info.txt logfile of random's system information tool 1.08 2011-02-21 13:45:55
======Uninstall list======
Torrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
ABN AMRO e.dentifier2 software-->MsiExec.exe /X{D820BECD-97D3-4942-B6CF-1B670CA7690C}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Reader 9.4.2 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A94000000001}
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
AutocompletePro-->"C:\Program Files (x86)\AutocompletePro\unins000.exe"
CFG_CATIA-5R19-EN-W7Ex86-->MsiExec.exe /X{50629187-2C5B-405A-A8E0-CFB38AF8F719}
Conduit Engine-->C:\PROGRA~2\CONDUI~1\ConduitEngineUninstall.exe
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A004ADA8-EFD6-4CFE-849A-0C91B4C665FC}" "1043" "0"
DirectVobSub (remove only)-->"C:\Program Files (x86)\DirectVobSub\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Common Access Service Library-->MsiExec.exe /I{58215966-9BA6-485D-B8DA-4AE31150B92E}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP ESU for Microsoft Windows 7-->MsiExec.exe /X{884F42B0-4BDD-46C1-BED5-E7FCFB9BF3A2}
HP Quick Launch Buttons-->"C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0409 -removeonly uninst
HP QuickLook-->MsiExec.exe /X{11840A12-B637-4821-9137-7D3AF1FED256}
HP QuickWeb-->MsiExec.exe /X{7861911B-4270-498A-8F7A-FCF0570F484B}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}\setup.exe" -l0x9 -removeonly
HP SkyRoom-->"C:\Program Files (x86)\InstallShield Installation Information\{17DA6412-EC90-42D1-A9A4-661416750025}\setup.exe" -runfromtemp -l0x0413 -removeonly
HP SkyRoom-->MsiExec.exe /I{17DA6412-EC90-42D1-A9A4-661416750025}
HP SoftPaq Download Manager-->MsiExec.exe /I{E1CD7FC4-98F6-4A14-A8C8-A01D6F6F8FC3}
HP Software Setup-->MsiExec.exe /X{04801E42-B1A6-4C52-9F3D-CADB5A050433}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP User Guides 0159-->MsiExec.exe /X{5D205683-5AC7-4BBA-B45F-EC31DF297643}
HP Wallpaper-->MsiExec.exe /X{F173C2B3-296F-458C-98FF-1676A42EBA02}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
McAfee Internet Security-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft Office Access MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0015-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0016-0413-0000-0000000FF1CE}
Microsoft Office Groove MUI (Dutch) 2010-->MsiExec.exe /X{90140000-00BA-0413-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0044-0413-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Dutch) 2010-->MsiExec.exe /X{90140000-00A1-0413-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0018-0413-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2010-->MsiExec.exe /X{90140000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2010-->MsiExec.exe /X{90140000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2010-->MsiExec.exe /X{90140000-006E-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001B-0413-0000-0000000FF1CE}
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit-->MsiExec.exe /X{95140000-007D-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.6.13)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
NEC Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\setup.exe" -runfromtemp -l0x0409 -removeonly
NEC Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /I{D7BF9739-8A68-4335-BBEE-37752AD9E86B}
Pro Evolution Soccer 2011 DEMO-->MsiExec.exe /X{336C4194-47FA-40A8-8D65-21000CA5186E}
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Remote Graphics Receiver-->"C:\Program Files (x86)\InstallShield Installation Information\{16FC3056-90C0-4757-8A68-64D8DA846ADA}\setup.exe" -runfromtemp -l0x0009 -removeonly
Remote Graphics Sender-->"C:\Program Files (x86)\InstallShield Installation Information\{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}\setup.exe" -runfromtemp -l0x0009 -removeonly
RICOH Media Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F5CC2EF8-20A4-4366-A681-3FE849E65809}\SETUP.EXE" -runfromtemp -l0x0009 anything -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1043" "0"
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1043" "0"
Security Update for Microsoft Publisher 2010 (KB2409055)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{C3C277D5-36E3-4B1A-926A-175B2BC019CF}" "1043" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1043" "0"
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1043" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{556146F7-74AE-4E0A-B64F-5B8B93469F61}" "1043" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{B5516874-E926-4BFD-B412-D0E70112F244}" "1043" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{D6CE7280-6EE3-419A-8F47-DB111C040B1B}" "1043" "0"
Update for Microsoft OneNote 2010 (KB2433299)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{6C845127-B949-4D76-A732-BCB396AD9AA5}" "1043" "0"
Update for Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}" "1043" "0"
Update voor Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0413-0000-0000000FF1CE}" "{22DEE24B-27D5-43EE-8F54-751956C93477}" "1043" "0"
uTorrentBar_NL Toolbar-->C:\PROGRA~2\UTORRE~1\UNWISE.EXE /U C:\PROGRA~2\UTORRE~1\INSTALL.LOG
Windows 7 Default Setting-->MsiExec.exe /I{5BF8E079-D6E2-4323-B794-75152371122A}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
======System event log======
Computer Name: RFMollee-HP
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80080005: Update for Windows 7 for x64-based Systems (KB2388210).
