Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Republic of Gamers Forum
- Motherboards
- Previous Generations
- Other Motherboards
- certain usb 3 not working
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
certain usb 3 not working
Retired
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-14-2011
10:09 AM
- last edited on
03-06-2024
09:06 PM
by
ROGBot
hi i have this re occuring problem, usb ports 3 and 4 stop working and the only way to get them to start working again is to hit the reset bios button on the backplate. i turn it off go to bed wake up turn it on and the devices that are connected to those ports dont work. i always get a unknown device in device manager when this happens, ive seen it change to generic hub once ive reset the bios. this also happens on the latest bios 1485 i think.
ive also had it when 4 ports stop working.
device manager says this about the unknown device
Windows has stopped this device because it has reported problems. (Code 43)
can anyone help?
ive also had it when 4 ports stop working.
device manager says this about the unknown device
Windows has stopped this device because it has reported problems. (Code 43)
can anyone help?
Labels:
- Labels:
-
Other Motherboards
47,120 Views
13 REPLIES 13
.jpg "Raja"){kind=avatar}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-14-2011 10:13 AM
muggs wrote:
hi i have this re occuring problem, usb ports 3 and 4 stop working and the only way to get them to start working again is to hit the reset bios button on the backplate. i turn it off go to bed wake up turn it on and the devices that are connected to those ports dont work. i always get a unknown device in device manager when this happens, ive seen it change to generic hub once ive reset the bios. this also happens on the latest bios 1485 i think.
ive also had it when 4 ports stop working.
device manager says this about the unknown device
Windows has stopped this device because it has reported problems. (Code 43)
can anyone help?
Hi
Can you tell me what devices those are please? And also what USB drivers you are using?
-Raja
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-14-2011 11:10 AM
any devices by the looks of it, its happened when a mouse has been connected, its also happened when the wireless dongle for the xbox controller is connected, when the other ports failed under the ps2 port both my keyboard and mouse were plugged into them. im using the renesas drivers, latest ones.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-14-2011 12:48 PM
Ok I'll get back to you on this tomorrow when I confer with HQ. It may be wise to be preemptive here and send me an AIDA 64 complete report just in case one is requested.
-Raja
-Raja
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-14-2011 01:52 PM
ok thanks, theres one thing i forgot to mention, i have a p8p67 deluxe, i installed windows using the deluxe then for other reasons took the deluxe out and replaced it with the maximus, i did not reinstall windows if that matters. when the deluxe was being used i hardly installed anything on the drive, just ai suite and firefox. i uninstalled ai suite and put the maximus version on.
aida report... its not letting me upload, i will email it you...what is your address?
AIDA64 Extreme Edition
Version AIDA64 v1.70.1400
Benchmark Module 2.7.345-x64
Homepage http://www.aida64.com/
Report Type Report Wizard [ TRIAL VERSION ]
Computer MUGGZ-PC
Generator muggz
Operating System Microsoft Windows 7 Ultimate 6.1.7601 (Win7 RTM)
Date 2011-06-14
Time 21:35
Summary
Computer:
Computer Type ACPI x64-based PC
Operating System Microsoft Windows 7 Ultimate
OS Service Pack [ TRIAL VERSION ]
Internet Explorer 8.0.7601.17514
DirectX DirectX 11.0
Computer Name MUGGZ-PC
User Name muggz
Logon Domain [ TRIAL VERSION ]
Date / Time 2011-06-14 / 21:35
Motherboard:
CPU Type QuadCore Intel Core i7-2600K, 4415 MHz (44 x 100)
Motherboard Name Asus Maximus IV Extreme (1 PCI-E x1, 1 PCI-E x4, 4 PCI-E x16, 4 DDR3 DIMM, Audio, Dual Gigabit LAN)
Motherboard Chipset Intel Cougar Point P67, Intel Sandy Bridge
System Memory [ TRIAL VERSION ]
DIMM2: G Skill F3-12800CL6-2GBXH [ TRIAL VERSION ]
DIMM4: G Skill F3-12800CL6-2GBXH [ TRIAL VERSION ]
BIOS Type AMI (02/05/10)
Display:
Video Adapter AMD Radeon HD 6900 Series (2048 MB)
Video Adapter AMD Radeon HD 6900 Series (2048 MB)
Video Adapter AMD Radeon HD 6900 Series (2048 MB)
Video Adapter AMD Radeon HD 6900 Series (2048 MB)
3D Accelerator AMD Radeon HD 6950 (Cayman)
Monitor Hannstar HZ281H [28" LCD] (026LM3AY00332)
Monitor Hannstar HZ281H [28" LCD] (026LM3AY00347)
Monitor Hannstar HZ281H [28" LCD] (026LM3AY00359)
Multimedia:
Audio Adapter ATI Radeon HDMI @ AMD Cayman/Antilles - High Definition Audio Controller
Audio Adapter ATI Radeon HDMI @ AMD Cayman/Antilles - High Definition Audio Controller
Audio Adapter Realtek ALC889 @ Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Storage:
IDE Controller Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
IDE Controller Standard AHCI 1.0 Serial ATA Controller
IDE Controller Standard Dual Channel PCI IDE Controller
Disk Drive SAMSUNG HD103SJ ATA Device (1000 GB, 7200 RPM, SATA-II)
Disk Drive SanDisk Cruzer Blade USB Device (14 GB, USB)
Optical Drive PIONEER DVD-RW DVR-216D ATA Device (DVD+R9:12x, DVD-R9:12x, DVD+RW:20x/8x, DVD-RW:20x/6x, DVD-ROM:16x, CD:40x/32x/40x DVD+RW/DVD-RW)
SMART Hard Disks Status OK
Partitions:
C: (NTFS) [ TRIAL VERSION ]
Total Size [ TRIAL VERSION ]
Input:
Keyboard HID Keyboard Device
Keyboard HID Keyboard Device
Mouse HID-compliant mouse
Network:
Primary IP Address [ TRIAL VERSION ]
Primary MAC Address F4-6D-04-11-A0-5E
Network Adapter Intel(R) 82579V Gigabit Network Connection (192. [ TRIAL VERSION ])
Network Adapter Intel(R) 82583V Gigabit Network Connection
Peripherals:
Printer Fax
Printer Microsoft XPS Document Writer
USB2 Controller Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
USB2 Controller Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
USB3 Controller NEC uPD720200 USB 3.0 Host Controller
USB3 Controller NEC uPD720200 USB 3.0 Host Controller
USB Device Generic USB Hub
USB Device Generic USB Hub
USB Device Generic USB Hub
USB Device Generic USB Hub
USB Device Ideazon Merc Stealth MM USB Human Interface Device
USB Device Ideazon Merc Stealth USB Human Interface Device
USB Device Renesas Electronics USB 3.0 Hub
USB Device Renesas Electronics USB 3.0 Hub
USB Device Unknown Device
USB Device USB Composite Device
USB Device USB Composite Device
USB Device USB Input Device
USB Device USB Input Device
USB Device USB Mass Storage Device
USB Device Xbox 360 Wireless Receiver for Windows
DMI:
DMI BIOS Vendor American Megatrends Inc.
DMI BIOS Version 1204
DMI System Manufacturer System manufacturer
DMI System Product System Product Name
DMI System Version System Version
DMI System Serial Number [ TRIAL VERSION ]
DMI System UUID [ TRIAL VERSION ]
DMI Motherboard Manufacturer ASUSTeK Computer INC.
DMI Motherboard Product Maximus IV Extreme
DMI Motherboard Version Rev 1.xx
DMI Motherboard Serial Number [ TRIAL VERSION ]
DMI Chassis Manufacturer Chassis Manufacture
DMI Chassis Version Chassis Version
DMI Chassis Serial Number [ TRIAL VERSION ]
DMI Chassis Asset Tag [ TRIAL VERSION ]
DMI Chassis Type Desktop Case
Computer Name
Type Class Computer Name
Computer Comment Logical
NetBIOS Name Logical MUGGZ-PC
DNS Host Name Logical muggz-PC
DNS Domain Name Logical
Fully Qualified DNS Name Logical muggz-PC
NetBIOS Name Physical MUGGZ-PC
DNS Host Name Physical muggz-PC
DNS Domain Name Physical
Fully Qualified DNS Name Physical muggz-PC
DMI
[ BIOS ]
BIOS Properties:
Vendor American Megatrends Inc.
Version 1204
Release Date 03/02/2011
Size 4096 KB
Boot Devices Floppy Disk, Hard Disk, CD-ROM
Capabilities Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS
Supported Standards DMI, ACPI
Expansion Capabilities PCI, USB
BIOS Manufacturer:
Company Name American Megatrends Inc.
