Microsoft_VC80_CRT_x86 8.0.50727.4053 Unknown {92D58719-BBC1-4CC3-A08B-56C9E884CC2C} Adobe 2013-11-14 Microsoft_VC90_CRT_x86 1.00.0000 Unknown {08D2E121-7F6A-43EB-97FD-629B44903403} Adobe 2013-11-14 Mozilla Firefox 25.0 (x86 en-US) 25.0 Unknown Mozilla Firefox 25.0 (x86 en-US) Mozilla Mozilla Maintenance Service 24.2.0 Unknown MozillaMaintenanceService Mozilla Mozilla Thunderbird 24.2.0 (x86 en-US) 24.2.0 Unknown Mozilla Thunderbird 24.2.0 (x86 en-US) Mozilla MSVCRT Redists 1.0 Unknown {AB085680-FE98-11E1-A232-F04DA23A5C58} Sony Creative Software Inc. 2013-10-25 Notepad++ 6.5 Unknown Notepad++ Notepad++ Team NVIDIA 3D Vision Controller Driver 331.82 [english (united kingdom)] 331.82 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB NVIDIA Corporation 2013-11-29 NVIDIA 3D Vision Driver 331.82 [english (united kingdom)] 331.82 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision NVIDIA Corporation 2013-11-29 NVIDIA Control Panel 331.82 [english (united kingdom)] 331.82 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel NVIDIA Corporation 2013-11-29 NVIDIA GeForce Experience 1.7.1 [english (united kingdom)] 1.7.1 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience NVIDIA Corporation 2013-11-29 NVIDIA Graphics Driver 331.82 [english (united kingdom)] 331.82 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver NVIDIA Corporation 2013-11-29 NVIDIA HD Audio Driver 1.3.26.4 [english (united kingdom)] 1.3.26.4 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver NVIDIA Corporation 2013-11-29 NVIDIA Install Application [english (united kingdom)] 2.1002.140.952 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer NVIDIA Corporation 2013-11-29 NVIDIA LED Visualizer 1.0 [english (united kingdom)] 1.0 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer NVIDIA Corporation 2013-11-29 NVIDIA PhysX System Software 9.13.0725 [english (united kingdom)] 9.13.0725 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX NVIDIA Corporation 2013-10-20 NVIDIA PhysX 9.13.0725 Unknown {7B5AA67E-FEA0-40BB-BAB5-CA56645A589C} NVIDIA Corporation 2013-10-20 NVIDIA ShadowPlay 9.3.21 [english (united kingdom)] 9.3.21 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay NVIDIA Corporation 2013-11-29 NVIDIA Stereoscopic 3D Driver 7.17.13.3182 Unknown NVIDIAStereo NVIDIA Corporation NVIDIA Update 9.3.21 [english (united kingdom)] 9.3.21 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update NVIDIA Corporation 2013-11-29 NVIDIA Update Components [english (united kingdom)] 9.3.21 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update NVIDIA Corporation 2013-11-29 NVIDIA Virtual Audio 1.2.9 [english (united kingdom)] 1.2.9 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver NVIDIA Corporation 2013-11-29 ON_OFF Charge B11.0110.1 [english] 1.00.0001 Unknown {3DECD372-76A1-4483-BF10-B547790A3261} GIGABYTE 2013-10-20 Oracle VM VirtualBox 4.3.0 4.3.0 Unknown {7CBBEE56-EEF2-462D-B1CE-EACDBBF6457E} Oracle Corporation 2013-10-21 Outils de vérification linguistique 2013 de Microsoft Office - Français [french (france)] 15.0.4420.1017 Unknown {90150000-001F-040C-1000-0000000FF1CE} Microsoft Corporation 2013-12-12 PDF Settings CS6 11.0 Unknown {BFEAAE77-BD7F-4534-B286-9C5CB4697EB1} Adobe Systems Incorporated 2013-11-14 Pinnacle Game Profiler 7.1.0 Unknown {49BF48CC-ABB6-4795-9B35-B5DE005D8612} PowerUp Software Plex Home Theater 1.0.4 Unknown Plex Home Theater Plex inc Plex Media Server 0.9.806 Unknown {1b2ad75b-cf46-4b43-b33c-d3604ddc6d0f} Plex, Inc. Plex Media Server 0.9.806 Unknown {A26D84DE-ECF1-4E47-B788-C8841F815FB7} Plex, Inc. 2013-10-20 Plex 0.9.504 Unknown Plex Plex, Inc Plex 0.9.504 Unknown Plex Plex, Inc PreEmptive Analytics Visual Studio Components 1.0.2180.1 Unknown {2C76E3DA-BA76-4FAD-B1B1-72B46D639028} PreEmptive Solutions 2013-11-27 Prerequisites for SSDT 11.0.2100.60 Unknown {9169C939-ED01-446A-BD0C-29873BAF4E48} Microsoft Corporation 2013-11-27 puush 1.0.0.0 Unknown {C3592426-531E-4110-911D-BFECE2CE284B} Dean Herbert 2013-10-20 Realtek Ethernet Controller Driver [english] 7.38.113.2011 Unknown {8833FFB6-5B0C-4764-81AA-06DFEED9A476} Realtek 2013-10-20 Realtek High Definition Audio Driver [english] 6.0.1.6433 Unknown {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} Realtek Semiconductor Corp. 2013-10-20 Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{41DF329D-1966-484D-8856-53E9491D998D} Microsoft Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition Unknown {90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{33FAB0CC-BE46-4D68-A51D-AB9C3DE2E8E7} Microsoft Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition Unknown {90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{33FAB0CC-BE46-4D68-A51D-AB9C3DE2E8E7} Microsoft Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition Unknown {90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{33FAB0CC-BE46-4D68-A51D-AB9C3DE2E8E7} Microsoft Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AC8EFFF5-000D-4205-9164-34E346CC6009} Microsoft Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AC8EFFF5-000D-4205-9164-34E346CC6009} Microsoft Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition Unknown {90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34CF0CA3-AEC4-46E6-B883-02B9FD2CF010} Microsoft Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition Unknown {90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{594F3F8D-DB6B-4D1A-ACA1-76B79FD564AA} Microsoft Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D6F7BF27-F97C-4D16-9121-7C19A112EA5A} Microsoft Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1AECEC1-DB6E-4AEC-BBC7-9D0A7B953011} Microsoft Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition Unknown {90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{38B54D9E-A74F-4AEE-94F5-6372666EC2C9} Microsoft Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E1AECEC1-DB6E-4AEC-BBC7-9D0A7B953011} Microsoft Security Update for Microsoft Outlook 2013 (KB2837618) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{73EA8579-0D2A-4603-B156-5D29E2DF619C} Microsoft Security Update for Microsoft Outlook 2013 (KB2837618) 64-Bit Edition Unknown {90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C40A6D83-E118-4A09-AAC6-A160C0F02002} Microsoft SHIELD Streaming [english (united kingdom)] 1.6.53 Unknown {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv NVIDIA Corporation 2013-11-29 Skype Click to Call 6.13.13771 Unknown {B6CF2967-C81E-40C0-9815-C05774FEF120} Skype Technologies S.A. 2013-10-20 Skype™ 6.3 6.3.105 Unknown {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} Skype Technologies S.A. 2013-10-20 Snagit 11 11.2.0 Unknown {44BD21C2-9132-48DB-B65B-23817E4C6F4B} TechSmith Corporation 2013-10-20 Spotify 0.9.6.81.gd359a796 Unknown Spotify Spotify AB 2013-12-06 Spotify 0.9.6.81.gd359a796 Unknown Spotify Spotify AB 2013-12-06 Steam 1.0.0.0 Unknown {048298C9-A4D3-490B-9FF9-AB023A9238F3} Valve Corporation 2013-11-01 TeamSpeak 3 Client 3.0.13.1 Unknown TeamSpeak 3 Client TeamSpeak Systems GmbH Tools for .Net 3.5 3.11.50727 Unknown {1690CE56-2231-4E59-9006-A0876D949EA8} Microsoft Corporation 2013-11-27 Unreal Anthology [english] 1.00.0000 Unknown {14AA72DA-DB40-4A34-93A6-401A81D7AF9E} Epic 2013-11-16 Update for (KB2504637) 1 Unknown {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637 Microsoft Corporation Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition Unknown {90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D5412C67-998B-4246-A668-AB522D9F63FE} Microsoft Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{614E655F-A0ED-435A-8E0C-A81EE4BA7BC7} Microsoft Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E759A69-FA72-4B3C-BE2F-D1194764D31E} Microsoft Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition Unknown {90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F8580E12-045B-471B-AF74-98C977347F4E} Microsoft Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047} Microsoft Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047} Microsoft Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF} Microsoft Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF} Microsoft Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FEFF9FF6-FF61-455E-A8CC-3A1311A657AD} Microsoft Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3FF4EA9F-3505-4726-A974-6593A968FFCC} Microsoft Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9406D70B-2D9C-4613-A75A-F35B66BA8AFA} Microsoft Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA390537-AA88-450F-A240-5FB4648A124A} Microsoft Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8D57F4A-0824-4043-89E7-3C6280B67A47} Microsoft Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AC4470FB-8011-4F16-B5D4-E0A34DE10C87} Microsoft Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8B3D175-48B8-413F-8484-4D81E744B51C} Microsoft Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8587E5B1-6279-4396-B9AC-20B334F4FF88} Microsoft Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition Unknown {90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{39E58ED8-B687-49BD-88F9-968563F51F8E} Microsoft Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C809B1D6-BD31-4496-BCFE-4567E0854F5F} Microsoft Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4FD8F672-3206-469C-B9F0-D6E72F7ACAB2} Microsoft Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition Unknown {90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{856D47BC-036C-4692-8702-D6CCA8F428D0} Microsoft Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF} Microsoft Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF} Microsoft Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F33ABF6A-3007-47E8-8E38-506A18E54641} Microsoft Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B38036CB-BAF6-41D4-8810-FD016453ABB9} Microsoft Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2A286156-257B-4528-9DB5-B4D4D53211BC} Microsoft Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition Unknown {90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{92833C80-DC88-4A22-8630-407F810EF57B} Microsoft Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition Unknown {90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{602346D6-8E2F-4B0E-820A-CD62AC5B0DC9} Microsoft Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition Unknown {90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{00A8F3D3-B596-4E04-A180-C9EB4EC87762} Microsoft Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F2187E8D-C68A-4655-8551-1932878A5581} Microsoft Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9353CD85-4B19-45C4-8DBA-1391926351F6} Microsoft Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9353CD85-4B19-45C4-8DBA-1391926351F6} Microsoft Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6EE51F51-57B1-4DC7-96C2-857DB7F0BE93} Microsoft Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0A90C645-3F9A-4CF9-BF62-2609602E3DAB} Microsoft Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3A48DE63-607B-4FEA-A862-B52669C4433C} Microsoft Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B} Microsoft Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition Unknown {90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A3C746D9-41B4-4C7E-BF60-0F8C50AD5A0F} Microsoft Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B} Microsoft Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{000791D2-642D-418E-A3E9-96E72D8C67B8} Microsoft Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{000791D2-642D-418E-A3E9-96E72D8C67B8} Microsoft Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44} Microsoft Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition Unknown {90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{EADF44E2-DD3F-4FAC-B17F-566956C06503} Microsoft Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44} Microsoft Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6FF949A3-1C3F-41C2-9464-933E885ECB53} Microsoft Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition Unknown {90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{52105DB7-F9D9-482C-8796-1461BBB69123} Microsoft Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BBD4F4CE-65D4-4CEB-AE19-E5296A57AA6C} Microsoft Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2837C624-A972-43CF-BCE5-0AE2EFED72E3} Microsoft Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306} Microsoft Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition Unknown {90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306} Microsoft Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition Unknown {90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{538E777B-4508-4ABF-97E2-B93C1BF1CD77} Microsoft Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition Unknown {90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{538E777B-4508-4ABF-97E2-B93C1BF1CD77} Microsoft Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F16E7B82-23FE-4054-AB73-EAE53965251C} Microsoft Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1F1940B-94DF-4DCB-BF82-9530D7FBB1BF} Microsoft Update for Microsoft Visual Studio 2012 (KB2781514) 11.0.51219 Unknown {56ef8912-352f-4fab-9c73-6f1c92a7127f} Microsoft Corporation Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{61478C06-9447-4B7E-AFB8-656B3A64EC83} Microsoft Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition Unknown {90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DA8548B2-D229-4643-B6E2-989B3CFEECFB} Microsoft Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition Unknown {90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DA8548B2-D229-4643-B6E2-989B3CFEECFB} Microsoft Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition Unknown {90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DA8548B2-D229-4643-B6E2-989B3CFEECFB} Microsoft Update for Microsoft Word 2013 (KB2850060) 64-Bit Edition Unknown {90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{421E5A94-A3C0-4CBC-AEDB-D42EF91C07A3} Microsoft Vegas Pro 12.0 (64-bit) 12.0.367 Unknown {A7500970-FE98-11E1-B560-F04DA23A5C58} Sony 2013-10-25 Visual Studio 2012 Prerequisites - ENU Language Pack 11.0.50727 Unknown {13417784-A359-3CDD-8DE1-B7108707D647} Microsoft Corporation 2013-11-27 Visual Studio 2012 Prerequisites 11.0.50727 Unknown {61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5} Microsoft Corporation 2013-11-27 Visual Studio Extensions for Windows Library for JavaScript 1.0.8514.0 Unknown {89B4532E-19CE-4FA9-9692-10BFD5A38532} Microsoft Corporation 2013-11-27 VLC media player 2.0.8 2.0.8 Unknown VLC media player VideoLAN WCF Data Services 5.0 (for OData v3) Primary Components 5.0.50628.0 Unknown {0BCC836F-0B28-4090-B58A-64883BAA3B2F} Microsoft Corporation 2013-11-27 WCF Data Services Tools for Microsoft Visual Studio 2012 5.0.50710.0 Unknown {148878BD-A2A5-4CF1-A103-2BA632F41953} Microsoft Corporation 2013-11-27 WCF RIA Services V1.0 SP2 4.1.61829.0 Unknown {3A523AF9-D32F-4C85-8388-0335731F3405} Microsoft Corporation 2013-11-27 Windows App Certification Kit Native Components 8.59.25584 Unknown {3FA063D7-EDC1-AFA8-54AF-0563C7DEE070} Microsoft Corporation 2013-11-27 Windows App Certification Kit x64 8.59.25584 Unknown {02213A81-CB13-7262-5ABE-1FFA2C75559F} Microsoft Corporation 2013-11-27 Windows Runtime Intellisense Content - en-us 8.59.25584 Unknown {C81452EB-CBCF-B8EB-3124-48C5B3D506B0} Microsoft Corporation 2013-11-27 Windows Software Development Kit DirectX x64 Remote 8.59.25584 Unknown {5FB4C443-6BD6-1514-2717-3827D65AE6FB} Microsoft Corporation 2013-11-27 Windows Software Development Kit DirectX x86 Remote 8.59.25584 Unknown {23176E97-26CB-C72A-19EB-BFB21AC1D15A} Microsoft Corporation 2013-11-27 Windows Software Development Kit for Windows Store Apps DirectX x64 Remote 8.59.25584 Unknown {27EF252D-800C-ED42-9904-459FE0046225} Microsoft Corporation 2013-11-27 Windows Software Development Kit for Windows Store Apps DirectX x86 Remote 8.59.25584 Unknown {42F61556-29ED-8122-F39E-6F04EA5FF279} Microsoft Corporation 2013-11-27 Windows Software Development Kit for Windows Store Apps 8.59.25584 Unknown {D11F66FF-82B3-DDB8-1146-525370552BE1} Microsoft Corporation 2013-11-27 Windows Software Development Kit 8.59.25584 Unknown {60D5EF2A-4E0C-2C30-38F6-59C26E134F4A} Microsoft Corporation 2013-11-27 Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) 9.0.1 Unknown M-WIN-L 9.0.1 4055652_is1 Wolfram Research, Inc. 2013-10-20 WoW Private Server Launcher 1.00.0000 Unknown {5DDAE46E-7730-46F7-942C-838E19A16A50} The Old Element 2013-12-16 XnView 2.05 2.05 Unknown XnView_is1 Gougelet Pierre-e 2013-10-20 YourKit Java Profiler 2013 build 13062 Unknown YourKit Java Profiler 2013 build 13062 --------[ Licenses ]---------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.75.0.1300 2TE22 / NTD0-P93E-7YNG-TQ2V Microsoft Internet Explorer 9.11.9600.16428 342DG-6YJR8-X92GV-V7DCV-P4K27 Microsoft Office Professional Plus 2013 YC7DK-G2NP3-2QQC3-J6H88-GVGXT Microsoft Visual Studio H4JYX-6D3QW-JTG38-F9KQM-4G9CG Microsoft Windows 7 Ultimate 342DG-6YJR8-X92GV-V7DCV-P4K27 TechSmith Camtasia Studio GCABC-CPCCE-BPMMB-XAJXP-S8F6R Unreal Tournament 2004 AP2N6-LCJ84-AW8FN-XHWHG --------[ File Types ]-------------------------------------------------------------------------------------------------- _SLN Microsoft Visual Studio Solution _SLN100 Microsoft Visual Studio 2012 Solution _SLN110 Microsoft Visual Studio 2012 Solution _SLN60 Microsoft Visual Studio 6.0 Solution _SLN70 Microsoft Visual Studio .NET 2002 Solution _SLN71 Microsoft Visual Studio .NET 2003 Solution _SLN80 Microsoft Visual Studio 2005 Solution _SLN90 Microsoft Visual Studio 2008 Solution _VBXSLN100 Microsoft Visual Basic 2012 Express Solution _VBXSLN110 Microsoft Visual Basic 2012 Express Solution _VBXSLN80 Microsoft Visual Basic Express 2005 Solution _VBXSLN90 Microsoft Visual Basic Express 2008 Solution _VCPPXSLN100 Microsoft Visual C++ 2012 Express Solution _VCPPXSLN110 Microsoft Visual C++ 2012 Express Solution _VCPPXSLN80 Microsoft Visual C++ Express 2005 Solution _VCPPXSLN90 Microsoft Visual C++ Express 2008 Solution _VCSXSLN100 Microsoft Visual C# 2012 Express Solution _VCSXSLN110 Microsoft Visual C# 2012 Express Solution _VCSXSLN80 Microsoft Visual C# Express 2005 Solution _VCSXSLN90 Microsoft Visual C# Express 2008 Solution _VJSXSLN80 Microsoft Visual J# Express 2005 Solution _VPDXSLN100 Microsoft Visual Studio Express 2012 for Windows Phone Solution _VPDXSLN110 Microsoft Visual Studio Express 2012 for Windows Phone Solution _VW8XSLN110 Microsoft Visual Studio Express 2012 for Windows 8 Solution _VWDXSLN100 Microsoft Visual Studio Express 2012 for Web Solution _VWDXSLN110 Microsoft Visual Studio Express 2012 for Web Solution _VWDXSLN80 Microsoft Visual Web Developer Express 2005 Solution _VWDXSLN90 Microsoft Visual Web Developer Express 2008 Solution _WDXSLN110 Microsoft Visual Studio Express 2012 for Windows Desktop Solution 386 Virtual Device Driver 3G2 VLC media file (.3g2) video/3gpp2 3GA VLC media file (.3ga) 3GP VLC media file (.3gp) video/3gpp 3GP2 VLC media file (.3gp2) video/3gpp2 3GPP VLC media file (.3gpp) video/3gpp 669 VLC media file (.669) 8BA 8BA File 8BC 8BC File 8BE 8BE File 8BF 8BF File 8BI 8BI File 8BP 8BP File 8BS 8BS File 8BX 8BX File 8BY 8BY File 8LI 8LI File A52 VLC media file (.a52) AAC VLC media file (.aac) audio/vnd.dlna.adts AAUI Acrobat User Interface application/vnd.adobe.acrobat.aaui+xml ABR ABR File AC3 VLC media file (.ac3) ACB ACB File ACCDA Microsoft Access Add-in application/msaccess.addin ACCDB Microsoft Access Database application/msaccess ACCDC Microsoft Access Signed Package application/msaccess.cab ACCDE Microsoft Access ACCDE Database application/msaccess.exec ACCDR Microsoft Access Runtime Application application/msaccess.runtime ACCDT Microsoft Access Template application/msaccess.template ACCDU Microsoft Access Add-in Data ACCDW Microsoft Access Web Application application/msaccess.webapplication ACCESSOR Visual Studio Accessor file ACCFT Microsoft Access Template application/msaccess.ftemplate ACF ACF File ACL AutoCorrect List File ACO ACO File ACROBATSECURITYSETTINGS Adobe Acrobat Security Settings Document application/vnd.adobe.acrobat-security-settings ACT ACT File ACTIVITYDIAGRAM Activity Diagram File ACV ACV File ADDIN Visual Studio Add-in definition file text/xml ADE Microsoft Access Project Extension application/msaccess ADN Microsoft Access Blank Project Template ADO ADO File ADOBEBRIDGE Adobe Bridge URL application/x-bridge-url ADP Microsoft Access Project application/msaccess ADT VLC media file (.adt) audio/vnd.dlna.adts ADTS VLC media file (.adts) audio/vnd.dlna.adts AHS AHS File AHU AHU File AIF VLC media file (.aif) audio/aiff AIFC VLC media file (.aifc) audio/aiff AIFF VLC media file (.aiff) audio/aiff ALV ALV File AMP AMP File AMR VLC media file (.amr) AMS AMS File AMV VLC media file (.amv) ANI Animated Cursor AOB VLC media file (.aob) APE VLC media file (.ape) API API File APL APL File APPLICATION Application Manifest application/x-ms-application APPREF-MS Application Reference APPXMANIFEST AppX Manifest Source File ASA ASA File application/xml ASAX ASP.NET Server Application application/xml ASCX ASP.NET User Control application/xml ASE ASE File ASF VLC media file (.asf) video/x-ms-asf ASHX ASP.NET Generic Handler application/xml ASL ASL File ASM Assembler Source text/plain ASMX ASP.NET Web Service application/xml ASP ASP File ASPX ASP.NET Server Page application/xml AST AST File ASV ASV File ASX VLC media file (.asx) video/x-ms-asf ATF ATF File ATN ATN File AU VLC media file (.au) audio/basic AUP Audacity Project File AVA AVA File AVI VLC media file (.avi) video/avi AW Answer Wizard File AXT AXT File B4S VLC media file (.b4s) BAT Windows Batch File BDCM Visual Studio SharePoint BDC Designer File BDCR Visual Studio SharePoint BDC Designer Resource File BIN VLC media file (.bin) BLG Performance Monitor File BLW BLW File BMP BMP File image/bmp BPDX Adobe Acrobat Batch PDX files BSC Source Browser Database C C Source text/plain C2R C2R File CAB Cabinet File CAF VLC media file (.caf) CAMP WCS Viewing Condition Profile CAMPROJ Camtasia Studio Project CAMREC Camtasia Recorder Document CAT Security Catalog application/vnd.ms-pki.seccat CC C++ Source text/plain CD Class Diagram file text/plain CDA VLC media file (.cda) CDF Mathematica Notebook application/vnd.wolfram.cdf CDMP WCS Device Profile CDX CDX File CER Security Certificate application/x-x509-ca-cert CHA CHA File CHESSTITANSSAVE-MS .ChessTitansSave-ms CHK Recovered File Fragments CHM Compiled HTML Help file CIN CIN File CLASSDIAGRAM Class Diagram File CMD Windows Command Script CMMP Camtasia MenuMaker Project CMMTPL Camtasia MenuMaker Template COD C/C++ Code Listing text/plain COLLECTION Adobe Bridge Collection File COM MS-DOS Application COMFYCAKESSAVE-MS .ComfyCakesSave-ms COMPONENTDIAGRAM Component Diagram File COMPOSITEFONT Composite Font File CONFIG XML Configuration File application/xml CONTACT Contact File text/x-ms-contact COVERAGE Visual Studio Code Coverage File application/xml COVERAGEXML Visual Studio Code Coverage XML File CPL Control Panel Item CPP C++ Source text/plain CR2 CR2 File CRD Information Card CRDS Information Card Store CRL Certificate Revocation List application/pkix-crl CRT Security Certificate application/x-x509-ca-cert CRTX Microsoft Office Chart Template CRW CRW File CS Visual C# Source file text/plain CSH CSH File CSHTML ASP.NET Web Page (CSHTML) CSPROJ Visual C# Project file text/plain CSS Cascading Style Sheet Document text/css CSV Microsoft Excel Comma Separated Values File application/vnd.ms-excel CUE VLC media file (.cue) CUR Cursor text/plain CXX C++ Source text/plain DACPAC Microsoft SQL Server DAC Package File DATASOURCE Visual Studio Data Source File application/xml DB Data Base File DBML OR Designer DCP DCP File DCPR DCPR File DCR DCR File DDS DDS file DEF Export Definition File text/plain DER Security Certificate application/x-x509-ca-cert DESKLINK Desktop Shortcut DET Office Data File DGML Visual Studio Directed Graph Document application/xml DGSL Visual Shader Graph file DIAGCAB Diagnostic Cabinet DIAGCFG Diagnostic Configuration DIAGPKG Diagnostic Document DIB Bitmap Image image/bmp DIC Text Document DISCO Web Service Discovery File DIVX VLC media file (.divx) video/divx DLL Application Extension application/x-msdownload DMP Dump File DNG DNG File DOC Microsoft Word 97 - 2003 Document application/msword DOCHTML Microsoft Word HTML Document DOCM Microsoft Word Macro-Enabled Document application/vnd.ms-word.document.macroEnabled.12 DOCMHTML DOCMHTML File DOCX Microsoft Word Document application/vnd.openxmlformats-officedocument.wordprocessingml.document DOCXML Microsoft Word XML Document DOT Microsoft Word 97 - 2003 Template application/msword DOTHTML Microsoft Word HTML Template DOTM Microsoft Word Macro-Enabled Template application/vnd.ms-word.template.macroEnabled.12 DOTX Microsoft Word Template application/vnd.openxmlformats-officedocument.wordprocessingml.template DQY Microsoft Excel ODBC Query File DRC VLC media file (.drc) DRV Device Driver DSN Microsoft OLE DB Provider for ODBC Drivers DSP VC++ 6 Project text/plain DSW VC++ 6 Workspace text/plain DTD XML Document Type Definition application/xml-dtd DTS VLC media file (.dts) DV VLC media file (.dv) DVR Microsoft Recorded TV Show DVR-MS Microsoft Recorded TV Show DWFX XPS Document model/vnd.dwfx+xps EAP EAP File EASMX XPS Document model/vnd.easmx+xps EDMX ADO.NET Entity Data Model Designer EDRWX XPS Document model/vnd.edrwx+xps ELM Microsoft Office Themes File EMF EMF File EML E-mail Message EPRTX XPS Document model/vnd.eprtx+xps ERF ERF File ETL Windows Performance Analyzer Trace File EUPD Eden Eternal Private Server EVT EVT File EVTX EVTX File EXC Text Document EXE Application application/x-msdownload EXP Exports Library File EXR EXR File F4V VLC media file (.f4v) FBX FBX file FCDT FormsCentral Design Template application/vnd.adobe.formscentral.fcdt FDF Adobe Acrobat Forms Document application/vnd.fdf FDM Outlook Form Definition FEATURE Visual Studio SharePoint Feature File FEEDBACK Expression SketchFlow Feedback File FFO FFO File FILTERS VC++ Project Filters File Application/xml FL3 FL3 File FLAC VLC media file (.flac) FLOW Expression SketchFlow Data File FLV VLC media file (.flv) video/x-flv FON Font file FREECELLSAVE-MS .FreeCellSave-ms FS Visual F# Source file text/plain