Record Number: 25869
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20101028081508.415612-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: RFMollee-HP
Event Code: 10010
Message: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.
Record Number: 25867
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20101028081503.000000-000
Event Type: Error
User:
Computer Name: RFMollee-HP
Event Code: 17
Message: A corrected hardware error has occurred.
Component: PCI Express Root Port
Error Source: Advanced Error Reporting (PCI Express)
Bus
evice:Function: 0x0:0x3:0x0
Vendor ID
evice ID: 0x8086:0xd138
Class Code: 0x30400
The details view of this entry contains further information.
Record Number: 25846
Source Name: Microsoft-Windows-WHEA-Logger
Time Written: 20101028081348.615210-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: RFMollee-HP
Event Code: 27
Message: Intel(R) 82577LM Gigabit Network Connection
Network link is disconnected.
Record Number: 25842
Source Name: e1kexpress
Time Written: 20101028081343.311201-000
Event Type: Warning
User:
Computer Name: RFMollee-HP
Event Code: 516
Message: Process **\MCSVHOST.EXE pid (1028) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.
Record Number: 25833
Source Name: mfehidk
Time Written: 20101027194836.133236-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: RFMollee-HP
Event Code: 1
Message: LMS Service cannot connect to Intel(R) MEI driver
Record Number: 1210
Source Name: LMS
Time Written: 20100911191216.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: RFMollee-HP
Event Code: 10005
Message: Product: iTunes -- Dit installatieprogramma van iTunes is bedoeld voor 32-bits versies van Windows. Download en installeer het installatieprogramma voor de 64-bits versie van iTunes.
Record Number: 1173
Source Name: MsiInstaller
Time Written: 20100911175922.000000-000
Event Type: Error
User: RFMollee-HP\Radz
Computer Name: RFMollee-HP
Event Code: 59
Message: Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax.
Record Number: 1124
Source Name: SideBySide
Time Written: 20100911171602.000000-000
Event Type: Error
User:
Computer Name: RFMollee-HP
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
6 user registry handles leaked from \Registry\User\S-1-5-21-2642140197-1645424346-2896816342-1000:
Process 704 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2642140197-1645424346-2896816342-1000
Process 1056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2642140197-1645424346-2896816342-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2642140197-1645424346-2896816342-1000\Software\Policies
Process 1056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2642140197-1645424346-2896816342-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2642140197-1645424346-2896816342-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1056 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2642140197-1645424346-2896816342-1000\Software
Record Number: 1016
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100911161839.471071-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: RFMollee-HP
Event Code: 11
Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 148) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 1013
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100911160938.475707-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
=====Security event log=====
Computer Name: RFMollee-HP
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 547
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911160849.725622-000
Event Type: Audit Success
User:
Computer Name: RFMollee-HP
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: RFMOLLEE-HP$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x290
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 546
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911160849.725622-000
Event Type: Audit Success
User:
Computer Name: RFMollee-HP
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 545
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911160416.078539-000
Event Type: Audit Success
User:
Computer Name: RFMollee-HP
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: RFMOLLEE-HP$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x290
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 544
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100911160416.078539-000
Event Type: Audit Success
User:
Computer Name: RFMollee-HP
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2642140197-1645424346-2896816342-1000
Account Name: Radz
Domain Name: RFMollee-HP
Logon ID: 0xebd80
Record Number: 543
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100911155039.165127-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\MATLAB\R2009bSP1\runtime\win64;C:\Program Files\MATLAB\R2009bSP1\bin;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=1e05
"OnlineServices"=Online Services
"Platform"=BNB
"PCBRAND"=w
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------