Product Information http://www.ami.com/amibios
BIOS Upgrades http://www.aida64.com/bios-updates
[ System ]
System Properties:
Manufacturer System manufacturer
Product System Product Name
Version System Version
Serial Number [ TRIAL VERSION ]
SKU# To be filled by O.E.M.
Family To be filled by O.E.M.
Universal Unique ID [ TRIAL VERSION ]
Wake-Up Type Power Switch
[ Motherboard ]
Motherboard Properties:
Manufacturer ASUSTeK Computer INC.
Product Maximus IV Extreme
Version Rev 1.xx
Serial Number [ TRIAL VERSION ]
Motherboard Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=mKyCKlQ4oSEtSu5m
BIOS Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
BIOS Upgrades http://www.aida64.com/bios-updates
[ Chassis ]
Chassis Properties:
Manufacturer Chassis Manufacture
Version Chassis Version
Serial Number [ TRIAL VERSION ]
Asset Tag [ TRIAL VERSION ]
Chassis Type Desktop Case
Boot-Up State Safe
Power Supply State Safe
Thermal State Safe
Security Status None
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Processor Properties:
Manufacturer Intel
Version Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Serial Number To Be Filled By O.E.M.
Asset Tag To Be Filled By O.E.M.
Part Number To Be Filled By O.E.M.
External Clock 100 MHz
Maximum Clock 3800 MHz
Current Clock 3441 MHz
Type Central Processor
Voltage 1.0 V
Status Enabled
Socket Designation LGA1155
HTT / CMP Units 0 / 4
CPU Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/processor
Driver Update http://www.aida64.com/driver-updates
[ Caches / L1-Cache ]
Cache Properties:
Type Internal
Status Enabled
Operational Mode Write-Back
Associativity 8-way Set-Associative
Maximum Size 256 KB
Installed Size 256 KB
Error Correction None
Socket Designation L1-Cache
[ Caches / L2-Cache ]
Cache Properties:
Type Internal
Status Enabled
Operational Mode Varies with Memory Address
Associativity 8-way Set-Associative
Maximum Size 1024 KB
Installed Size 1024 KB
Error Correction None
Socket Designation L2-Cache
[ Caches / L3-Cache ]
Cache Properties:
Type Internal
Status Disabled
Associativity 16-way Set-Associative
Maximum Size 8192 KB
Installed Size 8192 KB
Error Correction None
Socket Designation L3-Cache
[ Memory Devices / DIMM0 ]
Memory Device Properties:
Form Factor DIMM
Type Detail Synchronous
Total Width 64-bit
Data Width 64-bit
Device Locator DIMM0
Bank Locator BANK0
Manufacturer Manufacturer0
Serial Number SerNum0
Asset Tag AssetTagNum0
Part Number Array1_PartNumber0
[ Memory Devices / DIMM1 ]
Memory Device Properties:
Form Factor DIMM
Type Detail Synchronous
Size 2048 MB
Speed 1600 MHz
Total Width 64-bit
Data Width 64-bit
Device Locator DIMM1
Bank Locator BANK1
Manufacturer Undefined
Serial Number 0000000
Asset Tag AssetTagNum1
Part Number F3-12800CL6-2GBXH
[ Memory Devices / DIMM2 ]
Memory Device Properties:
Form Factor DIMM
Type Detail Synchronous
Total Width 64-bit
Data Width 64-bit
Device Locator DIMM2
Bank Locator BANK2
Manufacturer Manufacturer2
Serial Number SerNum2
Asset Tag AssetTagNum2
Part Number Array1_PartNumber2
[ Memory Devices / DIMM3 ]
Memory Device Properties:
Form Factor DIMM
Type Detail Synchronous
Size 2048 MB
Speed 1600 MHz
Total Width 64-bit
Data Width 64-bit
Device Locator DIMM3
Bank Locator BANK3
Manufacturer Undefined
Serial Number 0000000
Asset Tag AssetTagNum3
Part Number F3-12800CL6-2GBXH
[ System Slots / PCIEX16_1 ]
System Slot Properties:
Slot Designation PCIEX16_1
Type PCI-E x1
Usage In Use
Data Bus Width 32-bit
Length Short
[ System Slots / PCIEX1_1 ]
System Slot Properties:
Slot Designation PCIEX1_1
Type PCI-E x1
Usage In Use
Data Bus Width 32-bit
Length Short
[ System Slots / PCIEX1_2 ]
System Slot Properties:
Slot Designation PCIEX1_2
Type PCI-E x1
Usage In Use
Data Bus Width 32-bit
Length Short
[ System Slots / PCI1 ]
System Slot Properties:
Slot Designation PCI1
Type PCI
Usage In Use
Data Bus Width 32-bit
Length Short
[ Port Connectors / PS/2 Keyboard ]
Port Connector Properties:
Port Type Keyboard Port
Internal Reference Designator PS/2 Keyboard
Internal Connector Type None
External Reference Designator PS/2 Keyboard
External Connector Type PS/2
[ Port Connectors / USB9_10 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB9_10
Internal Connector Type None
External Reference Designator USB9_10
External Connector Type USB
[ Port Connectors / USB11_12 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB11_12
Internal Connector Type None
External Reference Designator USB11_12
External Connector Type USB
[ Port Connectors / GbE LAN ]
Port Connector Properties:
Port Type Network Port
Internal Reference Designator GbE LAN
Internal Connector Type None
External Reference Designator GbE LAN
External Connector Type RJ-45
[ Port Connectors / AUDIO ]
Port Connector Properties:
Port Type Audio Port
Internal Reference Designator AUDIO
Internal Connector Type None
External Reference Designator AUDIO
[ Port Connectors / SATA1 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA1
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA2 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA2
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA3 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA3
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA4 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA4
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA5 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA5
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA6 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA6
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / USB1_2 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB1_2
Internal Connector Type USB
External Connector Type None
[ Port Connectors / USB3_4 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB3_4
Internal Connector Type USB
External Connector Type None
[ Port Connectors / USB5_6 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB5_6
Internal Connector Type USB
External Connector Type None
[ Port Connectors / USB7_8 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB7_8
Internal Connector Type USB
External Connector Type None
[ Port Connectors / AAFP ]
Port Connector Properties:
Port Type Audio Port
Internal Reference Designator AAFP
Internal Connector Type Mini-jack (headphones)
External Connector Type None
[ Port Connectors / CPU_FAN ]
Port Connector Properties:
Internal Reference Designator CPU_FAN
External Connector Type None
[ Port Connectors / CHA_FAN1 ]
Port Connector Properties:
Internal Reference Designator CHA_FAN1
External Connector Type None
[ Port Connectors / PWR_FAN ]
Port Connector Properties:
Internal Reference Designator PWR_FAN
External Connector Type None
[ Port Connectors / PATA_IDE ]
Port Connector Properties:
Internal Reference Designator PATA_IDE
Internal Connector Type On-Board IDE
External Connector Type None
[ Port Connectors / F_ESATA ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator F_ESATA
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ On-Board Devices / Onboard Ethernet ]
On-Board Device Properties:
Description Onboard Ethernet
Type Ethernet
Status Enabled
[ Power Supplies / To Be Filled By O.E.M. ]
Power Supply Properties:
Device Name To Be Filled By O.E.M.
Manufacturer To Be Filled By O.E.M.
Serial Number To Be Filled By O.E.M.
Asset Tag To Be Filled By O.E.M.
Part Number To Be Filled By O.E.M.
Hot Replaceable No
[ Power Supplies / To Be Filled By O.E.M. ]
Power Supply Properties:
Device Name To Be Filled By O.E.M.
Manufacturer To Be Filled By O.E.M.
Serial Number To Be Filled By O.E.M.
Asset Tag To Be Filled By O.E.M.
Part Number To Be Filled By O.E.M.
Hot Replaceable No
[ Management Devices / LM78-1 ]
Management Device Properties:
Description LM78-1
[ Management Devices / 2 ]
Management Device Properties:
Description 2
[ Miscellaneous ]
Miscellaneous:
OEM String To Be Filled By O.E.M.
System Configuration Option To Be Filled By O.E.M.