FSI Visual F# Signature file text/plain FSPROJ Visual F# Project file FSSCRIPT Visual F# Script file text/plain FSX Visual F# Script file text/plain FX FX Source text/plain FXG FXG File GADGET Windows Gadget GCSX Microsoft Office SmartArt Graphic Color Variation GENERICTEST Visual Studio Generic Test file application/xml GGB GeoGebra File application/vnd.geogebra.file GGT GeoGebra Tool application/vnd.geogebra.tool GIF GIF Image image/gif GLOX Microsoft Office SmartArt Graphic Layout GMMP WCS Gamut Mapping Profile GQSX Microsoft Office SmartArt Graphic Quick Style GRA Microsoft Graph Chart GRD GRD File GROUP Contact Group File text/x-ms-group GRP Microsoft Program Group GXF VLC media file (.gxf) H C/C++ Header text/plain H1C Windows Help Collection Definition File H1D Windows Help Validator File H1F Windows Help Include File H1H Windows Help Merged Hierarchy H1K Windows Help Index File H1Q Windows Help Merged Query Index H1S Compiled Windows Help file H1T Windows Help Table of Contents File H1V Windows Help Virtual Topic Definition File H1W Windows Help Merged Keyword Index HDD Virtual Hard Disk application/x-virtualbox-hdd HDMP Dump File HDR HDR File HEARTSSAVE-MS .HeartsSave-ms HLP Help File HLSL HLSL Source text/plain HLSLI HLSL Header text/plain HOL Outlook Holidays HPP C/C++ Header text/plain HPROF HPROF snapshot HTA HTML Application application/hta HTM HTML Document text/html HTML HTML Document text/html HXA Microsoft Help Attribute Definition File application/xml HXC Microsoft Help Collection Definition File application/xml HXD Microsoft Help Validator File application/octet-stream HXE Microsoft Help Samples Definition File application/xml HXF Microsoft Help Include File application/xml HXH Microsoft Help Merged Hierarchy File application/octet-stream HXI Microsoft Help Compiled Index File application/octet-stream HXK Microsoft Help Index File application/xml HXQ Microsoft Help Merged Query Index File application/octet-stream HXR Microsoft Help Merged Attribute Index File application/octet-stream HXS Microsoft Help Compiled Storage File application/octet-stream HXT Microsoft Help Table of Contents File application/xml HXV Microsoft Help Virtual Topic Definition File application/xml HXW Microsoft Help Attribute Definition File application/octet-stream HXX C/C++ Header text/plain I Preprocessed C/C++ Source text/plain ICC ICC Profile ICL Icon Library ICM ICC Profile ICO Icon image/x-icon ICS iCalendar File text/calendar IDB VC++ Minimum Rebuild Dependency File IDL Interface Definition Language File text/plain IFO VLC media file (.ifo) ILK Incremental Linker File IMG Disc Image File INC Include File text/plain INF Setup Information INFOPATHXML Microsoft InfoPath Form application/ms-infopath.xml INI Configuration Settings INL C/C++ Inline File text/plain IQY Microsoft Excel Web Query File text/x-ms-iqy IROS IROS File IRS IRS File ISO Disc Image File IT VLC media file (.it) ITRACE IntelliTrace File JAR Executable Jar File JFIF JPEG Image image/jpeg JFR Java Flight Recorder File JNLP JNLP File application/x-java-jnlp-file JNT Journal Document JOB Task Scheduler Task Object JOBOPTIONS Adobe PDF Settings JOD Microsoft.Jet.OLEDB.4.0 JPE JPEG Image image/jpeg JPEG JPEG Image image/jpeg JPG JPEG Image image/jpeg JPS JPS File image/jps JS JavaScript File text/plain JSE JScript Encoded File JSPROJ JavaScript app Project file JSX Adobe JavaScript file text/plain JSXBIN Adobe JavaScript Binary file text/plain JSXINC Adobe JavaScript Include file text/plain JTP Journal Template JTX XPS Document application/x-jtx+xps KMZ KMZ File KVA KVIrc Addon Package KVC KVIrc Configuration File KVS KVIrc KVS Script KVT KVIrc Theme Package KYS KYS File LABEL Property List LACCDB Microsoft Access Record-Locking Information LAYERDIAGRAM Layer Diagram File LDB Microsoft Access Record-Locking Information LEX Dictionary File LIB Object File Library LIBRARY-MS Library Folder application/windows-library+xml LIBZIP Camtasia Studio Library Assets LIC License LNK Shortcut LOADTEST Visual Studio Load Test File application/xml LOG Text Document LSPROJ LightSwitch Project file text/plain LST MASM Listing text/plain LVR Microsoft Environment Viewer M Mathematica Package application/vnd.wolfram.mathematica.package M1V VLC media file (.m1v) video/mpeg M2T VLC media file (.m2t) video/vnd.dlna.mpeg-tts M2TS VLC media file (.m2ts) video/vnd.dlna.mpeg-tts M2V VLC media file (.m2v) video/mpeg M3U VLC media file (.m3u) audio/x-mpegurl M3U8 VLC media file (.m3u8) M4A VLC media file (.m4a) audio/mp4 M4P VLC media file (.m4p) M4V VLC media file (.m4v) video/mp4 MA Mathematica 2.2 Notebook application/mathematica MAD Microsoft Access Module Shortcut MAF Microsoft Access Form Shortcut MAG Microsoft Access Diagram Shortcut MAHJONGTITANSSAVE-MS .MahjongTitansSave-ms MAK Makefile text/plain MAM Microsoft Access Macro Shortcut MAP Linker Address Map text/plain MAPIMAIL Mail Service MAQ Microsoft Access Query Shortcut MAR Microsoft Access Report Shortcut MAS Microsoft Access Stored Procedure Shortcut MASTER ASP.NET Master Page application/xml MAT Microsoft Access Table Shortcut MAU MAU File MAV Microsoft Access View Shortcut MAW Microsoft Access Data Access Page Shortcut MCL MCL File MDA Microsoft Access Add-in application/msaccess MDB Microsoft Access Database application/msaccess MDBHTML Microsoft Access HTML Document MDE Microsoft Access MDE Database application/msaccess MDMP Dump File MDN Microsoft Access Blank Database Template MDP VC++ 5 Workspace text/plain MDT Microsoft Access Add-in Data MDW Microsoft Access Workgroup Information MFCRIBBON-MS MFC Ribbon Definition XML File MFP Macromedia Flash Paper application/x-shockwave-flash MHT MHTML Document message/rfc822 MHTML MHTML Document message/rfc822 MID VLC media file (.mid) audio/mid MIDI MIDI Sequence audio/mid MIG Migration Store MINESWEEPERSAVE-MS .MinesweeperSave-ms MK Makefile text/plain MKA VLC media file (.mka) audio/x-matroska MKV VLC media file (.mkv) video/x-matroska MLC Language Pack File_ MLP VLC media file (.mlp) MNU MNU File MOD VLC media file (.mod) video/mpeg MODELPROJ Modeling Project File Application/xml MOS MOS File MOV VLC media file (.mov) video/quicktime MP1 VLC media file (.mp1) MP2 VLC media file (.mp2) audio/mpeg MP2V VLC media file (.mp2v) video/mpeg MP3 VLC media file (.mp3) audio/mpeg MP4 VLC media file (.mp4) video/mp4 MP4V VLC media file (.mp4v) video/mp4 MPA VLC media file (.mpa) video/mpeg MPC VLC media file (.mpc) MPE VLC media file (.mpe) video/mpeg MPEG VLC media file (.mpeg) video/mpeg MPEG1 VLC media file (.mpeg1) MPEG2 VLC media file (.mpeg2) MPEG4 VLC media file (.mpeg4) MPG VLC media file (.mpg) video/mpeg MPO MPO File image/mpo MPV2 VLC media file (.mpv2) video/mpeg MRW MRW File MSC Microsoft Common Console Document MSDVD MSDVD File MSG Outlook Item MSI Windows Installer Package MS-ONE-STUB Microsoft OneNote Stub MSP Windows Installer Patch MSRCINCIDENT Windows Remote Assistance Invitation MSSTYLES Windows Visual Style File MSU Microsoft Update Standalone Package MTS VLC media file (.mts) video/vnd.dlna.mpeg-tts MTV VLC media file (.mtv) MTX Visual Studio Manual Test text file application/xml MXF VLC media file (.mxf) MXI Adobe Extension Information File MXP Adobe Extension Package File application/x-mmxp MYDOCS MyDocs Drop Target NB Mathematica Notebook application/vnd.wolfram.mathematica NBP Mathematica Player Notebook application/vnd.wolfram.player NCB VC++ Intellisense Database NEF NEF File NFO MSInfo Configuration File NK2 Outlook Nickname File NSV VLC media file (.nsv) NUV VLC media file (.nuv) OBJ Object File OCX ActiveX control ODC Microsoft Office Data Connection text/x-ms-odc ODCCUBEFILE ODCCUBEFILE File ODCDATABASEFILE ODCDATABASEFILE File ODCNEWFILE ODCNEWFILE File ODCTABLECOLLECTIONFILE ODCTABLECOLLECTIONFILE File ODCTABLEFILE ODCTABLEFILE File ODH Interface Definition Language File text/plain ODL Interface Definition Language File text/plain ODP OpenDocument Presentation application/vnd.oasis.opendocument.presentation ODS OpenDocument Spreadsheet application/vnd.oasis.opendocument.spreadsheet ODT OpenDocument Text application/vnd.oasis.opendocument.text OFS Outlook Form Regions OFT Outlook Item Template OGA VLC media file (.oga) OGG Ogg Vorbis File application/ogg OGM VLC media file (.ogm) video/x-ogm OGV VLC media file (.ogv) OGX VLC media file (.ogx) OLS Office List Shortcut application/vnd.ms-publisher OMA VLC media file (.oma) ONE Microsoft OneNote Section application/msonenote ONEPKG Microsoft OneNote Single File Package application/msonenote ONETOC Microsoft OneNote 2003 Table Of Contents ONETOC2 Microsoft OneNote Table Of Contents OPC Microsoft Clean-up Wizard File OPUS VLC media file (.opus) OQY Microsoft Excel OLAP Query File ORDEREDTEST Visual Studio Ordered Test file application/xml ORF ORF File OSDX OpenSearch Description File application/opensearchdescription+xml OST Outlook Data File OTF OpenType Font file OTM Outlook VBA Project File OVA Open Virtualization Format Archive application/x-virtualbox-ova OVF Open Virtualization Format application/x-virtualbox-ovf OXPS Open XPS Document P10 Certificate Request application/pkcs10 P12 Personal Information Exchange application/x-pkcs12 P7B PKCS #7 Certificates application/x-pkcs7-certificates P7C Digital ID File application/pkcs7-mime P7M PKCS #7 MIME Message application/pkcs7-mime P7R Certificate Request Response application/x-pkcs7-certreqresp P7S PKCS #7 Signature application/pkcs7-signature PAB Outlook Personal Address Book PACKAGE Visual Studio SharePoint Package File PAL Palette File PARTIAL Partial Download PAT PAT File PBK Dial-Up Phonebook PBM PBM File PCA Perfect Clarity Audio File PCB PCB File PCD PCD File PCH Precompiled Header File PCX PCX File PDB Program Debug Database PDD PDD File PDF Adobe Acrobat Document application/pdf PDFXML Adobe Acrobat PDFXML Document application/vnd.adobe.pdfxml PDP PDP File PDX Acrobat Catalog Index application/vnd.adobe.pdx PEF PEF File PERFMONCFG Performance Monitor Configuration PFM Type 1 Font file PFX Personal Information Exchange application/x-pkcs12 PIF Shortcut to MS-DOS Program PKGDEF PKGDEF File text/plain PKGUNDEF PKGUNDEF File text/plain PKO Public Key Security Object application/vnd.ms-pki.pko PLE PLE File PLS VLC media file (.pls) PNF Precompiled Setup Information PNG PNG Image image/png PNS PNS File image/pns POT Microsoft PowerPoint 97-2003 Template application/vnd.ms-powerpoint POTHTML Microsoft PowerPoint HTML Template POTM Microsoft PowerPoint Macro-Enabled Design Template application/vnd.ms-powerpoint.template.macroEnabled.12 POTX Microsoft PowerPoint Template application/vnd.openxmlformats-officedocument.presentationml.template PPA Microsoft PowerPoint 97-2003 Addin application/vnd.ms-powerpoint PPAM Microsoft PowerPoint Addin application/vnd.ms-powerpoint.addin.macroEnabled.12 PPS Microsoft PowerPoint 97-2003 Slide Show application/vnd.ms-powerpoint PPSM Microsoft PowerPoint Macro-Enabled Slide Show application/vnd.ms-powerpoint.slideshow.macroEnabled.12 PPSX Microsoft PowerPoint Slide Show application/vnd.openxmlformats-officedocument.presentationml.slideshow PPT Microsoft PowerPoint 97-2003 Presentation application/vnd.ms-powerpoint PPTHTML Microsoft PowerPoint HTML Document PPTM Microsoft PowerPoint Macro-Enabled Presentation application/vnd.ms-powerpoint.presentation.macroEnabled.12 PPTMHTML PPTMHTML File PPTX Microsoft PowerPoint Presentation application/vnd.openxmlformats-officedocument.presentationml.presentation PPTXML Microsoft PowerPoint XML Presentation PRF PICS Rules File application/pics-rules PRINTEREXPORT Printer Migration File PROPS Project Property File PS PostScript File application/postscript PS1 PS1 File PS1XML PS1XML File PSB PSB File PSC1 PSC1 File application/PowerShell PSD Adobe Photoshop Image 13 PSD1 PSD1 File PSESS Visual Studio Performance Session application/xml PSF PSF File PSM1 PSM1 File PSP PSP File PST Outlook Data File PUB Microsoft Publisher Document application/vnd.ms-publisher PUBHTML PUBHTML File PUBMHTML PUBMHTML File PURBLEPAIRSSAVE-MS .PurblePairsSave-ms PURBLESHOPSAVE-MS .PurbleShopSave-ms PWZ Microsoft PowerPoint Wizard application/vnd.ms-powerpoint PXR PXR File QCP VLC media file (.qcp) QDS Directory Query RAF RAF File RAM VLC media file (.ram) RAT Rating System File application/rat-file RAW RAW File RC Resource Script text/plain RC2 Resource Script text/plain RCT Resource Compiler Template text/plain RDLC Report Definition File application/xml RDP Remote Desktop Connection REC VLC media file (.rec) REG Registration Entries RELS XML Document RES Compiled Resource Script RESJSON Resources File text/plain RESMONCFG Resource Monitor Configuration RESW Windows Resources File RESX .NET Managed Resources File application/xml RGS Registration Script text/plain RLE RLE File RLL Application Extension RM VLC media file (.rm) RMF Adobe Acrobat Rights Management Document application/vnd.adobe.rmf RMI VLC media file (.rmi) audio/mid RMVB VLC media file (.rmvb) RQY Microsoft Excel OLE DB Query File text/x-ms-rqy RTF Rich Text Format application/msword RULESET Visual Studio Code Analysis Rule Set application/xml S Assembler Source text/plain S3M VLC media file (.s3m) SBR Source Browser Intermediate File SCF Windows Explorer Command SCP Text Document SCR Screen saver SCT SCT File text/scriptlet SDF SQL Server Compact Edition Database File SDL Service Description Language SDP VLC media file (.sdp) SEARCHCONNECTOR-MS Search Connector Folder application/windows-search-connector+xml SEARCH-MS Saved Search SECSTORE SECSTORE File SEQU Adobe Acrobat Action File SEQUENCEDIAGRAM Sequence Diagram File SETTINGS Visual Studio Settings-Designer File application/xml SFA SFA File SFCACHE ReadyBoost Cache File SHC SHC File SHH SHH File SHTML SHTML File text/html SITEMAP ASP.NET Site Map application/xml SKIN ASP.NET Skin File application/xml SKYPE Skype Content application/x-skype SLD SLD File SLDM Microsoft PowerPoint Macro-Enabled Slide application/vnd.ms-powerpoint.slide.macroEnabled.12 SLDX Microsoft PowerPoint Slide application/vnd.openxmlformats-officedocument.presentationml.slide SLK Microsoft Excel SLK Data Import Format application/vnd.ms-excel SLN Microsoft Visual Studio Solution text/plain SLUPKG-MS XrML Digital License Package application/x-ms-license SNAG SNAG File SNAGACC SnagIt Accessory Installer SNAGPROF SnagIt Capture Profile SNAPSHOT YourKit snapshot SND VLC media file (.snd) audio/basic SNIPPET Visual Studio Code Snippet File application/xml SNK Visual Studio Strong Name Key File SOLITAIRESAVE-MS .SolitaireSave-ms SPC PKCS #7 Certificates application/x-pkcs7-certificates SPDATA Visual Studio SharePoint Project Item Data File SPIDERSOLITAIRESAVE-MS .SpiderSolitaireSave-ms SPL Shockwave Flash Object application/futuresplash SPX VLC media file (.spx) SQLPROJ Visual Studio SQL Server Project SRF SRF File text/plain SST Microsoft Serialized Certificate Store application/vnd.ms-pki.certstore STA STA File STL Certificate Trust List application/vnd.ms-pki.stl STVPROJ Microsoft TraceView Project File SUO Visual Studio Solution User Options SVC WCF Web Service application/xml SVCLOG WCF Trace File SVG SVG Document image/svg+xml SWF Shockwave Flash Object application/x-shockwave-flash SWITCHBOARD SWITCHBOARD File SYS System file TESTRUNCONFIG Visual Studio Test Run Configuration File application/xml TESTSETTINGS Visual Studio Test Settings File application/xml TGA TGA File THEME Windows Theme File THEMEPACK Windows Theme Pack THMX Microsoft Office Theme application/vnd.ms-officetheme TIF TIF File image/tiff TIFF TIFF File image/tiff TLH Typelib Generated C/C++ Header text/plain TLI Typelib Generated C/C++ Inline File text/plain TOD VLC media file (.tod) TPL TPL File TRC ATL MFC Trace Tool settings file TRX Visual Studio Test Results File application/xml TS VLC media file (.ts) video/vnd.dlna.mpeg-tts TS3_ADDON TeamSpeak Add-On TS3_ICONPACK TeamSpeak Add-On TS3_PLUGIN TeamSpeak Add-On TS3_SOUNDPACK TeamSpeak Add-On TS3_STYLE TeamSpeak Add-On TS3_TRANSLATION TeamSpeak Add-On TT Text Template TTA VLC media file (.tta) TTC TrueType Collection Font file TTF TrueType Font file TTS VLC media file (.tts) video/vnd.dlna.mpeg-tts TXT Text Document text/plain U3D U3D File UDL Microsoft Data Link UITEST Visual Studio Coded UI Test Map file application/xml URL URL File USECASEDIAGRAM Use Case Diagram File USER Visual Studio Project User Options file text/plain UXDC UXDC File VB Visual Basic Source file text/plain VBE VBScript Encoded File VBHTML ASP.NET Web Page (VBHTML) VBOX VirtualBox Machine Definition application/x-virtualbox-vbox VBOX-EXTPACK VirtualBox Extension Pack application/x-virtualbox-vbox-extpack VBPROJ Visual Basic Project file text/plain VBS VBScript Script File VCF vCard File text/x-vcard VCP eVC 3/4 Project VCPROJ VC++ Project Application/xml VCS vCalendar File VCW eVC 3/4 Workspace VCXPROJ VC++ Project Application/xml VDI Virtual Disk Image application/x-virtualbox-vdi VDW Microsoft Visio Document application/vnd.ms-visio.viewer VDX Microsoft Visio Document application/vnd.ms-visio.viewer VEG VEG File VF Movie Studio Project File VFD Virtual Machine Floppy Image VHD Virtual Hard Disk application/x-virtualbox-vhd VLC VLC media file (.vlc) VMC Virtual Machine Settings File VMCX Virtual Machine Shell Information VMDK Virtual Machine Disk Format application/x-virtualbox-vmdk VOB VLC media file (.vob) VOC VLC media file (.voc) VQF VLC media file (.vqf) VRO VLC media file (.vro) VSCONTENT Visual Studio Community Content Installer File application/xml VSCT VSCT File text/xml VSD Microsoft Visio Document application/vnd.ms-visio.viewer VSDM Microsoft Visio Document application/vnd.ms-visio.viewer VSDX Microsoft Visio Document application/vnd.ms-visio.viewer VSGLOG Graphics Experiment file VSI Visual Studio Community Content Installer File application/ms-vsi VSIX Microsoft Visual Studio Extension application/vsix VSIXLANGPACK VSIXLANGPACK File text/xml VSIXMANIFEST VSIXMANIFEST File text/xml VSMDI Visual Studio Test Meta Data File application/xml VSP Visual Studio Performance Report VSPF Visual Studio Performance Report Filter VSPROPS Project Property File VSPS Visual Studio Serialized Performance Report VSPSCC Visual Studio Source Control Project Metadata File text/plain VSPX Visual Studio Performance Report VSS Microsoft Visio Document application/vnd.ms-visio.viewer VSSCC Visual Studio Source Control Solution Root Metadata File text/plain VSSETTINGS Visual Studio Settings File text/xml VSSM Microsoft Visio Document application/vnd.ms-visio.viewer VSSSCC Visual Studio Source Control Solution Metadata File text/plain VSSX Microsoft Visio Document application/vnd.ms-visio.viewer VST Microsoft Visio Document application/vnd.ms-visio.viewer VSTEMPLATE Visual Studio Project/Item Template File text/xml VSTM Microsoft Visio Document application/vnd.ms-visio.viewer VSTO VSTO Deployment Manifest application/x-ms-vsto VSTX Microsoft Visio Document application/vnd.ms-visio.viewer VSV Virtual Machine Saved State VSX Microsoft Visio Document application/vnd.ms-visio.viewer VSZ Visual Studio Wizard Files VTX Microsoft Visio Document application/vnd.ms-visio.viewer VUD Virtual Machine Undo Drive VXD Virtual Device Driver W64 Wav64 File WAB Address Book File WAV VLC media file (.wav) audio/wav WAX Windows Media Audio shortcut audio/x-ms-wax WBCAT Windows Backup Catalog File WBK Microsoft Word Backup Document application/msword WCX Workspace Configuration File WDP Windows Media Photo image/vnd.ms-photo WEBM VLC media file (.webm) WEBPART Visual Studio SharePoint Web Part File WEBPNP Web Point And Print File WEBSITE Pinned Site Shortcut application/x-mswebsite WEBTEST Visual Studio Web Test File application/xml WEBTESTRESULT Visual Studio Web Test Result File WIQ Work Item Query File application/xml WIZ Microsoft Word Wizard application/msword WIZHTML Microsoft Access HTML Template WLL WLL File WM Windows Media Audio/Video file video/x-ms-wm WMA VLC media file (.wma) audio/x-ms-wma WMD Windows Media Player Download Package application/x-ms-wmd WMDB Windows Media Library WMF WMF File WMS Windows Media Player Skin File WMV VLC media file (.wmv) video/x-ms-wmv WMX Windows Media Audio/Video playlist video/x-ms-wmx WMZ Windows Media Player Skin Package application/x-ms-wmz WPA Windows Performance Analyzer Session File WPL Windows Media playlist application/vnd.ms-wpl WSC Windows Script Component text/scriptlet WSDL Web Service Description Language application/xml WSF Windows Script File WSH Windows Script Host Settings File WTV Windows Recorded TV Show WTX Text Document WV VLC media file (.wv) audio/x-wavpack WVX Windows Media Audio/Video playlist video/x-ms-wvx X3F X3F File XA VLC media file (.xa) XAML Windows Markup File application/xaml+xml XAMLX Workflow Service file XBAP XAML Browser Application application/x-ms-xbap XDP Adobe Acrobat XML Data Package File application/vnd.adobe.xdp+xml XDR XML Data Reduced Schema application/xml XEVGENXML XEVGENXML File XFDF Adobe Acrobat Forms Document application/vnd.adobe.xfdf XHT XHTML Document application/xhtml+xml XHTML XHTML Document application/xhtml+xml XLA Microsoft Excel Add-In application/vnd.ms-excel XLAM Microsoft Excel Add-In application/vnd.ms-excel.addin.macroEnabled.12 XLD Microsoft Excel 5.0 DialogSheet application/vnd.ms-excel XLK Microsoft Excel Backup File application/vnd.ms-excel XLL Microsoft Excel XLL Add-In application/vnd.ms-excel XLM Microsoft Excel 4.0 Macro application/vnd.ms-excel XLS Microsoft Excel 97-2003 Worksheet application/vnd.ms-excel XLSB Microsoft Excel Binary Worksheet application/vnd.ms-excel.sheet.binary.macroEnabled.12 XLSHTML Microsoft Excel HTML Document XLSM Microsoft Excel Macro-Enabled Worksheet application/vnd.ms-excel.sheet.macroEnabled.12 XLSMHTML XLSMHTML File XLSX Microsoft Excel Worksheet application/vnd.openxmlformats-officedocument.spreadsheetml.sheet XLT Microsoft Excel Template application/vnd.ms-excel XLTHTML Microsoft Excel HTML Template XLTM Microsoft Excel Macro-Enabled Template application/vnd.ms-excel.template.macroEnabled.12 XLTX Microsoft Excel Template application/vnd.openxmlformats-officedocument.spreadsheetml.template XLW Microsoft Excel Workspace application/vnd.ms-excel XLXML Microsoft Excel XML Worksheet XM VLC media file (.xm) XML XML Document text/xml XOML Windows Workflow File text/plain XPS XPS Document application/vnd.ms-xpsdocument XRM-MS XrML Digital License text/xml XSC Visual Studio Dataset Internal Info File application/xml XSD XML Schema File application/xml XSF Microsoft InfoPath Form Definition File XSL XSL Stylesheet text/xml XSLT XSLT Stylesheet application/xml XSN Microsoft InfoPath Form Template XSPF VLC media file (.xspf) XSS Visual Studio Dataset Internal Info File application/xml XTP Microsoft InfoPath Template Part File XTP2 Microsoft InfoPath Template Part File ZFSENDTOTARGET Compressed (zipped) Folder SendTo Target ZIP Compressed (zipped) Folder application/x-zip-compressed ZXP Adobe Zip Format Extension Package File application/x-mmxp --------[ Desktop Gadgets ]--------------------------------------------------------------------------------------------- [ Calendar ] Gadget Properties: Name Calendar Description Browse the days of the calendar. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Calendar.Gadget\en-US\gadget.xml [ Clock ] Gadget Properties: Name Clock Description Watch the clock in your own time zone or any city in the world. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Clock.Gadget\en-US\gadget.xml [ CPU Meter ] Gadget Properties: Name CPU Meter Description See the current computer CPU and system memory (RAM). Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML CPU.Gadget\en-US\gadget.xml [ Currency ] Gadget Properties: Name Currency Description Convert from one currency to another. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Currency.Gadget\en-US\gadget.xml [ Feed Headlines ] Gadget Properties: Name Feed Headlines Description Track the latest news, sports, and entertainment headlines. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML RSSFeeds.Gadget\en-US\gadget.xml [ Picture Puzzle ] Gadget Properties: Name Picture Puzzle Description Move the pieces of the puzzle and try to put them in order. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML PicturePuzzle.Gadget\en-US\gadget.xml [ Slide Show ] Gadget Properties: Name Slide Show Description Show a continuous slide show of your pictures. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML SlideShow.Gadget\en-US\gadget.xml [ Weather ] Gadget Properties: Name Weather Description See what the weather looks like around the world. Version 1.1.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML Weather.Gadget\en-US\gadget.xml [ Windows Media Center ] Gadget Properties: Name Windows Media Center Description Play your latest TV recordings, new Internet TV clips, and favorite music and pictures. Version 1.0.0.0 Author Microsoft Corporation Copyright © 2009 URL http://go.microsoft.com/fwlink/?LinkId=124093 Folder ProgramFiles XML MediaCenter.Gadget\en-US\gadget.xml --------[ Windows Security ]-------------------------------------------------------------------------------------------- Operating System Properties: OS Name Microsoft Windows 7 Ultimate OS Service Pack Service Pack 1 Winlogon Shell explorer.exe User Account Control (UAC) Enabled System Restore Enabled Data Execution Prevention (DEP, NX, EDB): Supported by Operating System Yes Supported by CPU Yes Active (To Protect Applications) Yes Active (To Protect Drivers) Yes --------[ Windows Update ]---------------------------------------------------------------------------------------------- (Automatic Update) Download:Automatic, Install:Scheduled Every Day 3:00 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2618451) Update 10/20/2013 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2820197) Update 10/23/2013 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2900986) Update 11/13/2013 Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2888505) Update 11/13/2013 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2898785) Update 12/12/2013 Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2817183) Update 10/20/2013 Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Update 10/20/2013 Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Update 10/20/2013 Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Update 11/13/2013 Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Update 12/12/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1088.0) Update 10/30/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1170.0) Update 10/31/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1253.0) Update 11/1/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1273.0) Update 11/2/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1326.0) Update 11/3/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1335.0) Update 11/3/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1389.0) Update 11/4/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1466.0) Update 11/5/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1556.0) Update 11/6/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1631.0) Update 11/7/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1707.0) Update 11/8/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1819.0) Update 11/10/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1866.0) Update 11/11/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.1908.0) Update 11/12/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.2103.0) Update 11/14/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.2207.0) Update 11/15/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.2299.0) Update 11/16/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.2323.0) Update 11/17/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.2349.0) Update 11/18/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.290.0) Update 10/20/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.370.0) Update 10/22/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.543.0) Update 10/23/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.653.0) Update 10/24/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.743.0) Update 10/25/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.808.0) Update 10/26/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.827.0) Update 10/27/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.947.0) Update 10/28/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1095.0) Update 12/2/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1228.0) Update 12/4/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1302.0) Update 12/5/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1464.0) Update 12/7/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1482.0) Update 12/8/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1497.0) Update 12/8/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.155.0) Update 11/20/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1563.0) Update 12/9/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1675.0) Update 12/10/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1784.0) Update 12/11/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1876.0) Update 12/13/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1876.0) Update 12/13/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.1973.0) Update 12/14/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.2005.0) Update 12/15/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.2007.0) Update 12/15/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.2037.0) Update 12/16/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.271.0) Update 11/21/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.340.0) Update 11/22/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.436.0) Update 11/23/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.478.0) Update 11/24/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.517.0) Update 11/25/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.622.0) Update 11/26/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.705.0) Update 11/27/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.856.0) Update 11/28/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.957.0) Update 11/30/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.163.990.0) Update 12/1/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.138.0) Update 12/18/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.226.0) Update 12/19/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.262.0) Update 12/19/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.305.0) Update 12/20/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.335.0) Update 12/20/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.387.0) Update 12/21/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.406.0) Update 12/22/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.423.0) Update 12/22/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.499.0) Update 12/23/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.579.0) Update 12/24/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.64.0) Update 12/17/2013 Definition Update for Windows Defender - KB915597 (Definition 1.161.141.0) Update 10/20/2013 Hannstar Inc. - Display - HSD HF199H Update 10/21/2013 Hotfix for Windows (KB2664825) Update 11/27/2013 Hotfix for Windows (KB981889) Update 10/20/2013 Internet Explorer 10 for Windows 7 for x64-based Systems Update 10/23/2013 Internet Explorer 11 for Windows 7 for x64-based Systems Update 11/19/2013 Microsoft - Game Devices, Other hardware - XBOX 360 Controller For Windows Update 10/21/2013 Microsoft .NET Framework 3.5 SP1 Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB982526) Update 10/20/2013 Microsoft Silverlight (KB2636927) Update 10/21/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2604114) Update 10/20/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656355) Update 10/20/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656410) Update 10/20/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2729451) Update 10/20/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2736418) Update 10/20/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2742598) Update 10/20/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2756920) Update 10/20/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2789644) Update 10/20/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2861191) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656356) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2736422) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2756921) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2789645) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2833946) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2840631) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2861698) Update 10/23/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2863240) Update 10/23/2013 Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition Update 10/20/2013 Security Update for Microsoft Lync 2013 (KB2817465) 64-Bit Edition Update 10/20/2013 Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition Update 12/12/2013 Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition Update 11/13/2013 Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition Update 10/20/2013 Security Update for Microsoft Office 2013 (KB2817623) 64-Bit Edition Update 10/20/2013 Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition Update 12/12/2013 Security Update for Microsoft Outlook 2013 (KB2837618) 64-Bit Edition Update 11/13/2013 Security Update for Microsoft Silverlight (KB2890788) Update 10/23/2013 Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243) Update 10/24/2013 Security Update for Microsoft Visual C++ 2010 Redistributable Package (KB2467173) Update 10/21/2013 Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063) Update 11/16/2013 Security Update for Windows 7 for x64-based Systems (KB2032276) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2281679) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2296011) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2305420) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2347290) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2378111) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2387149) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2393802) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2419640) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2423089) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2442962) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2479943) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2483614) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2491683) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2506212) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2509553) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2511455) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2532531) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2535512) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2536275) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2536276) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2544893) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2560656) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2564958) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2570947) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2579686) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2584146) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2585542) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2619339) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2620704) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2621440) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2631813) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2644615) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2645640) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2653956) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2654428) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2655992) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2658846) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2659262) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2660649) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2667402) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2676562) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2685939) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2690533) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2691442) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2698365) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2705219) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2706045) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2712808) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2727528) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2743555) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2753842) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2757638) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2758857) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2769369) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2770660) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2785220) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2790113) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2790655) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2803821) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2807986) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2808735) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2813170) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2813347) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2813430) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2834886) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2835364) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2839894) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2840149) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB2845187) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2847311) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2847927) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2849470) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2855844) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2861855) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2862152) Update 11/13/2013 Security Update for Windows 7 for x64-based Systems (KB2862330) Update 10/27/2013 Security Update for Windows 7 for x64-based Systems (KB2862335) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2862966) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2864058) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2864202) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2868038) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2868623) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2868626) Update 11/13/2013 Security Update for Windows 7 for x64-based Systems (KB2868725) Update 11/13/2013 Security Update for Windows 7 for x64-based Systems (KB2872339) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2875783) Update 11/13/2013 Security Update for Windows 7 for x64-based Systems (KB2876284) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2876331) Update 11/13/2013 Security Update for Windows 7 for x64-based Systems (KB2883150) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2884256) Update 10/23/2013 Security Update for Windows 7 for x64-based Systems (KB2887069) Update 12/12/2013 Security Update for Windows 7 for x64-based Systems (KB2892074) Update 12/12/2013 Security Update for Windows 7 for x64-based Systems (KB2893294) Update 12/12/2013 Security Update for Windows 7 for x64-based Systems (KB2893984) Update 12/12/2013 Security Update for Windows 7 for x64-based Systems (KB972270) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB974571) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB975467) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB975560) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB978542) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB979309) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB979482) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB979687) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB979688) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB982132) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB982665) Update 10/20/2013 Security Update for Windows 7 for x64-based Systems (KB982799) Update 10/20/2013 Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811) Update 10/21/2013 Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2836943) Update 11/29/2013 Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition Update 10/20/2013 Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition Update 12/12/2013 Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition Update 10/20/2013 Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition Update 12/12/2013 Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition Update 10/20/2013 Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition Update 11/13/2013 Update for Microsoft Lync 2013 (KB2825630) 64-Bit Edition Update 11/17/2013 Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2817493) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition Update 12/12/2013 Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition Update 12/12/2013 Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2827235) 64-Bit Edition Update 10/20/2013 Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition Update 11/13/2013 Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition Update 12/12/2013 Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition Update 12/12/2013 Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition Update 12/12/2013 Update for Microsoft Office 2013 (KB2837643) 64-Bit Edition Update 11/17/2013 Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition Update 11/13/2013 Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition Update 12/12/2013 Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition Update 12/12/2013 Update for Microsoft OneNote 2013 (KB2810016) 64-Bit Edition Update 10/20/2013 Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition Update 11/13/2013 Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition Update 12/12/2013 Update for Microsoft Outlook 2013 (KB2825632) 64-Bit Edition Update 10/20/2013 Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition Update 12/12/2013 Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition Update 10/20/2013 Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition Update 12/12/2013 Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition Update 10/20/2013 Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition Update 10/20/2013 Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition Update 12/12/2013 Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885) Update 11/19/2013 Update for Microsoft Security Essentials - KB2866337 (4.3.219.0) Update 10/21/2013 Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition Update 12/12/2013 Update for Microsoft SkyDrive Pro (KB2825633) 64-Bit Edition Update 10/20/2013 Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition Update 11/13/2013 Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition Update 10/20/2013 Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition Update 12/15/2013 Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition Update 10/20/2013 Update for Microsoft Visual Studio 2010 Tools for Office Runtime (KB2796590) Update 11/29/2013 Update for Microsoft Visual Studio 2012 (KB2781514) Update 11/29/2013 Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition Update 10/20/2013 Update for Microsoft Word 2013 (KB2827218) 64-Bit Edition Update 10/20/2013 Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition Update 11/13/2013 Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition Update 12/12/2013 Update for Microsoft Word 2013 (KB2850060) 64-Bit Edition Update 12/12/2013 Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813) Update 10/21/2013 Update for Windows (KB958488) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2345886) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2484033) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2488113) Update 10/22/2013 Update for Windows 7 for x64-based Systems (KB2505438) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2506014) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2506928) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2511250) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2515325) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2522422) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2529073) Update 10/22/2013 Update for Windows 7 for x64-based Systems (KB2533552) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2541014) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2545698) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2545698) Update 10/22/2013 Update for Windows 7 for x64-based Systems (KB2547666) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2547666) Update 10/22/2013 Update for Windows 7 for x64-based Systems (KB2552343) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2563227) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2574819) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2592687) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2603229) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2603229) Update 10/22/2013 Update for Windows 7 for x64-based Systems (KB2640148) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2647753) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2660075) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2661254) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2699779) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2709630) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2709981) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2718704) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2719857) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2726535) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2729094) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2732059) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2732487) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2732500) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2741355) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2748349) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2749655) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2750841) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2761217) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2762895) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2763523) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2773072) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2779562) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB2786081) Update 10/23/2013 Update for Windows 7 for x64-based Systems (KB2786400) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2791765) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2798162) Update 10/23/2013 Update for Windows 7 for x64-based Systems (KB2799926) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB2808679) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2813956) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2820331) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2834140) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2836502) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2846960) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2852386) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2853952) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2863058) Update 10/23/2013 Update for Windows 7 for x64-based Systems (KB2868116) Update 10/23/2013 Update for Windows 7 for x64-based Systems (KB2893519) Update 11/29/2013 Update for Windows 7 for x64-based Systems (KB2904266) Update 12/12/2013 Update for Windows 7 for x64-based Systems (KB971033) Update 10/21/2013 Update for Windows 7 for x64-based Systems (KB974431) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB977074) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB980408) Update 10/20/2013 Update for Windows 7 for x64-based Systems (KB982018) Update 10/22/2013 Windows 7 Service Pack 1 for x64-based Systems (KB976932) Update 10/22/2013 Windows Internet Explorer 9 for Windows 7 for x64-based Systems Update 10/20/2013 Windows Malicious Software Removal Tool x64 - December 2013 (KB890830) Update 12/15/2013 Windows Malicious Software Removal Tool x64 - November 2013 (KB890830) Update 11/13/2013 Windows Malicious Software Removal Tool x64 - October 2013 (KB890830) Update 10/20/2013 Windows Update Agent 7.6.7600.256 Update 10/20/2013 --------[ Anti-Virus ]-------------------------------------------------------------------------------------------------- Security Essentials 4.4.0304.0 12/24/2013 ? --------[ Firewall ]---------------------------------------------------------------------------------------------------- Windows Firewall 6.1.7600.16385 Enabled --------[ Anti-Spyware ]------------------------------------------------------------------------------------------------ Malwarebytes Anti-Malware 1.75.0.1300 Microsoft Windows Defender 6.1.7600.16385(win7_rtm.090713-1255) Security Essentials 4.4.0304.0 --------[ Regional ]---------------------------------------------------------------------------------------------------- Time Zone: Current Time Zone Eastern Standard Time Current Time Zone Description (UTC-05:00) Eastern Time (US & Canada) Change To Standard Time First Sunday of November 2:00:00 AM Change To Daylight Saving Time 2nd Sunday of March 2:00:00 AM Language: Language Name (Native) English Language Name (English) English Language Name (ISO 639) en Country/Region: Country Name (Native) United States Country Name (English) United States Country Name (ISO 3166) US Country Code 1 Currency: Currency Name (Native) US Dollar Currency Name (English) US Dollar Currency Symbol (Native) $ Currency Symbol (ISO 4217) USD Currency Format $123,456,789.00 Negative Currency Format ($123,456,789.00) Formatting: Time Format h:mm:ss tt Short Date Format M/d/yyyy Long Date Format dddd, MMMM dd, yyyy Number Format 123,456,789.00 Negative Number Format -123,456,789.00 List Format first, second, third Native Digits 0123456789 Days of Week: Native Name for Monday Monday / Mon Native Name for Tuesday Tuesday / Tue Native Name for Wednesday Wednesday / Wed Native Name for Thursday Thursday / Thu Native Name for Friday Friday / Fri Native Name for Saturday Saturday / Sat Native Name for Sunday Sunday / Sun Months: Native Name for January January / Jan Native Name for February February / Feb Native Name for March March / Mar Native Name for April April / Apr Native Name for May May / May Native Name for June June / Jun Native Name for July July / Jul Native Name for August August / Aug Native Name for September September / Sep Native Name for October October / Oct Native Name for November November / Nov Native Name for December December / Dec Miscellaneous: Calendar Type Gregorian (localized) Default Paper Size US Letter Measurement System U.S. Display Languages: LCID 0409h (Active) English (United States) --------[ Environment ]------------------------------------------------------------------------------------------------- ALLUSERSPROFILE C:\ProgramData APPDATA C:\Users\Devihaka\AppData\Roaming CommonProgramFiles(x86) C:\Program Files (x86)\Common Files CommonProgramFiles C:\Program Files (x86)\Common Files CommonProgramW6432 C:\Program Files\Common Files COMPUTERNAME SPRINGFOREST ComSpec C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK NO HOMEDRIVE C: HOMEPATH \Users\Devihaka LOCALAPPDATA C:\Users\Devihaka\AppData\Local LOGONSERVER \\SPRINGFOREST NUMBER_OF_PROCESSORS 6 OS Windows_NT Path C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\ PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE x86 PROCESSOR_ARCHITEW6432 AMD64 PROCESSOR_IDENTIFIER AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL 16 PROCESSOR_REVISION 0a00 ProgramData C:\ProgramData ProgramFiles(x86) C:\Program Files (x86) ProgramFiles C:\Program Files (x86) ProgramW6432 C:\Program Files PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC C:\Users\Public SystemDrive C: SystemRoot C:\Windows TEMP C:\Users\Devihaka\AppData\Local\Temp TMP C:\Users\Devihaka\AppData\Local\Temp USERDOMAIN SpringForest USERNAME Devihaka USERPROFILE C:\Users\Devihaka VBOX_INSTALL_PATH C:\Program Files\Oracle\VirtualBox\ VS110COMNTOOLS C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\Tools\ windir C:\Windows --------[ Control Panel ]----------------------------------------------------------------------------------------------- Flash Player Manage Flash Player Settings Java Java Control Panel --------[ Recycle Bin ]------------------------------------------------------------------------------------------------- C: 0 0 ? ? D: 0 0 ? ? E: 0 0 ? ? F: 0 0 ? ? --------[ System Files ]------------------------------------------------------------------------------------------------ [ system.ini ] ; for 16-bit app support [386Enh] woafont=dosapp.fon EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON [drivers] wave=mmdrv.dll timer=timer.drv [mci] [ win.ini ] ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] 3g2=MPEGVideo 3gp=MPEGVideo 3gp2=MPEGVideo 3gpp=MPEGVideo aac=MPEGVideo adt=MPEGVideo adts=MPEGVideo m2t=MPEGVideo m2ts=MPEGVideo m2v=MPEGVideo m4a=MPEGVideo m4v=MPEGVideo mod=MPEGVideo mov=MPEGVideo mp4=MPEGVideo mp4v=MPEGVideo mts=MPEGVideo ts=MPEGVideo tts=MPEGVideo [ hosts ] [ lmhosts.sam ] --------[ System Folders ]---------------------------------------------------------------------------------------------- Administrative Tools C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools AppData C:\Users\Devihaka\AppData\Roaming Cache C:\Users\Devihaka\AppData\Local\Microsoft\Windows\Temporary Internet Files CD Burning C:\Users\Devihaka\AppData\Local\Microsoft\Windows\Burn\Burn Common Administrative Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools Common AppData C:\ProgramData Common Desktop C:\Users\Public\Desktop Common Documents C:\Users\Public\Documents Common Favorites C:\Users\Devihaka\Favorites Common Files (x86) C:\Program Files (x86)\Common Files Common Files C:\Program Files (x86)\Common Files Common Music C:\Users\Public\Music Common Pictures C:\Users\Public\Pictures Common Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs Common Start Menu C:\ProgramData\Microsoft\Windows\Start Menu Common Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Common Templates C:\ProgramData\Microsoft\Windows\Templates Common Video C:\Users\Public\Videos Cookies C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Cookies Desktop C:\Users\Devihaka\Desktop Device C:\Windows\inf Favorites C:\Users\Devihaka\Favorites Fonts C:\Windows\Fonts History C:\Users\Devihaka\AppData\Local\Microsoft\Windows\History Local AppData C:\Users\Devihaka\AppData\Local My Documents C:\Users\Devihaka\Documents My Music C:\Users\Devihaka\Music My Pictures C:\Users\Devihaka\Pictures My Video C:\Users\Devihaka\Videos NetHood C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Network Shortcuts PrintHood C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Profile C:\Users\Devihaka Program Files (x86) C:\Program Files (x86) Program Files C:\Program Files (x86) Programs C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Recent C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Recent Resources C:\Windows\resources SendTo C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\SendTo Start Menu C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Start Menu Startup C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup System (x86) C:\Windows\SysWOW64 System C:\Windows\system32 Temp C:\Users\Devihaka\AppData\Local\Temp\ Templates C:\Users\Devihaka\AppData\Roaming\Microsoft\Windows\Templates Windows C:\Windows --------[ Event Logs ]-------------------------------------------------------------------------------------------------- Application Error 101 2013-12-21 22:18:02 Application Hang 1002: Security Audit Success 12544 2013-12-18 01:07:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 01:07:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 03:25:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 03:25:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 03:34:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 03:34:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 03:34:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 03:34:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 03:34:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 03:34:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2013-12-18 03:34:34 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x3284 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1bb48373 Security Audit Success 13568 2013-12-18 03:34:34 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x3284 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1bb48373 Security Audit Success 12544 2013-12-18 09:05:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 09:05:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 09:09:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 09:09:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 11:29:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d00eeb6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 65165 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 11:29:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d00eef7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 65166 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 11:29:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d00eeb6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 11:29:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d00eef7 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 11:36:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 11:36:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 11:41:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d0cd0d9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 65445 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 11:41:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d0cd2bb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 65446 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 11:41:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d0cd0d9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 11:41:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d0cd2bb Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 11:53:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d1c3293 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64857 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 11:53:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d1c331b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64858 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 11:53:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d1c3293 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 11:53:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d1c331b Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 11:56:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 11:56:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 12:05:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d2b0d31 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 51863 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 12:05:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d2b0d5e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 51864 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 12:05:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d2b0d31 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 12:05:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d2b0d5e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 12:16:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 12:16:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 12:24:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d45e879 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 51965 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 12:24:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d45e89d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 51966 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 12:24:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d45e879 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 12:24:14 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1d45e89d Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 13:03:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 13:03:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 13:17:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 13:17:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 13:29:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 13:29:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 13:33:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 13:33:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 13:38:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 13:38:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 16:10:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 16:10:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 16:53:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 16:53:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 17:03:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 17:03:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 17:51:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 17:51:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 17:55:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1e8eacd9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 60371 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 17:55:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1e8eacea Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 60372 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 17:55:20 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1e8eacd9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 17:55:20 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1e8eacea Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 17:59:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 17:59:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 18:07:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1e98edb9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 60516 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 18:07:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1e98ee2a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 60517 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 18:07:20 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1e98edb9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 18:07:20 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1e98ee2a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 18:10:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 18:10:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 18:19:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ea78b69 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62102 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 18:19:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ea78b93 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62103 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 18:19:20 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ea78b69 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 18:19:20 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ea78b93 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 18:31:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1eb637fd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62121 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 18:31:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1eb6384b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62122 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 18:31:20 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1eb637fd Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 18:31:20 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1eb6384b Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 20:12:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 20:12:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 20:19:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 20:19:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 20:52:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 20:52:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 21:59:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 21:59:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 22:10:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 22:10:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 22:19:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 22:19:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 22:21:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 22:21:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-18 22:38:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fc86fdf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62371 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 22:38:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fc87013 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62372 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 22:38:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fc86fdf Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 22:38:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fc87013 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 22:50:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fd9832d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62385 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 22:50:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fd98340 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62386 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 22:50:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fd9832d Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 22:50:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fd98340 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 23:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1feb8805 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62431 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 23:02:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1feb8873 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62432 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 23:02:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1feb8805 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 23:02:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1feb8873 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 23:14:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ff896ef Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62539 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 23:14:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ff897be Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62540 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 23:14:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ff896ef Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 23:14:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ff897be Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 23:26:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20075dad Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62699 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-18 23:26:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20075ddd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 62700 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-18 23:26:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20075dad Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-18 23:26:48 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20075ddd Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-18 23:54:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-18 23:54:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 00:01:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 00:01:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 00:18:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 00:18:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 00:44:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 00:44:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 00:48:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 00:48:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 00:50:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 00:50:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 00:52:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 00:52:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 01:18:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 01:18:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 01:25:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 01:25:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 01:25:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 01:25:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 01:26:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 01:26:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 03:25:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 03:25:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 03:34:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 03:34:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 09:55:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x211aefd8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 63726 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 09:55:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x211aefe6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 63727 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 09:55:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x211aefd8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 09:55:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x211aefe6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 10:07:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x212070c8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64089 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 10:07:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x212070d9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64090 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 10:07:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x212070c8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 10:07:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x212070d9 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 10:19:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x212acb55 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 49853 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 10:19:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x212acbac Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 49854 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 10:19:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x212acb55 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 10:19:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x212acbac Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 10:25:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 10:25:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 10:29:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 10:29:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 10:31:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x213de01e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 65154 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 10:31:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x213de0c4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 65155 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 10:31:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x213de01e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 10:31:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x213de0c4 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 10:57:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 10:57:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 11:16:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2189796f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 65314 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 11:16:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x218979d6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 65315 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 11:16:35 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2189796f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 11:16:35 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x218979d6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 11:22:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 11:22:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 11:40:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x219e91e6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 51885 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 11:40:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x219e928a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 51886 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 11:40:19 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x219e91e6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 11:40:19 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x219e928a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 13:25:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21c86ff4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 52264 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 13:25:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21c87002 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 52265 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 13:25:46 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21c86ff4 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 13:25:46 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21c87002 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 13:37:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21d0faae Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64416 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 13:37:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21d0fb24 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64417 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 13:37:46 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21d0fb24 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 13:37:46 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21d0faae Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 13:49:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21d85b35 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64447 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 13:49:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21d85b4b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64448 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 13:49:46 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21d85b35 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 13:49:46 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21d85b4b Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 14:01:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21e64c7f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 49677 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 14:01:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21e64c9f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 49678 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 14:01:46 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21e64c7f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 14:01:46 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21e64c9f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 14:13:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21ef9b55 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 53937 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 14:13:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21ef9b7b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 53938 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 14:13:53 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21ef9b55 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 14:13:53 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21ef9b7b Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 14:34:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220700d8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64435 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 14:34:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220700f8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 64436 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 14:34:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220700d8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 14:34:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220700f8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 14:39:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220af24d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 57838 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 14:39:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220af26f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 57839 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 14:39:59 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220af24d Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 14:39:59 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220af26f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 14:46:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220f1e10 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 57851 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 14:46:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220f1e2e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 57852 