Overclock
CPU Properties:
CPU Type QuadCore Intel Core i7-2600K
CPU Alias Sandy Bridge-DT
CPU Stepping D2
Engineering Sample No
CPUID CPU Name Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
CPUID Revision 000206A7h
CPU Speed:
CPU Clock 1605.3 MHz (original: [ TRIAL VERSION ] MHz)
CPU Multiplier 16x
CPU FSB 100.3 MHz (original: 100 MHz)
Memory Bus 802.6 MHz
DRAM:FSB Ratio 24:3
CPU Cache:
L1 Code Cache 32 KB per core
L1 Data Cache [ TRIAL VERSION ]
L2 Cache 256 KB per core (On-Die, ECC, Full-Speed)
L3 Cache 8 MB (On-Die, ECC, Full-Speed)
Motherboard Properties:
Motherboard ID 63-0100-000001-00101111-020510-Chipset$0AAAA000_BIOS DATE: 02/05/10 19:13:52 VER: 08.00.10
Motherboard Name Asus Maximus IV Extreme (1 PCI-E x1, 1 PCI-E x4, 4 PCI-E x16, 4 DDR3 DIMM, Audio, Dual Gigabit LAN)
Chipset Properties:
Motherboard Chipset Intel Cougar Point P67, Intel Sandy Bridge
Memory Timings 6-8-6-24 (CL-RCD-RP-RAS)
Command Rate (CR) [ TRIAL VERSION ]
DIMM2: G Skill F3-12800CL6-2GBXH [ TRIAL VERSION ]
DIMM4: G Skill F3-12800CL6-2GBXH [ TRIAL VERSION ]
BIOS Properties:
System BIOS Date 02/05/10
Video BIOS Date 12/06/10
DMI BIOS Version 1204
Graphics Processor Properties:
Video Adapter Asus EAH6950
GPU Code Name Cayman Pro (PCI Express 2.0 x16 1002 / 6719, Rev 00)
GPU Clock 450 MHz (original: [ TRIAL VERSION ] MHz)
Memory Clock 1300 MHz (original: 1250 MHz, overclock: 4%)
Power Management
Power Management Properties:
Current Power Source AC Line
Battery Status No Battery
Full Battery Lifetime Unknown
Remaining Battery Lifetime Unknown
Portable Computer
Centrino (Carmel) Platform Compliancy:
CPU: Intel Pentium M (Banias/Dothan) No (QuadCore Intel Core i7-2600K)
Chipset: Intel i855GM/PM No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel PRO/Wireless No
System: Centrino Compliant No
Centrino (Sonoma) Platform Compliancy:
CPU: Intel Pentium M (Dothan) No (QuadCore Intel Core i7-2600K)
Chipset: Intel i915GM/PM No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel PRO/Wireless No
System: Centrino Compliant No
Centrino (Napa) Platform Compliancy:
CPU: Intel Core (Yonah) / Core 2 (Merom) No (QuadCore Intel Core i7-2600K)
Chipset: Intel i945GM/PM No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel PRO/Wireless 3945 No
System: Centrino Compliant No
Centrino (Santa Rosa) Platform Compliancy:
CPU: Intel Core 2 (Merom/Penryn) No (QuadCore Intel Core i7-2600K)
Chipset: Intel GM965/PM965 No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel Wireless WiFi Link 4965 No
System: Centrino Compliant No
Centrino 2 (Montevina) Platform Compliancy:
CPU: Intel Core 2 (Penryn) No (QuadCore Intel Core i7-2600K)
Chipset: Intel GM45/GM47/GS45/PM45 No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel WiFi Link 5000 Series No
System: Centrino 2 Compliant No
Centrino (Calpella) Platform Compliancy:
CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield) No (QuadCore Intel Core i7-2600K)
Chipset: Intel HM55/HM57/PM55 No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel WiFi Link 1000/WiMAX 6000 Series No
System: Centrino Compliant No
Sensor
Sensor Properties:
Sensor Type Nuvoton NCT6776F (ISA 290h)
GPU Sensor Type Diode, Volterra VT1556 (ATI-Diode, 70h, 70h)
Motherboard Name Asus Maximus IV Extreme
Chassis Intrusion Detected No
Temperatures:
Motherboard 24 °C (75 °F)
CPU 30 °C (86 °F)
CPU Package 35 °C (95 °F)
CPU IA Cores 35 °C (95 °F)
CPU GT Cores 29 °C (84 °F)
CPU #1 / Core #1 35 °C (95 °F)
CPU #1 / Core #2 34 °C (93 °F)
CPU #1 / Core #3 35 °C (95 °F)
CPU #1 / Core #4 35 °C (95 °F)
GPU1: GPU Diode (DispIO) 58 °C (136 °F)
GPU1: GPU Diode (MemIO) 61 °C (142 °F)
GPU1: GPU Diode (Shader) 67 °C (153 °F)
GPU1: GPU VRM 39 °C (102 °F)
GPU2: GPU Diode (DispIO) 31 °C (88 °F)
GPU2: GPU Diode (MemIO) 30 °C (86 °F)
GPU2: GPU Diode (Shader) 32 °C (90 °F)
GPU2: GPU VRM 28 °C (82 °F)
SAMSUNG HD103SJ [ TRIAL VERSION ]
Cooling Fans:
CPU 2014 RPM
Chassis #1 1062 RPM
GPU1 1432 RPM (28%)
GPU2 1116 RPM (24%)
Voltage Values:
CPU Core 0.920 V
+3.3 V 3.344 V
+5 V 5.040 V
+12 V [ TRIAL VERSION ]
+5 V Standby 5.164 V
CPU PLL 1.799 V
VCCIO 1.058 V
VCCSA 0.939 V
South Bridge Core 1.065 V
South Bridge PLL 1.058 V
DIMM 1.501 V
GPU1: GPU VRM 1.100 V
GPU2: GPU VRM 0.900 V
Power Values:
CPU Package 9.78 W
CPU IA Cores 3.67 W
Debug Info F 1062 2014 164 164 164
Debug Info T 24 196 30 / 255 35
Debug Info V 73 7D D1 D1 7E FF 73 (03)
Debug Info I C1 C333
CPU
CPU Properties:
CPU Type QuadCore Intel Core i7-2600K, 4415 MHz (44 x 100)
CPU Alias Sandy Bridge-DT
CPU Stepping D2
Instruction Set x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES, AVX
Original Clock [ TRIAL VERSION ]
Min / Max CPU Multiplier 16x / 63x
Engineering Sample No
L1 Code Cache 32 KB per core
L1 Data Cache [ TRIAL VERSION ]
L2 Cache 256 KB per core (On-Die, ECC, Full-Speed)
L3 Cache 8 MB (On-Die, ECC, Full-Speed)
Multi CPU:
Motherboard ID A M I ALASKA
CPU #1 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #2 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #3 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #4 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #5 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #6 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #7 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #8 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU Physical Info:
Package Type 1155 Contact FC-LGA
Package Size 3.75 cm x 3.75 cm
Transistors [ TRIAL VERSION ] million
Process Technology 32 nm, CMOS, Cu, High-K + Metal Gate
Die Size [ TRIAL VERSION ] mm2
CPU Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/processor
Driver Update http://www.aida64.com/driver-updates
CPU Utilization:
CPU #1 / Core #1 / HTT Unit #1 0 %
CPU #1 / Core #1 / HTT Unit #2 0 %
CPU #1 / Core #2 / HTT Unit #1 0 %
CPU #1 / Core #2 / HTT Unit #2 0 %
CPU #1 / Core #3 / HTT Unit #1 0 %
CPU #1 / Core #3 / HTT Unit #2 0 %
CPU #1 / Core #4 / HTT Unit #1 0 %
CPU #1 / Core #4 / HTT Unit #2 0 %
CPUID
CPUID Properties:
CPUID Manufacturer GenuineIntel
CPUID CPU Name Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
CPUID Revision 000206A7h
IA Brand ID 00h (Unknown)
Platform ID 2Dh / MC 02h (LGA1155)
Microcode Update Revision 14
HTT / CMP Units 2 / 4
Tjmax Temperature 98 °C (208 °F)
Max Turbo Boost Multipliers 1C: 44x, 2C: 44x, 3C: 44x, 4C: 44x
Instruction Set:
64-bit x86 Extension (AMD64, Intel64) Supported
AMD 3DNow! Not Supported
AMD 3DNow! Professional Not Supported
AMD 3DNowPrefetch Not Supported
AMD Enhanced 3DNow! Not Supported
AMD Extended MMX Not Supported
AMD FMA4 Not Supported
AMD MisAligned SSE Not Supported
AMD SSE4A Not Supported
AMD XOP Not Supported
Bit Manipulation Instructions Not Supported
Cyrix Extended MMX Not Supported
Float-16 Conversion Instructions Not Supported
IA-64 Not Supported
IA MMX Supported
IA SSE Supported
IA SSE 2 Supported
IA SSE 3 Supported
IA Supplemental SSE 3 Supported
IA SSE 4.1 Supported
IA SSE 4.2 Supported
IA AVX Supported, Enabled
IA FMA Not Supported
IA AES Extensions Supported
VIA Alternate Instruction Set Not Supported
CLFLUSH Instruction Supported
CMPXCHG8B Instruction Supported
CMPXCHG16B Instruction Supported
Conditional Move Instruction Supported
LZCNT Instruction Not Supported
MONITOR / MWAIT Instruction Supported
MOVBE Instruction Not Supported
PCLMULQDQ Instruction Supported
POPCNT Instruction Supported
RDRAND Instruction Not Supported
RDTSCP Instruction Supported
SKINIT / STGI Instruction Not Supported
SYSCALL / SYSRET Instruction Not Supported
SYSENTER / SYSEXIT Instruction Supported
Trailing Bit Manipulation Instructions Not Supported
VIA FEMMS Instruction Not Supported
Security Features:
Advanced Cryptography Engine (ACE) Not Supported
Advanced Cryptography Engine 2 (ACE2) Not Supported
Data Execution Prevention (DEP, NX, EDB) Supported
Hardware Random Number Generator (RNG) Not Supported
PadLock Hash Engine (PHE) Not Supported
PadLock Montgomery Multiplier (PMM) Not Supported
Processor Serial Number (PSN) Not Supported
Power Management Features:
Automatic Clock Control Supported
Digital Thermometer Supported
Dynamic FSB Frequency Switching Not Supported
Enhanced Halt State (C1E) Supported, Enabled
Enhanced SpeedStep Technology (EIST, ESS) Supported, Enabled
Frequency ID Control Not Supported
Hardware P-State Control Not Supported
LongRun Not Supported
LongRun Table Interface Not Supported
PowerSaver 1.0 Not Supported
PowerSaver 2.0 Not Supported
PowerSaver 3.0 Not Supported
Processor Duty Cycle Control Supported
Software Thermal Control Not Supported
Temperature Sensing Diode Not Supported
Thermal Monitor 1 Supported
Thermal Monitor 2 Supported
Thermal Monitoring Not Supported
Thermal Trip Not Supported
Voltage ID Control Not Supported
CPUID Features:
1 GB Page Size Not Supported
36-bit Page Size Extension Supported
Address Region Registers (ARR) Not Supported
Core Power Boost Not Supported
CPL Qualified Debug Store Supported
Debug Trace Store Supported
Debugging Extension Supported
Direct Cache Access Not Supported
Dynamic Acceleration Technology (IDA) Not Supported
Fast Save & Restore Supported
Hyper-Threading Technology (HTT) Supported, Enabled
Instruction Based Sampling Not Supported
Invariant Time Stamp Counter Supported
L1 Context ID Not Supported
Lightweight Profiling Not Supported
Local APIC On Chip Supported
Machine Check Architecture (MCA) Supported
Machine Check Exception (MCE) Supported
Memory Configuration Registers (MCR) Not Supported
Memory Type Range Registers (MTRR) Supported
Model Specific Registers (MSR) Supported
Nested Paging Not Supported
Page Attribute Table (PAT) Supported
Page Global Extension Supported
Page Size Extension (PSE) Supported
Pending Break Event Supported
Physical Address Extension (PAE) Supported
Safer Mode Extensions (SMX) Not Supported
Secure Virtual Machine Extensions (Pacifica) Not Supported
Self-Snoop Supported
Time Stamp Counter (TSC) Supported
Turbo Boost Supported, Enabled
Virtual Machine Extensions (Vanderpool) Supported
Virtual Mode Extension Supported
Watchdog Timer Not Supported
x2APIC Not Supported
XGETBV / XSETBV OS Enabled Supported
XSAVE / XRSTOR / XSETBV / XGETBV Extended States Supported
CPUID Registers (CPU #1):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-00100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000000
CPUID 0000000B 00000004-00000008-00000201-00000000
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #2 Virtual):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-01100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000001
CPUID 0000000B 00000004-00000008-00000201-00000001
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #3):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-02100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000002
CPUID 0000000B 00000004-00000008-00000201-00000002
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #4 Virtual):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-03100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000003
CPUID 0000000B 00000004-00000008-00000201-00000003
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #5):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-04100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000004
CPUID 0000000B 00000004-00000008-00000201-00000004
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #6 Virtual):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-05100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000005
CPUID 0000000B 00000004-00000008-00000201-00000005
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #7):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-06100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000006
CPUID 0000000B 00000004-00000008-00000201-00000006
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #8 Virtual):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-07100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000007
CPUID 0000000B 00000004-00000008-00000201-00000007
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
MSR Registers:
MSR 00000017 0004-0000-0000-0000 [PlatID = 1]
MSR 0000001B 0000-0000-FEE0-0900
MSR 00000035 0000-0000-0004-0008
MSR 0000008B 0000-0014-0000-0000
MSR 000000CE 0000-1000-7001-2200
MSR 000000E7 0000-0000-0152-4D8C
MSR 000000E8 0000-0000-009F-4AF9
MSR 00000194 0000-0000-000E-0000
MSR 00000198 0000-1F8B-0000-1000
MSR 00000199 0000-0000-0000-1000
MSR 0000019A 0000-0000-0000-0000
MSR 0000019B 0000-0000-0000-0000
MSR 0000019C 0000-0000-883F-0000
MSR 0000019D 0000-0000-0000-0000
MSR 000001A0 0000-0000-0085-0089
MSR 000001A2 0000-0000-0062-1200
MSR 000001A4 0000-0000-0000-0000
MSR 000001AA 0000-0000-0040-0000
MSR 000001AD 0000-0000-2C2C-2C2C
MSR 000001B0 0000-0000-0000-0005
MSR 000001B1 0000-0000-883F-0000
MSR 000001B2 0000-0000-0000-0000
MSR 000001FC 0000-0000-0004-005F
MSR 00000606 0000-0000-000A-1003
MSR 0000060A 0000-0000-0000-8850
MSR 0000060B 0000-0000-0000-8868
MSR 0000060C 0000-0000-0000-886D
MSR 0000060D 0000-04F6-3A7C-B972
MSR 00000610 8000-87F8-0014-87F8
MSR 00000611 0000-0000-194B-2092
MSR 00000614 0000-0000-01E0-02F8
MSR 00000638 0000-0000-0000-0000
MSR 00000639 0000-0000-BC7B-FDAF
MSR 0000063A 0000-0000-0000-0000
MSR 00000640 0000-0000-0000-0000
MSR 00000641 0000-0000-0000-0000
MSR 00000642 0000-0000-0000-0010
Motherboard
Motherboard Properties:
Motherboard ID 63-0100-000001-00101111-020510-Chipset$0AAAA000_BIOS DATE: 02/05/10 19:13:52 VER: 08.00.10
Motherboard Name Asus Maximus IV Extreme
Front Side Bus Properties:
Bus Type Intel QPI
Real Clock 100 MHz
Effective Clock 100 MHz
Memory Bus Properties:
Bus Type Dual DDR3 SDRAM
Bus Width 128-bit
DRAM:FSB Ratio 24:3
Real Clock 803 MHz (DDR)
Effective Clock 1605 MHz
Bandwidth [ TRIAL VERSION ] MB/s
Chipset Bus Properties:
Bus Type Intel Direct Media Interface v
Motherboard Physical Info:
CPU Sockets/Slots 1 LGA1155
Expansion Slots [ TRIAL VERSION ]
RAM Slots 4 DDR3 DIMM
Integrated Devices Audio, Dual Gigabit LAN
Form Factor Extended ATX