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 14:46:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220f1e2e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 14:46:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220f1e10 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 14:46:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220f5f9e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 57866 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 14:46:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220f6002 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 57867 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 14:47:11 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220f5f9e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 14:47:11 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x220f6002 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 14:58:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2215e13e Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 54463 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 14:58:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2215e166 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 54464 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 14:58:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2215e13e Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 14:58:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2215e166 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 16:43:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 16:43:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 16:46:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 16:46:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 17:09:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22bb2efa Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 56560 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 17:09:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22bb2fa8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 56561 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 17:09:55 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22bb2efa Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 17:09:55 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22bb2fa8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 17:21:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22dde7af Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 61455 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 17:21:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22dde7cc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 61456 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 17:21:55 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22dde7af Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 17:21:55 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22dde7cc Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 18:16:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 18:16:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 18:25:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 18:25:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 18:31:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 18:31:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 18:41:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 18:41:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 19:41:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 19:41:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 19:43:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 19:43:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 19:45:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 19:45:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 19:50:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 19:50:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 20:25:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 20:25:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 20:48:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-19 20:48:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-19 21:22:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x24819680 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 56097 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 21:22:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2481969a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 56098 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 21:22:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x24819680 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 21:22:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2481969a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 21:34:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x24873d78 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 53460 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 21:34:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x24873d86 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 53461 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 21:34:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x24873d78 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 21:34:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x24873d86 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 21:46:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248a2c56 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 53625 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 21:46:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248a2c64 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 53626 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 21:46:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248a2c56 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 21:46:47 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248a2c64 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 21:58:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248c93bc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 52480 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 21:58:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248c93ca Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 52481 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 21:58:54 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248c93bc Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 21:58:54 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248c93ca Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 22:10:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248f6b98 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 61486 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 22:10:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248f6bdf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 61487 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 22:10:54 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248f6b98 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 22:10:54 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x248f6bdf Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-19 22:22:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x249466a0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 55121 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-19 22:22:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x249466ba Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 55122 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-19 22:22:54 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x249466a0 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-19 22:22:54 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x249466ba Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-20 00:38:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 00:38:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 02:05:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 02:05:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 02:05:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 02:05:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 03:25:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 03:25:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 03:34:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 03:34:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 04:38:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 04:38:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 09:21:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2597d234 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 49835 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-20 09:21:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2597d242 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 49836 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-20 09:21:58 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2597d234 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-20 09:21:58 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2597d242 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-20 09:26:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x259a5dad Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 61088 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-20 09:26:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x259a5dc1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 61089 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-20 09:26:19 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x259a5dad Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-20 09:26:19 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x259a5dc1 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-20 09:46:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 09:46:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 12:35:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 12:35:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 12:39:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x25d27cef Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 63731 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-20 12:39:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x25d27cfe Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 63732 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-20 12:39:45 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x25d27cef Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-20 12:39:45 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x25d27cfe Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12544 2013-12-20 12:40:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 12:40:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 12:45:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 12:45:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 12:51:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x25d6b151 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 54387 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-20 12:51:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x25d6b1a0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CHRISTY-PC Source Network Address: 192.168.1.132 Source Port: 54388 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12545 2013-12-20 12:51:45 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x25d6b151 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12545 2013-12-20 12:51:45 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x25d6b1a0 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Security Audit Success 12288 2013-12-20 13:03:31 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2013-12-20 13:03:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2013-12-20 13:03:33 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xca69 Security Audit Success 12544 2013-12-20 13:03:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:03:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:03:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-20 13:03:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:03:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2013-12-20 13:03:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:03:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:03:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:03:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-20 13:03:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:03:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2013-12-20 13:03:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:03:46 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Devihaka Account Domain: SpringForest Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2013-12-20 13:03:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x21850 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-20 13:03:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x21892 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:03:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x21850 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:03:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 101 2013-12-20 13:03:50 Microsoft-Windows-Eventlog 1101: Security Audit Success 12292 2013-12-20 13:03:53 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2013-12-20 13:03:55 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2013-12-20 13:04:06 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: SpringForest Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2013-12-20 13:04:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1003 Account Name: UpdatusUser Account Domain: SpringForest Logon ID: 0x3004c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:04:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2270857204-3040142985-89334181-1003 Account Name: UpdatusUser Account Domain: SpringForest Logon ID: 0x3004c Privileges: SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:04:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:04:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:04:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x60f0b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-20 13:04:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:04:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2013-12-20 13:05:02 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 4dec8c83-ab4b-41c3-a16f-ab73a3befd9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-20 13:05:02 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 4dec8c83-ab4b-41c3-a16f-ab73a3befd9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\262e332d42324fe234e028d5e63c2ce9_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2013-12-20 13:05:27 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2013-12-20 13:05:27 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-20 13:05:27 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6207105d08eb59dcc30013a51cf42055_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2013-12-20 13:06:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:06:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2013-12-20 13:06:30 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-20 13:06:30 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6207105d08eb59dcc30013a51cf42055_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2013-12-20 13:13:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:13:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:26:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:26:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 13:29:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 13:29:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 16:24:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 16:24:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 16:28:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 16:28:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 17:57:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 17:57:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 18:06:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 18:06:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 18:19:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 18:19:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 18:29:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 18:29:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 19:43:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 19:43:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 19:45:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 19:45:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 22:07:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 22:07:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 22:10:10 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 22:10:10 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 22:18:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 22:18:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 23:03:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 23:03:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 23:07:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 23:07:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 23:16:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 23:16:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-20 23:21:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-20 23:21:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 00:03:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 00:03:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 02:36:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 02:36:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 02:39:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 02:39:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 03:48:39 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 03:48:39 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 03:48:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 03:48:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 10:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 10:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 11:28:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 11:28:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 11:35:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 11:35:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 11:44:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 11:44:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 12:05:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 12:05:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 12:13:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 12:13:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 13:05:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 13:05:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 13:17:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 13:17:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 13:18:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 13:18:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 13:18:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 13:18:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2013-12-21 13:19:30 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2a44 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x467c895 Security Audit Success 13568 2013-12-21 13:19:30 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2a44 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x467c895 Security Audit Success 12544 2013-12-21 13:25:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 13:25:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 14:33:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 14:33:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 15:06:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 15:06:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 15:19:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 15:19:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 15:49:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 15:49:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 16:08:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 16:08:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 16:09:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 16:09:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 16:26:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 16:26:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 16:58:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 16:58:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 17:08:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 17:08:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 17:11:48 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 17:11:48 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 19:02:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 19:02:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 19:07:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 19:07:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 20:19:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 20:19:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 20:26:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 20:26:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 20:30:52 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 20:30:52 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 20:36:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 20:36:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 20:44:32 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 20:44:32 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 20:56:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 20:56:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 22:07:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 22:07:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 22:11:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 22:11:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 22:14:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 22:14:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 22:16:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 22:16:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 22:23:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 22:23:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-21 22:28:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-21 22:28:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2013-12-22 01:00:19 Microsoft-Windows-Security-Auditing 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x3c4 Name: C:\Windows\System32\svchost.exe Previous Time: 2013-12-22T06:00:19.997929300Z New Time: 2013-12-22T06:00:19.997000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. Security Audit Success 12544 2013-12-22 02:55:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 02:55:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 03:03:44 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 03:03:44 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 03:03:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 03:03:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2013-12-22 03:04:10 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2584 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x6d6fe5a Security Audit Success 13568 2013-12-22 03:04:10 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x2584 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x6d6fe5a Security Audit Success 12544 2013-12-22 13:05:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 13:05:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 13:09:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 13:09:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 13:16:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 13:16:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 15:03:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 15:03:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 15:05:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 15:05:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 15:12:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 15:12:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 16:26:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 16:26:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 16:55:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 16:55:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 17:00:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 17:00:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 17:21:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 17:21:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 17:41:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 17:41:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 19:38:53 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 19:38:53 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 19:49:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 19:49:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 20:35:21 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 20:35:21 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 21:06:41 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 21:06:41 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 22:02:25 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 22:02:25 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 22:44:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 22:44:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-22 22:48:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-22 22:48:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 03:38:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 03:38:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 03:38:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 03:38:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 11:42:22 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 11:42:22 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 