Motherboard Size 270 mm x 300 mm
Motherboard Chipset P67
Extra Features [ TRIAL VERSION ]
Motherboard Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=mKyCKlQ4oSEtSu5m
BIOS Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
BIOS Upgrades http://www.aida64.com/bios-updates
Memory
Physical Memory:
Total [ TRIAL VERSION ]
Used [ TRIAL VERSION ]
Free 2388 MB
Utilization [ TRIAL VERSION ]
Swap Space:
Total 8142 MB
Used 2536 MB
Free 5606 MB
Utilization 31 %
Virtual Memory:
Total 12215 MB
Used 4221 MB
Free 7994 MB
Utilization 35 %
Paging File:
Paging File C:\pagefile.sys
Current Size 4072 MB
Current / Peak Usage 381 MB / 515 MB
Utilization 9 %
Physical Address Extension (PAE):
Supported by Operating System Yes
Supported by CPU Yes
Active Yes
SPD
[ DIMM2: [ TRIAL VERSION ] ]
Memory Module Properties:
Module Name [ TRIAL VERSION ]
Serial Number None
Module Size 2 GB (2 ranks, 8 banks)
Module Type [ TRIAL VERSION ]
Memory Type DDR3 SDRAM
Memory Speed DDR3-1600 (800 MHz)
Module Width 64 bit
Module Voltage 1.5 V
Error Detection Method None
DRAM Manufacturer G Skill
Memory Timings:
@ 800 MHz 9-9-9-28 (CL-RCD-RP-RAS) / 37-88-5-12-6-6 (RC-RFC-RRD-WR-WTR-RTP)
@ 711 MHz 8-8-8-25 (CL-RCD-RP-RAS) / 33-79-5-11-6-6 (RC-RFC-RRD-WR-WTR-RTP)
@ 622 MHz 7-7-7-22 (CL-RCD-RP-RAS) / 29-69-4-10-5-5 (RC-RFC-RRD-WR-WTR-RTP)
Extreme Memory Profile:
Profile Name Enthusiast (Certified)
Memory Speed DDR3-1600 (800 MHz)
Voltage 1.50 V
@ 800 MHz 6-8-6-24 (CL-RCD-RP-RAS) / 34-110-2-6-10-6-6 (RC-RFC-CR-RRD-WR-WTR-RTP)
Memory Module Features:
Auto Self Refresh Not Supported
Extended Temperature Range Supported
Extended Temperature Refresh Rate Not Supported
On-Die Thermal Sensor Readout Not Supported
Memory Module Manufacturer:
Company Name G.Skill International Enterprise
Product Information http://www.gskill.com/products.php
[ DIMM4: [ TRIAL VERSION ] ]
Memory Module Properties:
Module Name [ TRIAL VERSION ]
Serial Number None
Module Size 2 GB (2 ranks, 8 banks)
Module Type [ TRIAL VERSION ]
Memory Type DDR3 SDRAM
Memory Speed DDR3-1600 (800 MHz)
Module Width 64 bit
Module Voltage 1.5 V
Error Detection Method None
DRAM Manufacturer G Skill
Memory Timings:
@ 800 MHz 9-9-9-28 (CL-RCD-RP-RAS) / 37-88-5-12-6-6 (RC-RFC-RRD-WR-WTR-RTP)
@ 711 MHz 8-8-8-25 (CL-RCD-RP-RAS) / 33-79-5-11-6-6 (RC-RFC-RRD-WR-WTR-RTP)
@ 622 MHz 7-7-7-22 (CL-RCD-RP-RAS) / 29-69-4-10-5-5 (RC-RFC-RRD-WR-WTR-RTP)
Extreme Memory Profile:
Profile Name Enthusiast (Certified)
Memory Speed DDR3-1600 (800 MHz)
Voltage 1.50 V
@ 800 MHz 6-8-6-24 (CL-RCD-RP-RAS) / 34-110-2-6-10-6-6 (RC-RFC-CR-RRD-WR-WTR-RTP)
Memory Module Features:
Auto Self Refresh Not Supported
Extended Temperature Range Supported
Extended Temperature Refresh Rate Not Supported
On-Die Thermal Sensor Readout Not Supported
Memory Module Manufacturer:
Company Name G.Skill International Enterprise
Product Information http://www.gskill.com/products.php
Chipset
[ North Bridge: Intel Sandy Bridge-DT IMC ]
North Bridge Properties:
North Bridge Intel Sandy Bridge-DT IMC
Revision 09
Process Technology 32 nm
Memory Controller:
Type Dual Channel (128-bit)
Active Mode Dual Channel (128-bit)
Memory Timings:
CAS Latency (CL) 6T
RAS To CAS Delay (tRCD) 8T
RAS Precharge (tRP) 6T
RAS Active Time (tRAS) 24T
Row Refresh Cycle Time (tRFC) 88T
Command Rate (CR) 1T
RAS To RAS Delay (tRRD) 5T
Write Recovery Time (tWR) 12T
Write To Read Delay (tWTR) 4T
Read To Precharge Delay (tRTP) 6T
Four Activate Window Delay (tFAW) 24T
Write CAS Latency (tWCL) 8T
Error Correction:
ECC Not Supported
ChipKill ECC Not Supported
RAID Not Supported
ECC Scrubbing Not Supported
Memory Slots:
DRAM Slot #1 2 GB (DDR3-1600 DDR3 SDRAM)
DRAM Slot #2 2 GB (DDR3-1600 DDR3 SDRAM)
Integrated Graphics Controller:
Graphics Controller Type Intel HD Graphics
Graphics Controller Status Disabled
PCI Express Controller:
PCI-E 2.0 x8 port #2 In Use @ x8 (AMD Cayman/Antilles - High Definition Audio Controller, Asus EAH6950 Video Adapter)
Chipset Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/chipsets
Driver Download http://support.intel.com/support/chipsets
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
[ South Bridge: [ TRIAL VERSION ] ]
South Bridge Properties:
South Bridge [ TRIAL VERSION ]
Revision / Stepping 05 / B3
High Definition Audio:
Codec Name Realtek ALC889
Codec ID 10EC0889h / 1043840Fh
Codec Revision 1000h
Codec Type Audio
PCI Express Controller:
PCI-E 2.0 x1 port #1 In Use @ x1 (PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch --> PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch)
PCI-E 2.0 x1 port #2 In Use @ x1 (NEC uPD720200 USB 3.0 Host Controller)
PCI-E 2.0 x1 port #3 In Use @ x1 (NEC uPD720200 USB 3.0 Host Controller)
PCI-E 2.0 x1 port #4 In Use @ x1 (JMicron JMB362 SATA-II AHCI Controller)
PCI-E 2.0 x2 port #5 In Use @ x2 (Marvell 88SE9182 SATA 6Gb/s Controller)
PCI-E 2.0 x1 port #7 In Use @ x1 (Intel 82583V Gigabit Network Connection)
Chipset Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/chipsets
Driver Download http://support.intel.com/support/chipsets
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
BIOS
BIOS Properties:
BIOS Type AMI
BIOS Version 1204
System BIOS Date 02/05/10
Video BIOS Date 12/06/10
BIOS Manufacturer:
Company Name American Megatrends Inc.
Product Information http://www.ami.com/amibios
BIOS Upgrades http://www.aida64.com/bios-updates
ACPI
[ APIC: Multiple APIC Description Table ]
ACPI Table Properties:
ACPI Signature APIC
Table Description Multiple APIC Description Table
Memory Address BEF9DC00h
Table Length 146 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID AMI
Creator Revision 00010013h
Local APIC Address FEE00000h
[ DSDT: Differentiated System Description Table ]
ACPI Table Properties:
ACPI Signature DSDT
Table Description Differentiated System Description Table
Memory Address BEF95140h
Table Length 35271 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 00000000h
Creator ID INTL
Creator Revision 20051117h
nVIDIA SLI:
SLI Certification 374937846529Genuine NVIDIA Certified SLI Ready Motherboard for ASUS COUGAR POINT 1573-Copyright 2010 NVIDIA Corporation All Rights Reserved-458103946203(R)
PCI 0-0-0-0 (Direct I/O) 8086-0100 (Intel)
PCI 0-0-0-0 (HAL) 8086-0100 (Intel)
[ FACP: Fixed ACPI Description Table ]
ACPI Table Properties:
ACPI Signature FACP
Table Description Fixed ACPI Description Table
Memory Address BEF950B8h
Table Length 132 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID AMI
Creator Revision 00010013h
SMI Command Port 000000B2h
PM Timer 00000408h
[ FACS: Firmware ACPI Control Structure ]
ACPI Table Properties:
ACPI Signature FACS
Table Description Firmware ACPI Control Structure
Memory Address BF5D3F40h
Table Length 64 bytes
[ HPET: IA-PC High Precision Event Timer Table ]
ACPI Table Properties:
ACPI Signature HPET
Table Description IA-PC High Precision Event Timer Table
Memory Address BEF9DEB0h
Table Length 56 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID AMI.
Creator Revision 00000004h
[ MCFG: Memory Mapped Configuration Space Base Address Description Table ]
ACPI Table Properties:
ACPI Signature MCFG
Table Description Memory Mapped Configuration Space Base Address Description Table
Memory Address BEF9DE70h
Table Length 60 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID MSFT
Creator Revision 00000097h
[ RSD PTR: Root System Description Pointer ]
ACPI Table Properties:
ACPI Signature RSD PTR
Table Description Root System Description Pointer
Memory Address 000F0420h
Table Length 36 bytes
OEM ID ALASKA
RSDP Revision 2
RSDT Address BEF95028h
XSDT Address 00000000-BEF95068h
[ RSDT: Root System Description Table ]
ACPI Table Properties:
ACPI Signature RSDT
Table Description Root System Description Table
Memory Address BEF95028h
Table Length 56 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID MSFT
Creator Revision 00010013h
RSDT Entry #0 BEF950B8h
RSDT Entry #1 BEF9DC00h
RSDT Entry #2 BEF9DC98h
RSDT Entry #3 BEF9DE70h
RSDT Entry #4 BEF9DEB0h
[ SLIC: Software Licensing Description Table (Emulated) ]
ACPI Table Properties:
ACPI Signature SLIC
Table Description Software Licensing Description Table
Memory Address Emulated
Table Length 374 bytes
OEM ID DELL
OEM Table ID QA09
OEM Revision 42302E31h
Creator ID NVDA
Creator Revision 0100000Eh
[ SSDT: Secondary System Description Table ]
ACPI Table Properties:
ACPI Signature SSDT
Table Description Secondary System Description Table
Memory Address BEF9DC98h
Table Length 470 bytes
OEM ID AMICPU
OEM Table ID PROC
OEM Revision 00000001h
Creator ID MSFT
Creator Revision 03000001h
[ XSDT: Extended System Description Table ]
ACPI Table Properties:
ACPI Signature XSDT
Table Description Extended System Description Table
Memory Address 00000000-BEF95068h
Table Length 76 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID AMI
Creator Revision 00010013h
XSDT Entry #0 00000000-BEF9DB08h
XSDT Entry #1 00000000-BEF9DC00h
XSDT Entry #2 00000000-BEF9DC98h
XSDT Entry #3 00000000-BEF9DE70h
XSDT Entry #4 00000000-BEF9DEB0h
Operating System
Operating System Properties:
OS Name Microsoft Windows 7 Ultimate
OS Language English (United States)
OS Kernel Type Multiprocessor Free (64-bit)
OS Version 6.1.7601 (Win7 RTM)
OS Service Pack [ TRIAL VERSION ]
OS Installation Date 12/03/2011
OS Root C:\Windows
License Information:
Registered Owner muggz
Registered Organization
Product ID 00426-OEM-8992662-00400
Product Key 342DG- [ TRIAL VERSION ]
Product Activation (WPA) Not Required
Current Session:
Computer Name MUGGZ-PC
User Name muggz
Logon Domain [ TRIAL VERSION ]
UpTime 5006 sec (0 days, 1 hours, 23 min, 26 sec)
Components Version:
Common Controls 6.16
Internet Explorer 8.0.7601.17514
Internet Explorer Updates [ TRIAL VERSION ]
Windows Mail 6.1.7600.16385 (win7_rtm.090713-1255)
Windows Media Player 12.0.7600.16385 (win7_rtm.090713-1255)
Windows Messenger -
MSN Messenger -
Internet Information Services (IIS) [ TRIAL VERSION ]
.NET Framework 4.0.30319.1 built by: RTMRel
Novell Client -
DirectX DirectX 11.0
OpenGL 6.1.7600.16385 (win7_rtm.090713-1255)
ASPI -
Operating System Features:
Debug Version No
DBCS Version No
Domain Controller No
Security Present No
Network Present Yes
Remote Session No
Safe Mode No
Slow Processor No
Terminal Services Yes
Processes
Process Name Process File Name Type Used Memory Used Swap
aaHMSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe 32-bit 5820 KB 5 KB
AdminService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 64-bit 3148 KB 2 KB
AiChargerAP.exe C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe 32-bit 3468 KB 1 KB
aida64.exe C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe 32-bit 38776 KB 30 KB
ASDR.exe C:\Windows\SysWOW64\ASDR.exe 32-bit 1512 KB 0 KB
AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe 32-bit 812 KB 3 KB
AsShellProcess.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe 32-bit 2900 KB 1 KB
AsSysCtrlService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe 32-bit 3596 KB 3 KB
AthBtTray.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe 64-bit 7696 KB 5 KB
atieclxx.exe C:\Windows\system32\atieclxx.exe 64-bit 4272 KB 3 KB
atiesrxx.exe C:\Windows\system32\atiesrxx.exe 64-bit 2592 KB 2 KB
atkexComSvc.exe C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe 32-bit 8272 KB 10 KB
audiodg.exe 64-bit 14848 KB 16 KB
BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe 64-bit 6744 KB 9 KB
CCC.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 64-bit 25448 KB 170 KB
Core Temp.exe C:\Users\muggz\Downloads\CoreTemp64\Core Temp.exe 64-bit 2016 KB 6 KB
cpuz.exe C:\Program Files\CPUID\ROG CPU-Z\cpuz.exe 64-bit 8316 KB 5 KB
csrss.exe C:\Windows\system32\csrss.exe 64-bit 3680 KB 2 KB
csrss.exe C:\Windows\system32\csrss.exe 64-bit 6304 KB 3 KB
dllhost.exe C:\Windows\system32\DllHost.exe 64-bit 5468 KB 3 KB
dwm.exe C:\Windows\system32\Dwm.exe 64-bit 71944 KB 58 KB
EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe 32-bit 1028 KB 5 KB
explorer.exe C:\Windows\Explorer.EXE 64-bit 77968 KB 55 KB
firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe 32-bit 202 MB 192 KB
fraps.exe C:\Fraps\fraps.exe 32-bit 23416 KB 21 KB
fraps64.dat C:\Fraps\fraps64.dat 64-bit 3452 KB 3 KB
IPROSetMonitor.exe C:\Windows\system32\IProsetMonitor.exe 64-bit 2520 KB 2 KB
KiesPDLR.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 32-bit 15972 KB 30 KB
KiesTrayAgent.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 32-bit 6080 KB 3 KB
lsass.exe C:\Windows\system32\lsass.exe 64-bit 10100 KB 6 KB
lsm.exe C:\Windows\system32\lsm.exe 64-bit 3184 KB 3 KB
MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 64-bit 4004 KB 40 KB
nusb3mon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 32-bit 3916 KB 2 KB
plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 32-bit 35740 KB 32 KB
PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrA.exe 32-bit 2268 KB 1 KB
PnkBstrB.exe C:\Windows\SysWOW64\PnkBstrB.exe 32-bit 2440 KB 2 KB
pnSvc.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe 32-bit 1376 KB 9 KB
PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 64-bit 14076 KB 25 KB
RadeonProSupport.exe C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe 32-bit 5364 KB 11 KB
RTSS.exe C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe 32-bit 828 KB 3 KB
SearchFilterHost.exe C:\Windows\system32\SearchFilterHost.exe 64-bit 9960 KB 4 KB
SearchIndexer.exe C:\Windows\system32\SearchIndexer.exe 64-bit 64024 KB 59 KB
SearchProtocolHost.exe C:\Windows\system32\SearchProtocolHost.exe 64-bit 13124 KB 5 KB
services.exe C:\Windows\system32\services.exe 64-bit 11356 KB 14 KB
smss.exe 64-bit 856 KB 0 KB