11:48:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 11:48:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 13:05:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 13:05:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 13:15:40 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 13:15:40 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 13:16:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 13:16:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 13:40:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 13:40:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 19:41:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 19:41:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 19:55:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 19:55:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-23 20:08:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-23 20:08:13 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 00:00:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 00:00:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 00:00:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 00:00:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2013-12-24 00:00:21 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x30d0 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xb2c5a37 Security Audit Success 13568 2013-12-24 00:00:21 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x30d0 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xb2c5a37 Security Audit Success 12544 2013-12-24 00:01:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 00:01:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 06:56:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 06:56:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 13:15:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 13:15:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 15:57:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 15:57:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 16:01:43 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 16:01:43 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 16:05:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 16:05:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2013-12-24 18:48:56 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2013-12-24 18:48:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 13568 2013-12-24 18:48:56 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xbfb7 Security Audit Success 12544 2013-12-24 18:48:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 18:48:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 18:48:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 18:48:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 18:48:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2013-12-24 18:48:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 18:49:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 18:49:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 18:49:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 18:49:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2013-12-24 18:49:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2013-12-24 18:49:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 18:49:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 18:49:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 101 2013-12-24 18:49:07 Microsoft-Windows-Eventlog 1101: Security Audit Success 12292 2013-12-24 18:49:07 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12544 2013-12-24 18:49:07 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Devihaka Account Domain: SpringForest Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2b0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2013-12-24 18:49:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x237e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 18:49:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x2380d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 18:49:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x237e7 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2013-12-24 18:49:11 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2013-12-24 18:49:14 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: SpringForest Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2013-12-24 18:49:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1003 Account Name: UpdatusUser Account Domain: SpringForest Logon ID: 0x2e019 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 18:49:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2270857204-3040142985-89334181-1003 Account Name: UpdatusUser Account Domain: SpringForest Logon ID: 0x2e019 Privileges: SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 18:49:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 18:49:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 18:49:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53e6a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 18:49:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 18:49:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2013-12-24 18:50:04 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 4dec8c83-ab4b-41c3-a16f-ab73a3befd9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 18:50:04 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 4dec8c83-ab4b-41c3-a16f-ab73a3befd9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\262e332d42324fe234e028d5e63c2ce9_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2013-12-24 18:50:24 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2013-12-24 18:50:25 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 18:50:25 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6207105d08eb59dcc30013a51cf42055_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2013-12-24 18:51:26 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 18:51:26 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6207105d08eb59dcc30013a51cf42055_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2013-12-24 20:48:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 20:48:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 20:48:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 20:48:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2013-12-24 22:12:59 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2013-12-24 22:12:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 22:13:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:13:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2013-12-24 22:13:01 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc8f6 Security Audit Success 12544 2013-12-24 22:13:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 22:13:03 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:13:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12548 2013-12-24 22:13:03 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 22:13:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:13:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 22:13:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 22:13:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:13:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2013-12-24 22:13:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 22:13:12 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Devihaka Account Domain: SpringForest Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2013-12-24 22:13:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x209a1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 22:13:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x20a22 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:13:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x209a1 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 22:13:16 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:13:16 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 101 2013-12-24 22:13:17 Microsoft-Windows-Eventlog 1101: Security Audit Success 12292 2013-12-24 22:13:21 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2013-12-24 22:13:24 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2013-12-24 22:13:35 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: SpringForest Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2013-12-24 22:13:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1003 Account Name: UpdatusUser Account Domain: SpringForest Logon ID: 0x303ed Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:13:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2270857204-3040142985-89334181-1003 Account Name: UpdatusUser Account Domain: SpringForest Logon ID: 0x303ed Privileges: SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 22:13:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:13:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 22:14:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5feed Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 22:14:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:14:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 22:14:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:14:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2013-12-24 22:15:02 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 4dec8c83-ab4b-41c3-a16f-ab73a3befd9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 22:15:02 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 4dec8c83-ab4b-41c3-a16f-ab73a3befd9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\262e332d42324fe234e028d5e63c2ce9_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2013-12-24 22:15:27 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2013-12-24 22:15:28 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 22:15:28 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6207105d08eb59dcc30013a51cf42055_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2013-12-24 22:16:29 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 22:16:29 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6207105d08eb59dcc30013a51cf42055_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2013-12-24 22:21:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 22:21:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12288 2013-12-24 23:10:58 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Security Audit Success 12544 2013-12-24 23:10:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 23:11:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 13568 2013-12-24 23:11:00 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc7a2 Security Audit Success 12544 2013-12-24 23:11:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 23:11:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 23:11:05 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:05 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 23:11:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 23:11:06 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12548 2013-12-24 23:11:06 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 23:11:11 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Devihaka Account Domain: SpringForest Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2013-12-24 23:11:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x207ba Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 23:11:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x20805 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2270857204-3040142985-89334181-1000 Account Name: Devihaka Account Domain: SpringForest Logon ID: 0x207ba Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 101 2013-12-24 23:11:15 Microsoft-Windows-Eventlog 1101: Security Audit Success 12544 2013-12-24 23:11:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12292 2013-12-24 23:11:19 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully. Security Audit Success 12292 2013-12-24 23:11:24 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully. Security Audit Success 12544 2013-12-24 23:11:34 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UpdatusUser Account Domain: SpringForest Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Security Audit Success 12544 2013-12-24 23:11:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-21-2270857204-3040142985-89334181-1003 Account Name: UpdatusUser Account Domain: SpringForest Logon ID: 0x2f0bd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: SPRINGFOREST Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2270857204-3040142985-89334181-1003 Account Name: UpdatusUser Account Domain: SpringForest Logon ID: 0x2f0bd Privileges: SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 23:11:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:11:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12544 2013-12-24 23:11:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5f772 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12544 2013-12-24 23:12:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:12:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2013-12-24 23:12:43 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 4dec8c83-ab4b-41c3-a16f-ab73a3befd9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 23:12:43 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 4dec8c83-ab4b-41c3-a16f-ab73a3befd9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\262e332d42324fe234e028d5e63c2ce9_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12290 2013-12-24 23:13:16 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0 Security Audit Success 12290 2013-12-24 23:13:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 23:13:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6207105d08eb59dcc30013a51cf42055_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 Security Audit Success 12544 2013-12-24 23:13:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Security Audit Success 12548 2013-12-24 23:13:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Security Audit Success 12290 2013-12-24 23:14:18 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0 Security Audit Success 12292 2013-12-24 23:14:18 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: SPRINGFOREST$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {BB7658AA-6C59-4460-B2FE-2DE714C99749} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\6207105d08eb59dcc30013a51cf42055_b4d8a281-3d37-436f-bf76-65d9a136794d Operation: %%2458 Return Code: 0x0 System Warning None 2013-12-18 09:05:17 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Warning None 2013-12-18 17:49:47 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Warning None 2013-12-19 00:56:28 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Warning None 2013-12-19 17:49:04 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Warning None 2013-12-19 20:39:23 Microsoft Antimalware 1116: System Error None 2013-12-19 20:39:36 Microsoft Antimalware 1119: System Warning None 2013-12-19 20:41:45 Microsoft Antimalware 1116: System Warning None 2013-12-19 23:03:59 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Error None 2013-12-20 03:07:14 nvlddmkm System Error None 2013-12-20 13:03:42 EventLog 6008: The previous system shutdown at 13:02:15 on ?20/?12/?2013 was unexpected. System Error None 2013-12-20 13:04:28 Service Control Manager 7034: System Warning None 2013-12-20 16:06:43 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Error None 2013-12-20 17:40:03 bowser 8003: The master browser has received a server announcement from the computer CHRISTY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0E574B4B-1E14-4168-9ED4-B7954567A2C2}. The master browser is stopping or an election is being forced. System Warning None 2013-12-21 10:37:28 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Warning None 2013-12-21 13:26:23 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Error None 2013-12-21 23:22:08 volsnap 36: System Warning None 2013-12-22 11:40:35 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Warning None 2013-12-23 00:36:11 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Error None 2013-12-23 20:38:55 volsnap 36: System Warning None 2013-12-24 11:02:40 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Warning None 2013-12-24 12:42:58 Microsoft Antimalware 1116: System Error None 2013-12-24 18:49:01 EventLog 6008: The previous system shutdown at 17:35:20 on ?24/?12/?2013 was unexpected. System Error None 2013-12-24 18:49:32 Service Control Manager 7034: System Error None 2013-12-24 18:51:44 Service Control Manager 7009: System Error None 2013-12-24 18:51:44 Service Control Manager 7000: System Warning None 2013-12-24 20:05:15 NETWORK SERVICE Microsoft-Windows-DNS-Client 1014: Name resolution for the name fbcdn-profile-a.akamaihd.net timed out after none of the configured DNS servers responded. System Error None 2013-12-24 22:13:08 EventLog 6008: The previous system shutdown at 21:49:49 on ?24/?12/?2013 was unexpected. System Error None 2013-12-24 22:14:00 Service Control Manager 7034: System Error None 2013-12-24 23:11:06 EventLog 6008: The previous system shutdown at 22:25:48 on ?24/?12/?2013 was unexpected. System Error None 2013-12-24 23:12:00 Service Control Manager 7034: --------[ Database Software ]------------------------------------------------------------------------------------------- Database Drivers: Borland Database Engine - Borland InterBase Client - Easysoft ODBC-InterBase 6 - Easysoft ODBC-InterBase 7 - Firebird Client - Jet Engine 4.00.9756.0 MDAC 6.1.7601.17514 (win7sp1_rtm.101119-1850) ODBC 6.1.7601.17514 (win7sp1_rtm.101119-1850) MySQL Connector/ODBC - Oracle Client - PsqlODBC - Sybase ASE ODBC - Database Servers: Borland InterBase Server - Firebird Server - Microsoft SQL Server - Microsoft SQL Server Compact Edition 4.0.8876.1 Microsoft SQL Server Express Edition - MySQL Server - Oracle Server - PostgreSQL Server - Sybase SQL Server - --------[ ODBC Drivers ]------------------------------------------------------------------------------------------------ Driver da Microsoft para arquivos texto (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv Driver do Microsoft Access (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb Driver do Microsoft dBase (*.dbf) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.dbf,*.ndx,*.mdx Driver do Microsoft Excel(*.xls) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.xls Driver do Microsoft Paradox (*.db ) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.db Driver para o Microsoft Visual FoxPro vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft Access Driver (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb Microsoft Access Driver (*.mdb, *.accdb) aceodbc.dll 15.0.4515.1000 *.mdb,*.accdb Microsoft Access Text Driver (*.txt, *.csv) aceodbc.dll 15.0.4515.1000 *.txt, *.csv Microsoft Access-Treiber (*.mdb) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.mdb Microsoft dBase Driver (*.dbf) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.dbf,*.ndx,*.mdx Microsoft dBase VFP Driver (*.dbf) vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft dBase-Treiber (*.dbf) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.dbf,*.ndx,*.mdx Microsoft Excel Driver (*.xls) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.xls Microsoft Excel Driver (*.xls, *.xlsx, *.xlsm, *.xlsb) aceodbc.dll 15.0.4515.1000 *.xls,*.xlsx, *.xlsb Microsoft Excel-Treiber (*.xls) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.xls Microsoft FoxPro VFP Driver (*.dbf) vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft ODBC for Oracle msorcl32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Microsoft Paradox Driver (*.db ) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.db Microsoft Paradox-Treiber (*.db ) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.db Microsoft Text Driver (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv Microsoft Text-Treiber (*.txt; *.csv) odbcjt32.dll 6.1.7601.17632 (win7sp1_gdr.110614-1930) *.,*.asc,*.csv,*.tab,*.txt,*.csv Microsoft Visual FoxPro Driver vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt Microsoft Visual FoxPro-Treiber vfpodbc.dll 1.0.2.0 *.dbf,*.cdx,*.idx,*.fpt SQL Server Native Client 11.0 sqlncli11.dll 2011.0110.2100.060 ((SQL11_RTM).120210-1846 ) SQL Server Native Client 11.0 sqlncli11.dll 2011.0110.2100.060 ((SQL11_RTM).120210-1846 ) SQL Server sqlsrv32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) SQL Server sqlsrv32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) --------[ ODBC Data Sources ]------------------------------------------------------------------------------------------- Excel Files Microsoft Excel Driver (*.xls, *.xlsx, *.xlsm, *.xlsb) User aceodbc.dll MS Access Database Microsoft Access Driver (*.mdb, *.accdb) User aceodbc.dll --------[ Memory Read ]------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 45162 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 37831 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 26428 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 26020 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 23559 MB/s 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 21456 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 21210 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 21110 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 19763 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 19552 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 18834 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 17639 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 16638 MB/s 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 14730 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 13118 MB/s 6x Phenom II X6 Black 1100T 3725 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 11809 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 11534 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 11178 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 10112 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 9714 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 9037 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 8709 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 8366 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 8096 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 7965 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 7646 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 7627 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 7616 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 6989 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 6593 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 6414 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 6206 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 6104 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 6066 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 6009 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 5353 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4539 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 3967 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3907 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 3672 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 3593 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 3362 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 3323 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2919 MB/s --------[ Memory Write ]------------------------------------------------------------------------------------------------ 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 45588 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 27392 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 24093 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 19528 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 18063 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 17607 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 17088 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 16673 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 14866 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 14492 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 13215 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 12776 MB/s 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 10224 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 9937 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 8869 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 8662 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 7913 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 7779 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 7115 MB/s 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 7091 MB/s 6x Phenom II X6 Black 1100T 3725 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 7084 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 7083 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 6733 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 5762 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 5654 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 5639 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 5504 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 5461 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 4869 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 4856 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 4712 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4260 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4220 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 4093 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 4029 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3800 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 3568 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 3159 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 3037 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 2831 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 2796 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2474 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2348 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2337 MB/s --------[ Memory Copy ]------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 42150 