splwow64.exe C:\Windows\splwow64.exe 64-bit 5372 KB 2 KB
spoolsv.exe C:\Windows\System32\spoolsv.exe 64-bit 8160 KB 7 KB
sppsvc.exe C:\Windows\system32\sppsvc.exe 64-bit 11868 KB 6 KB
Steam.exe C:\Program Files (x86)\Steam\Steam.exe 32-bit 89 MB 102 KB
svchost.exe C:\Windows\System32\svchost.exe 64-bit 18772 KB 21 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 15152 KB 12 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 15328 KB 21 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 13236 KB 13 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 6132 KB 4 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 16472 KB 9 KB
svchost.exe C:\Windows\System32\svchost.exe 64-bit 110 MB 110 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 38056 KB 31 KB
svchost.exe C:\Windows\System32\svchost.exe 64-bit 28512 KB 73 KB
svchost.exe C:\Windows\System32\svchost.exe 64-bit 12484 KB 13 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 8436 KB 5 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 8548 KB 7 KB
System Idle Process 24 KB 0 KB
System 64-bit 724 KB 0 KB
taskeng.exe C:\Windows\system32\taskeng.exe 64-bit 4508 KB 3 KB
taskhost.exe C:\Windows\system32\taskhost.exe 64-bit 7232 KB 9 KB
taskhost.exe C:\Windows\system32\taskhost.exe 64-bit 4436 KB 6 KB
TurboVHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe 32-bit 1252 KB 12 KB
uTorrent.exe C:\Program Files (x86)\uTorrent\uTorrent.exe 32-bit 32184 KB 21 KB
VRMHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe 32-bit 1020 KB 5 KB
wininit.exe C:\Windows\system32\wininit.exe 64-bit 2516 KB 1 KB
winlogon.exe C:\Windows\system32\winlogon.exe 64-bit 4084 KB 3 KB
WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 64-bit 8192 KB 5 KB
WLIDSVCM.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 64-bit 2004 KB 1 KB
WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe 64-bit 7456 KB 3 KB
WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 32-bit 9432 KB 4 KB
wmpnetwk.exe C:\Program Files\Windows Media Player\wmpnetwk.exe 64-bit 1056 KB 12 KB
wuauclt.exe C:\Windows\system32\wuauclt.exe 64-bit 4772 KB 3 KB
WUDFHost.exe C:\Windows\system32\WUDFHost.exe 64-bit 4472 KB 2 KB
System Drivers
Driver Name Driver Description File Name Version Type State
1394ohci 1394 OHCI Compliant Host Controller 1394ohci.sys 6.1.7601.17514 Kernel Driver Stopped
ACPI Microsoft ACPI Driver ACPI.sys 6.1.7601.17514 Kernel Driver Running
AcpiPmi ACPI Power Meter Driver acpipmi.sys 6.1.7601.17514 Kernel Driver Stopped
adp94xx adp94xx adp94xx.sys 1.6.6.4 Kernel Driver Stopped
adpahci adpahci adpahci.sys 1.6.6.1 Kernel Driver Stopped
adpu320 adpu320 adpu320.sys 7.2.0.0 Kernel Driver Stopped
AFD Ancillary Function Driver for Winsock afd.sys 6.1.7601.17514 Kernel Driver Running
agp440 Intel AGP Bus Filter agp440.sys 6.1.7600.16385 Kernel Driver Stopped
AiCharger ASUS Charger Driver AiCharger.sys 5.2.3790.0 Kernel Driver Running
AIDA64Driver FinalWire AIDA64 Kernel Driver kerneld.x64 Kernel Driver Running
aliide aliide aliide.sys 1.2.0.0 Kernel Driver Stopped
Alpham1 Ideazon Merc USB Human Interface Device Alpham164.sys 1.0.13.33 Kernel Driver Running
Alpham2 Ideazon Merc MM USB Human Interface Device Alpham264.sys 1.0.13.33 Kernel Driver Running
ALSysIO ALSysIO ALSysIO64.sys Kernel Driver Running
amdide amdide amdide.sys 6.1.7600.16385 Kernel Driver Stopped
AmdK8 AMD K8 Processor Driver amdk8.sys 6.1.7600.16385 Kernel Driver Stopped
amdkmdag amdkmdag atikmdag.sys 8.1.1.1152 Kernel Driver Running
amdkmdap amdkmdap atikmpag.sys 8.14.1.6210 Kernel Driver Running
AmdPPM AMD Processor Driver amdppm.sys 6.1.7600.16385 Kernel Driver Stopped
amdsata amdsata amdsata.sys 1.1.2.5 Kernel Driver Stopped
amdsbs amdsbs amdsbs.sys 3.6.1540.127 Kernel Driver Stopped
amdxata amdxata amdxata.sys 1.1.2.5 Kernel Driver Running
AppID AppID Driver appid.sys 6.1.7601.17514 Kernel Driver Stopped
arc arc arc.sys 5.2.0.10384 Kernel Driver Stopped
arcsas arcsas arcsas.sys 5.2.0.16119 Kernel Driver Stopped
AsIO AsIO AsIO.sys Kernel Driver Running
AsUpIO AsUpIO AsUpIO.sys Kernel Driver Running
AsyncMac RAS Asynchronous Media Driver asyncmac.sys 6.1.7600.16385 Kernel Driver Stopped
atapi IDE Channel atapi.sys 6.1.7600.16385 Kernel Driver Running
AthBTPort Atheros Virtual Bluetooth Class btath_flt.sys 1.0.0.0 Kernel Driver Stopped
ATHDFU Atheros Valkyrie USB BootROM AthDfu.sys 6.1.7600.16385 Kernel Driver Stopped
AtiHDAudioService ATI Function Driver for HD Audio Service AtihdW76.sys 7.12.0.7701 Kernel Driver Running
atillk64 atillk64 atillk64.sys 5.11.9.0 Kernel Driver Stopped
b06bdrv Broadcom NetXtreme II VBD bxvbda.sys 4.8.2.0 Kernel Driver Stopped
b57nd60a Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 b57nd60a.sys 10.100.4.0 Kernel Driver Stopped
Beep Beep Kernel Driver Running
blbdrive blbdrive blbdrive.sys 6.1.7600.16385 Kernel Driver Running
bowser Browser Support Driver bowser.sys 6.1.7601.17565 File System Driver Running
BrFiltLo Brother USB Mass-Storage Lower Filter Driver BrFiltLo.sys 1.10.0.2 Kernel Driver Stopped
BrFiltUp Brother USB Mass-Storage Upper Filter Driver BrFiltUp.sys 1.4.0.1 Kernel Driver Stopped
Brserid Brother MFC Serial Port Interface Driver (WDM) Brserid.sys 1.0.1.6 Kernel Driver Stopped
BrSerWdm Brother WDM Serial driver BrSerWdm.sys 1.0.0.20 Kernel Driver Stopped
BrUsbMdm Brother MFC USB Fax Only Modem BrUsbMdm.sys 1.0.0.12 Kernel Driver Stopped
BrUsbSer Brother MFC USB Serial WDM Driver BrUsbSer.sys 1.0.1.3 Kernel Driver Stopped
BTATH_A2DP Bluetooth A2DP Audio Driver btath_a2dp.sys 1.0.0.0 Kernel Driver Stopped
BTATH_BUS Atheros Bluetooth Bus btath_bus.sys 1.0.0.0 Kernel Driver Running
BTATH_HCRP Bluetooth HCRP Server driver btath_hcrp.sys 1.0.0.0 Kernel Driver Stopped
BTATH_LWFLT Bluetooth LWFLT Device btath_lwflt.sys 1.0.0.0 Kernel Driver Stopped
BTATH_RCP Bluetooth AVRCP Device btath_rcp.sys 1.0.0.0 Kernel Driver Stopped
BtFilter BtFilter btfilter.sys 6.1.7600.16385 Kernel Driver Stopped
BthEnum Bluetooth Request Block Driver BthEnum.sys 6.1.7600.16385 Kernel Driver Stopped
BTHMODEM Bluetooth Serial Communications Driver bthmodem.sys 6.1.7600.16385 Kernel Driver Stopped
BthPan Bluetooth Device (Personal Area Network) bthpan.sys 6.1.7600.16385 Kernel Driver Stopped
BTHPORT Bluetooth Port Driver BTHport.sys 6.1.7601.17514 Kernel Driver Stopped
BTHUSB Bluetooth Radio USB Driver BTHUSB.sys 6.1.7601.17514 Kernel Driver Stopped
cdfs CD/DVD File System Reader cdfs.sys 6.1.7600.16385 File System Driver Stopped
cdrom CD-ROM Driver cdrom.sys 6.1.7601.17514 Kernel Driver Running
circlass Consumer IR Devices circlass.sys 6.1.7600.16385 Kernel Driver Stopped
CLFS Common Log (CLFS) CLFS.sys 6.1.7600.16385 Kernel Driver Running