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 34882 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 24509 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 23799 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 22896 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 22772 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 21530 MB/s 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 18038 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 17836 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 17362 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 17174 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 15347 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 13993 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 13993 MB/s 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 12444 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 11945 MB/s 6x Phenom II X6 Black 1100T 3725 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 9726 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 9671 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 9468 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 9054 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 8216 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 7792 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 7403 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 6881 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 6774 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 6282 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 6139 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 5921 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 5551 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 5396 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 5284 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4891 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 4764 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 4572 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 4213 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 4195 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 3977 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3673 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 3270 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 3147 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 3051 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 3009 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2987 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2578 MB/s --------[ Memory Latency ]---------------------------------------------------------------------------------------------- Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 55.2 ns Core i7-3770K 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 57.5 ns FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 60.3 ns FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 61.4 ns A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 61.9 ns Core i7-965 Extreme 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 62.9 ns Core i7-2600 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 66.7 ns Core i7-990X Extreme 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 67.1 ns Core i7-3960X Extreme 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 67.5 ns Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 69.6 ns Phenom II X6 Black 1100T 4027 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 69.6 ns Xeon X5550 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 70.3 ns Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 72.4 ns Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 74.1 ns Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 74.2 ns A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 75.9 ns Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 77.0 ns Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 77.9 ns Pentium EE 955 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 78.0 ns Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 79.9 ns Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 81.2 ns P4EE 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 82.4 ns Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 88.2 ns Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 88.6 ns Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 89.9 ns Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 91.3 ns Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 99.1 ns Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 99.5 ns Core i5-650 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 100.3 ns Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 101.4 ns Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 103.9 ns Atom 230 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 105.7 ns E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 107.8 ns Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 111.9 ns Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 113.3 ns Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 114.8 ns Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 120.0 ns Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 124.4 ns Xeon 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 124.7 ns Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 127.8 ns Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 129.7 ns Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 138.4 ns Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 153.7 ns Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 159.0 ns --------[ CPU Queen ]--------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 62484 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 56836 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 53544 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 46747 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 43907 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 42550 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 41740 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 37778 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 36089 6x Phenom II X6 Black 1100T 3725 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 36019 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 32366 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 31680 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 30784 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 26997 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 25523 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 22162 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 22013 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 21945 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 21896 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 21434 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 21225 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 21128 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 19226 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 16094 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 12584 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 12140 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 11236 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 9614 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 7485 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 7304 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 7300 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 5904 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 5452 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 5158 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 4879 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 4086 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 4021 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 3855 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 3791 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 3514 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 3301 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 2814 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 2586 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 1839 --------[ CPU PhotoWorxx ]---------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 22806 MPixel/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 20428 MPixel/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 14178 MPixel/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 12962 MPixel/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 12477 MPixel/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 12457 MPixel/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 11872 MPixel/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 11495 MPixel/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 11115 MPixel/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 10673 MPixel/s 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 9107 MPixel/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 8581 MPixel/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 8064 MPixel/s 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 6975 MPixel/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 6862 MPixel/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 6131 MPixel/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 5627 MPixel/s 6x Phenom II X6 Black 1100T 4027 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 5462 MPixel/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 4730 MPixel/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 4183 MPixel/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 3840 MPixel/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 3707 MPixel/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 3462 MPixel/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 3041 MPixel/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 3025 MPixel/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 2926 MPixel/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 2793 MPixel/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 2536 MPixel/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 2390 MPixel/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 2147 MPixel/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 1904 MPixel/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1895 MPixel/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1864 MPixel/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 1852 MPixel/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 1850 MPixel/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 1844 MPixel/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 1758 MPixel/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 1676 MPixel/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 1224 MPixel/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 1167 MPixel/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 1100 MPixel/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 1099 MPixel/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 879 MPixel/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 826 MPixel/s --------[ CPU ZLib ]---------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 444.5 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 366.5 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 358.7 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 358.1 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 346.1 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 317.2 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 289.2 MB/s 6x Phenom II X6 Black 1100T 4027 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 285.0 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 281.4 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 276.3 MB/s 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 256.7 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 244.3 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 222.7 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 189.4 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 174.3 MB/s 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 171.5 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 154.7 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 153.2 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 152.5 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 136.2 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 117.7 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 112.5 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 108.3 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 105.8 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 82.8 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 75.0 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 73.7 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 59.6 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 57.8 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 57.5 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 47.3 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 41.5 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 33.3 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 32.6 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 32.2 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 31.6 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 30.8 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 24.3 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 22.8 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 20.3 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 18.5 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 17.4 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 16.3 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 15.2 MB/s --------[ CPU AES ]----------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 21097 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 17312 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 15406 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 14455 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 13681 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 12247 MB/s 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 8659 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 3782 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 2908 MB/s 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 1930 MB/s 6x Phenom II X6 Black 1100T 3725 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 1481 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 1447 MB/s 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 1332 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 1286 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 1212 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 1153 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 913 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 802 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 790 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 789 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 721 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 651 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 587 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 566 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 524 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 493 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 473 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 421 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 311 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 277 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 274 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 269 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 245 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 242 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 184 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 153 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 148 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 144 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 131 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 109 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 105 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 98 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 84 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 44 MB/s --------[ CPU Hash ]---------------------------------------------------------------------------------------------------- 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 4783 MB/s 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 4104 MB/s 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 3924 MB/s 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 3674 MB/s 6x Phenom II X6 Black 1100T 4027 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 3658 MB/s 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 3604 MB/s 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 3304 MB/s 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3188 MB/s 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 3137 MB/s 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 3094 MB/s 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 2995 MB/s 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 2544 MB/s 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2345 MB/s 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2242 MB/s 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 2034 MB/s 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 1989 MB/s 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 1942 MB/s 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 1936 MB/s 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 1914 MB/s 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 1680 MB/s 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 1677 MB/s 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1464 MB/s 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 1441 MB/s 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1101 MB/s 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 980 MB/s Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 976 MB/s 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 969 MB/s 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 925 MB/s 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 828 MB/s 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 809 MB/s 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 730 MB/s 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 641 MB/s 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 548 MB/s Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 489 MB/s P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 443 MB/s 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 427 MB/s 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 350 MB/s Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 336 MB/s 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 325 MB/s Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 306 MB/s Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 251 MB/s Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 246 MB/s Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 245 MB/s Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 162 MB/s --------[ FPU VP8 ]----------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 6381 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 6307 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 5592 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 5279 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 4981 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 4943 6x Phenom II X6 Black 1100T 4027 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 4911 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 4777 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 4589 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 4583 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 3973 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 3920 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 3864 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 3766 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3654 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 3304 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 3294 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 3238 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 3177 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 2707 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2499 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2448 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 2382 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2369 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1816 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1786 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 1779 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1687 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 1352 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 1215 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 1189 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 1108 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1057 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 954 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 867 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 803 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 796 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 689 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 685 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 661 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 613 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 586 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 511 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 487 --------[ FPU Julia ]--------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 26898 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 19516 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 18457 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 18309 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 17993 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 17671 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 15300 6x Phenom II X6 Black 1100T 4027 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 14056 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 13504 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 12634 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 12208 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 11912 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 11125 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 8956 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 8681 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 8201 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 8070 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 7608 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 7438 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 6638 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 6411 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 5587 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 5579 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 5551 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 3534 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 3079 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 2440 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 2393 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 2309 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 2053 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1988 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 1865 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 1342 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 1308 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 1117 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 958 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 912 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 896 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 893 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 792 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 702 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 641 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 589 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 513 --------[ FPU Mandel ]-------------------------------------------------------------------------------------------------- 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 14253 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 10344 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 9777 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 9318 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 8672 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 8614 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 8066 6x Phenom II X6 Black 1100T 4027 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 7197 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 6901 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 6434 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 6211 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 6094 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 5395 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 4626 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 4418 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 4333 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 4179 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 3973 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 3874 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 3308 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 3231 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 2889 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 2840 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 2676 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1823 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 1626 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 1482 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 1449 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1182 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 1062 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1051 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 856 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 795 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 688 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 494 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 476 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 458 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 428 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 404 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 402 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 359 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 328 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 263 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 193 --------[ FPU SinJulia ]------------------------------------------------------------------------------------------------ 6x Core i7-990X Extreme HT 3466 MHz Intel DX58SO2 X58 Triple DDR3-1333 9-9-9-24 CR1 7471 6x Core i7-3960X Extreme HT 3300 MHz Intel DX79SI X79 Quad DDR3-1600 9-9-9-24 CR2 7214 8x Xeon X5550 HT 2666 MHz Supermicro X8DTN+ i5520 Triple DDR3-1333 9-9-9-24 CR1 6993 4x Core i7-3770K HT 3500 MHz MSI Z77A-GD55 Z77 Int. Dual DDR3-1600 9-9-9-24 CR2 4984 4x Core i7-2600 HT 3400 MHz Asus P8P67 P67 Dual DDR3-1333 9-9-9-24 CR1 4679 12x Opteron 2431 2400 MHz Supermicro H8DI3+-F SR5690 Unganged Dual DDR2-800R 6-6-6-18 CR1 4658 4x Core i7-965 Extreme HT 3200 MHz Asus P6T Deluxe X58 Triple DDR3-1333 9-9-9-24 CR1 4587 8x Xeon E5462 2800 MHz Intel S5400SF i5400 Quad DDR2-640FB 5-5-5-15 4132 6x Phenom II X6 Black 1100T 4027 MHz Gigabyte GA-970A-UD3 AMD970 Ganged Dual DDR3-1611 11-11-11-29 CR2 3599 6x Phenom II X6 1100T 3300 MHz Gigabyte GA-890GPA-UD3H v2 AMD890GX Int. Unganged Dual DDR3-1333 9-9-9-24 CR2 3213 8x Opteron 2378 2400 MHz Tyan Thunder n3600R nForcePro-3600 Unganged Dual DDR2-800R 6-6-6-18 CR1 3101 8x FX-8350 4000 MHz Asus M5A99X Evo R2.0 AMD990X Dual DDR3-1866 9-10-9-27 CR2 2833 8x FX-8150 3600 MHz Asus M5A97 AMD970 Dual DDR3-1866 9-10-9-27 CR2 2645 8x Xeon L5320 1866 MHz Intel S5000VCL i5000V Dual DDR2-533FB 4-4-4-12 2590 2x Core i5-650 HT 3200 MHz Supermicro C7SIM-Q Q57 Int. Dual DDR3-1333 9-9-9-24 CR1 2306 4x Xeon X3430 2400 MHz Supermicro X8SIL-F i3420 Dual DDR3-1333 9-9-9-24 CR1 2268 4x Core 2 Extreme QX9650 3000 MHz Gigabyte GA-EP35C-DS3R P35 Dual DDR3-1066 8-8-8-20 CR2 2219 8x Opteron 2344 HE 1700 MHz Supermicro H8DME-2 nForcePro-3600 Unganged Dual DDR2-667R 5-5-5-15 CR1 2210 4x Phenom II X4 Black 940 3000 MHz Asus M3N78-EM GeForce8300 Int. Ganged Dual DDR2-800 5-5-5-18 CR2 1934 4x A8-3850 2900 MHz Gigabyte GA-A75M-UD2H A75 Int. Dual DDR3-1333 9-9-9-24 CR1 1872 4x Core 2 Extreme QX6700 2666 MHz Intel D975XBX2 i975X Dual DDR2-667 5-5-5-15 1856 4x Xeon 5140 2333 MHz Intel S5000VSA i5000V Dual DDR2-667FB 5-5-5-15 1618 4x A10-5800K 3800 MHz Gigabyte GA-F2A85X-UP4 A85X Int. Dual DDR3-1866 9-10-9-27 CR2 1445 4x Phenom X4 9500 2200 MHz Asus M3A AMD770 Ganged Dual DDR2-800 5-5-5-18 CR2 1421 4x Opteron 2210 HE 1800 MHz Tyan Thunder h2000M BCM5785 Dual DDR2-600R 5-5-5-15 CR1 1178 2x Athlon64 X2 Black 6400+ 3200 MHz MSI K9N SLI Platinum nForce570SLI Dual DDR2-800 4-4-4-11 CR1 1049 2x Core 2 Extreme X6800 2933 MHz Abit AB9 P965 Dual DDR2-800 5-5-5-18 CR2 1021 2x Pentium EE 955 HT 3466 MHz Intel D955XBK i955X Dual DDR2-667 4-4-4-11 960 2x Xeon HT 3400 MHz Intel SE7320SP2 iE7320 Dual DDR333R 2.5-3-3-7 942 2x Core 2 Duo P8400 2266 MHz MSI MegaBook PR201 GM45 Int. Dual DDR2-667 5-5-5-15 835 2x Athlon64 X2 4000+ 2100 MHz ASRock ALiveNF7G-HDready nForce7050-630a Int. Dual DDR2-700 5-5-5-18 CR2 685 P4EE HT 3733 MHz Intel SE7230NH1LX iE7230 Dual DDR2-667 5-5-5-15 516 2x E-350 1600 MHz ASRock E350M1 A50M Int. DDR3-1066 SDRAM 8-8-8-20 CR1 506 2x Opteron 240 1400 MHz MSI K8D Master3-133 FS AMD8100 Dual DDR400R 3-4-4-8 CR1 457 2x Pentium D 820 2800 MHz Abit Fatal1ty F-I90HD RS600 Int. Dual DDR2-800 5-5-5-18 CR2 452 Opteron 248 2200 MHz MSI K8T Master1-FAR K8T800 Dual DDR266R 2-3-3-6 CR1 359 Athlon64 3200+ 2000 MHz ASRock 939S56-M SiS756 Dual DDR400 2.5-3-3-8 CR2 327 Nano X2 L4350 1600 MHz VIA EPIA-M900 VX900H Int. DDR3-1066 SDRAM 7-7-7-20 CR2 284 Celeron 420 1600 MHz Intel DQ965GF Q965 Int. Dual DDR2-667 5-5-5-15 277 2x Atom D2500 1866 MHz Intel D2500CC NM10 Int. DDR3-1066 SDRAM 7-7-7-20 CR2 262 Sempron 2600+ 1600 MHz ASRock K8NF4G-SATA2 GeForce6100 Int. DDR400 SDRAM 2.5-3-3-8 CR2 262 Atom 230 HT 1600 MHz Intel D945GCLF i945GC Int. DDR2-533 SDRAM 4-4-4-12 205 Celeron D 326 2533 MHz ASRock 775Twins-HDTV RC410 Ext. DDR2-533 SDRAM 4-4-4-11 203 Nano L2200 1600 MHz VIA VB8001 CN896 Int. DDR2-667 SDRAM 5-5-5-15 CR2 131 --------[ Debug - PCI ]------------------------------------------------------------------------------------------------- B00 D00 F00: ATI RD980/RD990/RX980 Chipset - Host Bridge Offset 000: 02 10 14 5A 02 00 10 20 02 00 00 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 E0 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 02 10 14 5A Offset 030: 00 00 00 00 F0 00 00 00 00 00 00 00 FF 00 00 00 Offset 040: 08 54 00 C0 C1 00 00 00 00 00 00 00 42 20 05 00 Offset 050: 02 10 14 5A 08 9C 00 90 08 10 00 00 08 10 00 00 Offset 060: 00 00 00 00 86 01 00 00 00 00 00 40 64 57 00 79 Offset 070: 05 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 10 00 00 03 20 02 30 00 31 20 00 00 Offset 090: 00 00 00 D0 00 00 00 00 10 08 00 00 08 70 3C D0 Offset 0A0: 14 00 00 00 00 00 00 80 00 00 00 00 F9 40 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 80 08 40 80 02 20 00 11 11 D0 00 00 00 Offset 0D0: 60 0B F5 3F 13 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 05 00 FF FF FF FF 00 00 00 00 00 00 00 00 Offset 0F0: 08 C4 03 A8 00 80 80 00 00 00 00 00 00 00 00 00 B00 D02 F00: ATI RD980/RD990/RX980 Chipset - PCI Express Port (GFX port 0) Offset 000: 02 10 16 5A 07 00 10 00 00 00 04 06 10 00 01 00 Offset 010: 00 00 00 00 00 00 00 00 00 01 01 00 C1 C1 00 20 Offset 020: 00 F8 F0 FB 01 D0 F1 DF 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 12 01 18 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 03 C8 00 00 00 00 10 A0 42 01 20 80 00 00 Offset 060: 10 08 00 00 02 CD 31 00 00 00 02 71 80 25 14 00 Offset 070: 00 00 48 01 00 00 01 00 00 00 00 00 3F 00 00 00 Offset 080: 06 00 00 00 00 00 00 00 42 00 01 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 05 B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 0D B8 00 00 02 10 14 5A 08 00 03 A8 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D04 F00: ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 0) Offset 000: 02 10 18 5A 07 00 10 00 00 00 04 06 10 00 01 00 Offset 010: 00 00 00 00 00 00 00 00 00 02 02 00 B1 B1 00 00 Offset 020: 90 FD 90 FD 61 FD 61 FD 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 03 C8 00 00 00 00 10 A0 42 01 20 80 00 00 Offset 060: 10 08 00 00 22 CC 31 00 00 00 12 B0 80 25 24 00 Offset 070: 00 00 48 01 00 00 01 00 00 00 00 00 3F 00 00 00 Offset 080: 06 00 00 00 00 00 00 00 42 00 01 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 05 B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 0D B8 00 00 02 10 14 5A 08 00 03 A8 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D09 F00: ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 4) Offset 000: 02 10 1C 5A 07 00 10 00 00 00 04 06 10 00 01 00 Offset 010: 00 00 00 00 00 00 00 00 00 03 03 00 E1 E1 00 00 Offset 020: 50 FD 50 FD E1 FD E1 FD 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 11 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 03 C8 00 01 00 00 10 A0 42 01 20 80 00 00 Offset 060: 10 08 00 00 12 CC 31 04 00 00 11 30 80 25 4C 00 Offset 070: 00 00 48 01 00 00 01 00 00 00 00 00 3F 00 00 00 Offset 080: 06 00 00 00 00 00 00 00 42 00 01 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 05 B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 0D B8 00 00 02 10 14 5A 08 00 03 A8 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D0A F00: ATI RD980/RD990/RX980 Chipset - PCI Express Port (GPP port 5) Offset 000: 02 10 1D 5A 07 00 10 00 00 00 04 06 10 00 01 00 Offset 010: 00 00 00 00 00 00 00 00 00 04 04 00 D1 D1 00 00 Offset 020: D0 FD D0 FD C1 FD C1 FD 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 12 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 03 C8 00 00 00 00 10 A0 42 01 20 80 00 00 Offset 060: 10 08 00 00 12 CC 31 05 00 00 12 B0 80 25 54 00 Offset 070: 00 00 48 01 00 00 01 00 00 00 00 00 3F 00 00 00 Offset 080: 06 00 00 00 00 00 00 00 42 00 01 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 05 B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 0D B8 00 00 02 10 14 5A 08 00 03 A8 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D11 F00: ATI SB900 - SATA Controller Offset 000: 02 10 90 43 07 00 30 02 40 8F 01 01 10 20 00 00 Offset 010: 01 FF 00 00 01 FE 00 00 01 FD 00 00 01 FC 00 00 Offset 020: 01 FB 00 00 00 F0 FF FD 00 00 00 00 58 14 02 B0 Offset 030: 00 00 00 00 70 00 00 00 00 00 00 00 13 01 00 00 Offset 040: 14 80 80 00 01 00 20 00 00 00 80 00 00 00 00 00 Offset 050: 05 70 84 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 01 50 22 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 12 A4 10 00 0F 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 06 1A 14 00 AB 01 08 00 F0 00 00 00 Offset 090: 27 60 74 C7 02 43 06 00 08 01 00 00 01 58 09 08 Offset 0A0: 0C 00 00 00 13 00 06 03 00 00 64 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 Offset 0E0: 80 00 00 00 00 00 00 00 00 00 00 00 10 00 00 3F Offset 0F0: 00 00 00 00 00 00 00 00 77 77 77 00 00 00 00 00 B00 D12 F00: ATI SB900 - OHCI USB Controller Offset 000: 02 10 97 43 06 00 A0 02 00 10 03 0C 10 20 80 00 Offset 010: 00 E0 FF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 04 50 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 12 01 00 00 Offset 040: 80 01 00 F0 11 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 40 00 00 F0 00 00 00 00 FF FF FF FF 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 FF 00 00 80 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D12 F02: ATI SB900 - EHCI USB 2.0 Controller Offset 000: 02 10 96 43 06 00 B0 02 00 20 03 0C 10 20 00 00 Offset 010: 00 D0 FF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 04 50 Offset 030: 00 00 00 00 C0 00 00 00 00 00 00 00 11 02 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 40 21 80 A0 01 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 20 00 00 01 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 00 01 00 20 00 C0 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 01 E4 02 7E 00 00 40 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 0A 00 E0 20 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D13 F00: ATI SB900 - OHCI USB Controller Offset 000: 02 10 97 43 06 00 A0 02 00 10 03 0C 10 20 80 00 Offset 010: 00 C0 FF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 04 50 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 12 01 00 00 Offset 040: 80 01 00 F0 11 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 40 00 00 F0 00 00 00 00 FF FF FF FF 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 FF 00 00 80 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D13 F02: ATI SB900 - EHCI USB 2.0 Controller Offset 000: 02 10 96 43 06 00 B0 02 00 20 03 0C 10 20 00 00 Offset 010: 00 B0 FF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 04 50 Offset 030: 00 00 00 00 C0 00 00 00 00 00 00 00 11 02 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 40 21 80 A0 01 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 20 00 00 01 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 00 01 00 20 00 C0 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 01 E4 02 7E 00 00 40 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 0A 00 E0 20 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D14 F00: ATI SB900 - SMBus Controller Offset 000: 02 10 85 43 03 04 20 02 42 00 05 0C 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D14 F01: ATI SB900 - IDE Controller Offset 000: 02 10 9C 43 05 00 20 02 40 8A 01 01 10 20 00 00 Offset 010: 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 Offset 020: 01 FA 00 00 00 00 00 00 00 00 00 00 58 14 02 50 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 FF 02 00 00 Offset 040: 20 20 00 00 20 FF FF FF 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 070: 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D14 F02: ATI SB900 - High Definition Audio Controller Offset 000: 02 10 83 43 06 00 10 04 40 00 03 04 10 20 00 00 Offset 010: 04 40 FF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 02 A0 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00 Offset 040: 00 00 00 00 01 10 00 00 00 00 00 00 01 00 00 00 Offset 050: 01 00 42 C8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D14 F03: ATI SB900 - PCI-LPC Bridge Offset 000: 02 10 9D 43 0F 00 20 02 40 00 01 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 02 10 9D 43 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 04 00 00 00 D5 FF 03 FF 3F FF 40 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 0A 00 00 00 00 0F 00 B8 FF FF FF Offset 070: 67 45 23 00 00 00 00 00 1C 00 00 00 05 0A 00 00 Offset 080: 08 00 03 A8 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 01 10 D6 FE Offset 0A0: 02 00 C1 FE 2E 01 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 09 39 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D14 F04: ATI SB900 - PCI-PCI Bridge Offset 000: 02 10 84 43 27 04 A0 02 40 01 04 06 00 40 81 00 Offset 010: 00 00 00 00 00 00 00 00 00 05 05 40 A0 A0 80 22 Offset 020: B0 FD B0 FD A0 FD A0 FD 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 20 00 24 FF 00 00 00 00 0C 0F 3F D1 00 01 00 00 Offset 050: 01 00 00 00 08 00 03 A8 00 00 00 00 85 00 FF FF Offset 060: CA 0E 17 00 BA 98 10 02 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 06 Offset 0E0: 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D14 F05: ATI SB900 - OHCI USB Controller Offset 000: 02 10 99 43 06 00 A0 02 00 10 03 0C 10 20 00 00 Offset 010: 00 A0 FF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 04 50 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 12 03 00 00 Offset 040: 80 01 00 F0 11 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 40 00 00 F0 00 00 00 00 FF FF FF FF 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 FF 00 00 80 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D15 F00: ATI SB900 - PCI Express Port 0 Offset 000: 02 10 A0 43 07 00 10 00 00 00 04 06 10 00 01 00 Offset 010: 00 00 00 00 00 00 00 00 00 06 06 00 91 91 00 00 Offset 020: 80 FD 80 FD 71 FD 71 FD 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 11 01 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 58 03 06 00 00 00 00 10 A0 42 01 20 80 00 00 Offset 060: 10 08 00 00 41 0C 30 F7 00 00 00 11 40 00 04 00 Offset 070: 00 00 00 00 00 00 01 00 00 00 00 00 1F 00 00 00 Offset 080: 06 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 05 B0 80 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 0D B8 00 00 02 10 00 00 08 00 03 A8 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D16 F00: ATI SB900 - OHCI USB Controller Offset 000: 02 10 97 43 06 00 A0 02 00 10 03 0C 10 20 80 00 Offset 010: 00 90 FF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 04 50 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 12 01 00 00 Offset 040: 80 01 00 F0 11 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 40 00 00 F0 00 00 00 00 FF FF FF FF 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 FF 00 00 80 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D16 F02: ATI SB900 - EHCI USB 2.0 Controller Offset 000: 02 10 96 43 06 00 B0 02 00 20 03 0C 10 20 00 00 Offset 010: 00 80 FF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 04 50 Offset 030: 00 00 00 00 C0 00 00 00 00 00 00 00 11 02 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 40 21 80 A0 01 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 20 00 00 01 00 00 00 00 00 00 00 00 Offset 0A0: 01 00 00 01 00 20 00 C0 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 01 E4 02 7E 00 00 40 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 0A 00 E0 20 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D18 F00: AMD K10 - HyperTransport Technology Configuration Offset 000: 22 10 00 12 00 00 10 00 00 00 00 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 01 02 04 00 01 02 04 00 01 02 04 00 01 02 04 00 Offset 050: 01 02 04 00 01 02 04 00 01 02 04 00 01 02 04 00 Offset 060: 00 00 05 00 E0 00 00 00 20 A8 4E 00 00 F8 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 08 00 01 21 20 20 11 11 60 0B F5 FF 13 00 00 00 Offset 090: 92 02 85 84 00 00 06 00 07 00 00 00 0E 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D18 F01: AMD K10 - Address Map Offset 000: 22 10 01 12 00 00 00 00 00 00 00 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 03 00 00 00 00 00 2F 03 00 00 00 00 01 00 00 00 Offset 050: 00 00 00 00 02 00 00 00 00 00 00 00 03 00 00 00 Offset 060: 00 00 00 00 04 00 00 00 00 00 00 00 05 00 00 00 Offset 070: 00 00 00 00 06 00 00 00 00 00 00 00 07 00 00 00 Offset 080: 03 0A 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 Offset 090: 03 00 D0 00 00 FF DF 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 03 00 F0 00 00 FF FF 00 Offset 0B0: 03 00 E0 00 80 6F E0 00 00 00 00 00 00 00 00 00 Offset 0C0: 13 90 00 00 00 F0 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 03 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 03 30 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 B00 D18 F02: AMD K10 - DRAM Controller Offset 000: 22 10 02 12 00 00 00 00 00 00 00 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 01 00 00 02 09 00 80 02 01 00 00 00 09 00 00 01 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: E0 3F 78 00 E0 3F F8 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 06 02 08 0E 38 02 11 18 Offset 080: 75 00 00 00 E6 06 34 00 67 EB 5D C3 77 BA A2 01 Offset 090: 00 08 01 00 0E 09 50 5F 30 08 0F 8D 06 40 00 00 Offset 0A0: 00 02 00 00 00 00 00 00 40 00 00 00 00 00 00 00 Offset 0B0: 64 82 D5 5F B4 00 00 00 F8 1F F2 C0 40 77 3E 9A Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: FC 39 10 0A 61 A5 AF 48 F9 07 1C 81 F0 BC 01 34 Offset 0E0: 04 FC 81 FE 5D 4C 1C D9 F5 E7 1D 76 A1 88 0F 4E Offset 0F0: 00 00 00 80 00 00 00 00 E4 4D A2 7B D0 55 01 00 Offset 100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 110: 10 05 00 00 00 00 00 00 24 A4 40 04 40 0F E0 2C Offset 120: F0 7B 7C 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 130: C1 85 C3 D3 61 C2 C0 35 9A 3A F8 D0 B9 37 02 30 Offset 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 190: 00 00 00 00 00 00 00 00 30 08 0F 8D 06 40 00 00 Offset 1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1B0: 01 81 C3 9F 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B00 D18 F03: AMD K10 - Miscellaneous Control Offset 000: 22 10 03 12 00 00 10 00 00 00 00 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 Offset 040: FF FF FF 3F 5C 00 B0 4A 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 05 00 3A 3A 00 00 00 10 52 80 01 00 Offset 070: 53 11 04 00 11 11 08 00 14 0C 20 00 14 09 09 00 Offset 080: 81 E6 00 E6 E6 41 E6 01 08 00 00 00 00 00 58 00 Offset 090: 00 00 00 00 30 40 00 00 80 C1 02 F3 00 00 00 00 Offset 0A0: 00 08 12 A0 EF 0F EC 21 00 00 00 28 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 26 0F 81 C8 15 13 1A 03 1A 64 67 00 Offset 0E0: 00 00 00 00 30 14 C0 1D 19 DF 07 02 00 00 00 00 Offset 0F0: 0F 00 10 00 00 00 00 00 00 00 00 00 A0 0F 10 00 B00 D18 F04: AMD K10 - Link Control Offset 000: 22 10 04 12 00 00 00 00 00 00 00 06 00 00 80 00 Offset 010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 150: 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 Offset 160: A0 0F 10 00 00 00 00 00 00 00 00 00 00 02 00 00 Offset 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 180: D5 00 00 C0 80 00 00 00 00 00 00 00 00 00 00 00 Offset 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1A0: 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1C0: 00 00 00 80 10 01 00 00 00 3C 00 00 00 00 00 00 Offset 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 1E0: 15 0C 3C 03 40 34 66 0A 09 24 EA 02 01 2C AA 02 Offset 1F0: 11 1C 3E 03 20 10 00 00 00 00 00 00 00 00 00 00 B01 D00 F00: EVGA e-GeForce GTX 460 Video Adapter Offset 000: DE 10 22 0E 07 00 10 00 A1 00 00 03 10 00 80 00 Offset 010: 00 00 00 F8 0C 00 00 D0 00 00 00 00 0C 00 00 DC Offset 020: 00 00 00 00 01 CF 00 00 00 00 00 00 42 38 70 13 Offset 030: 00 00 00 00 60 00 00 00 00 00 00 00 12 01 00 00 Offset 040: 42 38 70 13 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 00 00 00 01 00 00 00 CE D6 23 00 00 00 00 00 Offset 060: 01 68 03 00 08 00 00 00 05 78 80 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 10 B4 02 00 A0 8D 2C 01 Offset 080: 10 29 00 00 02 3D 05 00 08 01 02 11 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 01 00 01 00 00 00 00 00 Offset 0B0: 00 00 00 00 09 00 14 01 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B01 D00 F01: nVIDIA GF104 - High Definition Audio Controller Offset 000: DE 10 EB 0B 06 00 10 00 A1 00 03 04 10 00 80 00 Offset 010: 00 C0 FF FB 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 42 38 70 13 Offset 030: 00 00 00 00 60 00 00 00 00 00 00 00 13 02 00 00 Offset 040: 42 38 70 13 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 00 00 00 00 00 00 00 00 CE D6 23 00 00 00 00 00 Offset 060: 01 68 03 00 08 00 00 00 05 78 80 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 10 00 02 00 A0 8D 2C 01 Offset 080: 10 28 00 00 02 3D 05 00 0B 01 02 11 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B02 D00 F00: Etron EJ168 USB 3.0 xHCI Controller Offset 000: 6F 1B 23 70 06 04 10 00 01 30 03 0C 10 00 00 00 Offset 010: 04 80 9F FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 07 50 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 70 03 FE 00 00 00 00 00 00 00 00 04 74 14 84 Offset 060: 30 20 00 00 00 00 00 00 00 50 00 18 87 00 00 00 Offset 070: 05 A0 85 01 0C F0 E3 FE 00 00 00 00 B0 49 00 00 Offset 080: FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 10 02 20 50 90 62 8D 29 A2 E0 8C A1 18 1D 42 D0 Offset 0A0: 10 00 02 00 23 80 2C 11 10 28 10 00 12 4C 07 00 Offset 0B0: 00 00 12 10 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 40 F0 00 00 00 00 00 00 00 00 04 01 21 20 Offset 0F0: D0 00 F0 00 00 40 00 00 00 00 00 00 00 00 00 00 B03 D00 F00: Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter Offset 000: EC 10 68 81 07 04 10 00 06 00 00 02 10 00 00 00 Offset 010: 01 EE 00 00 00 00 00 00 0C F0 EF FD 00 00 00 00 Offset 020: 0C 80 EF FD 00 00 00 00 00 00 00 00 58 14 00 E0 Offset 030: 00 00 00 00 40 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 01 50 C3 FF 08 01 00 00 00 00 00 00 00 00 00 00 Offset 050: 05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 10 B0 02 02 C0 8C 2C 01 10 50 10 00 11 7C 07 00 Offset 080: 00 00 11 10 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 1F 00 00 00 10 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 11 D0 03 80 04 00 00 00 04 08 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B04 D00 F00: Etron EJ168 USB 3.0 xHCI Controller Offset 000: 6F 1B 23 70 06 04 10 00 01 30 03 0C 10 00 00 00 Offset 010: 04 80 DF FD 00 00 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 07 50 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 00 01 00 00 Offset 040: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 70 03 FE 00 00 00 00 00 00 00 00 04 74 0C 7C Offset 060: 30 20 00 00 00 00 00 00 00 50 00 18 87 00 00 00 Offset 070: 05 A0 85 01 0C F0 E3 FE 00 00 00 00 90 49 00 00 Offset 080: FE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 10 02 20 50 90 62 8D 29 A2 E0 8C A1 18 1D 42 D0 Offset 0A0: 10 00 02 00 23 80 2C 11 10 28 10 00 12 4C 07 00 Offset 0B0: 00 00 12 10 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 40 F0 00 00 00 00 00 00 00 00 04 01 21 20 Offset 0F0: D0 00 F0 00 00 40 00 00 00 00 00 00 00 00 00 00 B05 D0E F00: VIA VT6308 Fire IIM IEEE1394 Host Controller Offset 000: 06 11 44 30 07 00 10 02 C0 10 00 0C 10 20 00 00 Offset 010: 00 F0 BF FD 01 AF 00 00 00 00 00 00 00 00 00 00 Offset 020: 00 00 00 00 00 00 00 00 00 00 00 00 58 14 00 10 Offset 030: 00 00 00 00 50 00 00 00 00 00 00 00 16 01 00 20 Offset 040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 050: 01 00 02 E4 00 00 00 00 00 00 00 00 58 14 00 00 Offset 060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Offset 0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 --------[ Debug - Video BIOS ]------------------------------------------------------------------------------------------ C000:0000 U.m.K7400.L.w.VIDEO ......<...IBM VGA Compatible.......N11/16/10 C000:0040 ..........@...$...*.B8p..?..@..........9....D..DPMIDl.o....... C000:0080 .....3GF104 P1041 SKU 1 VGA BIOS................................ C000:00C0 .......................Version 70.04.2E.00.70 ...Copyright (C) 1 C000:0100 996-2010 NVIDIA Corp..............GF104 Board - 10410001........ C000:0140 .....Chip Rev ................................................ C000:0180 ........PCIR..".........m.......HYB$..BIT......E2...,.B.!.8.C... C000:01C0 Y.D...g.A...k.I...n.L.....M.....N.....P.0...S.....T.....U.....V. C000:0200 ....x.....d.....p.....i.B.....>. I.[.aC....................pp?.. C000:0240 ..............\\....0.............J.....L.A...>KJKPKhK.L.LJK...L C000:0280 ....I.J.g..Wg..4K...a...b...d..6f...f.......f......Pf..)f...f... C000:02C0 f....P.....( I.4I#".#E...MWI..I.I...........C.[.[.. ...........p C000:0300 ....{u.....11/02/10..........!..............325.10410001........ C000:0340 ........Z.S..................Z .........Z.S.........,......Z1.y. C000:0380 y...5.y...........6.6.G.....L.q.@...Q...Z.......!.x...y.y...y.y. C000:03C0 ....a.y.....f...............n.....q.....t.e.$.q.x.S.z........... ------------------------------------------------------------------------------------------------------------------------ The names of actual companies and products mentioned herein may be the trademarks of their respective owners.