CmBatt Microsoft ACPI Control Method Battery Driver CmBatt.sys 6.1.7600.16385 Kernel Driver Stopped
cmdide cmdide cmdide.sys 2.0.7.0 Kernel Driver Stopped
CNG CNG cng.sys 6.1.7601.17514 Kernel Driver Running
Compbatt Compbatt compbatt.sys 6.1.7600.16385 Kernel Driver Stopped
CompositeBus Composite Bus Enumerator Driver CompositeBus.sys 6.1.7601.17514 Kernel Driver Running
cpuz135 cpuz135 cpuz135_x64.sys 1.0.3.5 Kernel Driver Running
crcdisk Crcdisk Filter Driver crcdisk.sys 6.1.7600.16385 Kernel Driver Stopped
CSC Offline Files Driver csc.sys 6.1.7601.17514 Kernel Driver Running
DAdderFltr DeathAdder Mouse dadder.sys 1.0.0.3 Kernel Driver Stopped
DfsC DFS Namespace Client Driver dfsc.sys 6.1.7601.17514 File System Driver Running
dg_ssudbus SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) ssudbus.sys 2.9.13.428 Kernel Driver Stopped
discache System Attribute Cache discache.sys 6.1.7600.16385 Kernel Driver Running
Disk Disk Driver disk.sys 6.1.7600.16385 Kernel Driver Running
drmkaud Microsoft Trusted Audio Drivers drmkaud.sys 6.1.7600.16385 Kernel Driver Stopped
DXGKrnl LDDM Graphics Subsystem dxgkrnl.sys 6.1.7601.17514 Kernel Driver Running
e1cexpress Intel(R) PRO/1000 PCI Express Network Connection Driver C e1c62x64.sys 11.8.74.0 Kernel Driver Running
e1qexpress Intel(R) PRO/1000 PCI Express Network Connection Driver Q e1q62x64.sys 11.7.32.0 Kernel Driver Running
ebdrv Broadcom NetXtreme II 10 GigE VBD evbda.sys 4.8.13.0 Kernel Driver Stopped
EIO64 EIO Driver EIO64.sys 1.9.7.0 Kernel Driver Running
elxstor elxstor elxstor.sys 7.2.10.211 Kernel Driver Stopped
ENTECH64 ENTECH64 ENTECH64.sys 5.0.1.1 Kernel Driver Stopped
ErrDev Microsoft Hardware Error Device Driver errdev.sys 6.1.7600.16385 Kernel Driver Stopped
exfat exFAT File System Driver File System Driver Stopped
fastfat FAT12/16/32 File System Driver File System Driver Running
fdc Floppy Disk Controller Driver fdc.sys 6.1.7600.16385 Kernel Driver Stopped
FileInfo File Information FS MiniFilter fileinfo.sys 6.1.7600.16385 File System Driver Running
Filetrace Filetrace filetrace.sys 6.1.7600.16385 File System Driver Stopped
flpydisk Floppy Disk Driver flpydisk.sys 6.1.7600.16385 Kernel Driver Stopped
FltMgr FltMgr fltmgr.sys 6.1.7601.17514 File System Driver Running
FsDepends File System Dependency Minifilter FsDepends.sys 6.1.7600.16385 File System Driver Stopped
fvevol Bitlocker Drive Encryption Filter Driver fvevol.sys 6.1.7601.17514 Kernel Driver Running
gagp30kx Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms gagp30kx.sys 6.1.7600.16385 Kernel Driver Stopped
hcw85cir Hauppauge Consumer Infrared Receiver hcw85cir.sys 1.31.27127.0 Kernel Driver Stopped
HdAudAddService Microsoft 1.1 UAA Function Driver for High Definition Audio Service HdAudio.sys 6.1.7601.17514 Kernel Driver Running
HDAudBus Microsoft UAA Bus Driver for High Definition Audio HDAudBus.sys 6.1.7601.17514 Kernel Driver Running
HidBatt HID UPS Battery Driver HidBatt.sys 6.1.7600.16385 Kernel Driver Stopped
HidBth Microsoft Bluetooth HID Miniport hidbth.sys 6.1.7600.16385 Kernel Driver Stopped
HidIr Microsoft Infrared HID Driver hidir.sys 6.1.7600.16385 Kernel Driver Stopped
HidUsb Microsoft HID Class Driver hidusb.sys 6.1.7601.17514 Kernel Driver Running
HpSAMD HpSAMD HpSAMD.sys 6.12.6.64 Kernel Driver Stopped
HTTP HTTP HTTP.sys 6.1.7601.17514 Kernel Driver Running
hwpolicy Hardware Policy Driver hwpolicy.sys 6.1.7601.17514 Kernel Driver Running
i8042prt i8042 Keyboard and PS/2 Mouse Port Driver i8042prt.sys 6.1.7600.16385 Kernel Driver Stopped
iaStor Intel AHCI Controller iaStor.sys 10.5.0.1026 Kernel Driver Running
iaStorV Intel RAID Controller Windows 7 iaStorV.sys 8.6.2.1014 Kernel Driver Stopped
ICCWDT Intel(R) Watchdog Timer Driver (Intel(R) WDT) ICCWDT.sys 7.0.0.7190 Kernel Driver Running
iirsp iirsp iirsp.sys 5.4.22.0 Kernel Driver Stopped
IntcAzAudAddService Service for Realtek HD Audio (WDM) RTKVHD64.sys 6.0.1.6235 Kernel Driver Stopped
intelide intelide intelide.sys 6.1.7600.16385 Kernel Driver Stopped
intelppm Intel Processor Driver intelppm.sys 6.1.7600.16385 Kernel Driver Running
IpFilterDriver IP Traffic Filter Driver ipfltdrv.sys 6.1.7601.17514 Kernel Driver Stopped
IPMIDRV IPMIDRV IPMIDrv.sys 6.1.7601.17514 Kernel Driver Stopped
IPNAT IP Network Address Translator ipnat.sys 6.1.7600.16385 Kernel Driver Stopped
IRENUM IR Bus Enumerator irenum.sys 6.1.7600.16385 Kernel Driver Stopped
isapnp isapnp isapnp.sys 6.1.7600.16385 Kernel Driver Stopped
iScsiPrt iScsiPort Driver msiscsi.sys 6.1.7601.17514 Kernel Driver Stopped
ISODrive ISO DVD/CD-ROM Device Driver ISODrv64.sys 3.1.3.579 File System Driver Running
kbdclass Keyboard Class Driver kbdclass.sys 6.1.7600.16385 Kernel Driver Running
kbdhid Keyboard HID Driver kbdhid.sys 6.1.7601.17514 Kernel Driver Running
KSecDD KSecDD ksecdd.sys 6.1.7601.17514 Kernel Driver Running
KSecPkg KSecPkg ksecpkg.sys 6.1.7601.17514 Kernel Driver Running
ksthunk Kernel Streaming Thunks ksthunk.sys 6.1.7600.16385 Kernel Driver Running
lltdio Link-Layer Topology Discovery Mapper I/O Driver lltdio.sys 6.1.7600.16385 Kernel Driver Running
LSI_FC LSI_FC lsi_fc.sys 1.28.3.52 Kernel Driver Stopped
LSI_SAS LSI_SAS lsi_sas.sys 1.28.3.52 Kernel Driver Stopped
LSI_SAS2 LSI_SAS2 lsi_sas2.sys 2.0.2.71 Kernel Driver Stopped
LSI_SCSI LSI_SCSI lsi_scsi.sys 1.28.3.67 Kernel Driver Stopped
luafv UAC File Virtualization luafv.sys 6.1.7600.16385 File System Driver Running
megasas megasas megasas.sys 4.5.1.64 Kernel Driver Stopped
MegaSR MegaSR MegaSR.sys 13.5.409.2009 Kernel Driver Stopped
MEIx64 Intel(R) Management Engine Interface HECIx64.sys 7.0.0.1118 Kernel Driver Running
Modem Modem modem.sys 6.1.7600.16385 Kernel Driver Stopped
monitor Microsoft Monitor Class Function Driver Service monitor.sys 6.1.7600.16385 Kernel Driver Running
mouclass Mouse Class Driver mouclass.sys 6.1.7600.16385 Kernel Driver Running
mouhid Mouse HID Driver mouhid.sys 6.1.7600.16385 Kernel Driver Running
mountmgr Mount Point Manager mountmgr.sys 6.1.7601.17514 Kernel Driver Running
mpio Microsoft Multi-Path Bus Driver mpio.sys 6.1.7601.17514 Kernel Driver Stopped
mpsdrv Windows Firewall Authorization Driver mpsdrv.sys 6.1.7600.16385 Kernel Driver Running
MRxDAV WebDav Client Redirector Driver mrxdav.sys 6.1.7601.17514 File System Driver Stopped
mrxsmb SMB MiniRedirector Wrapper and Engine mrxsmb.sys 6.1.7601.17565 File System Driver Running
mrxsmb10 SMB 1.x MiniRedirector mrxsmb10.sys 6.1.7601.17565 File System Driver Running
mrxsmb20 SMB 2.0 MiniRedirector mrxsmb20.sys 6.1.7601.17565 File System Driver Running
msahci msahci msahci.sys 6.1.7601.17514 Kernel Driver Running
msdsm Microsoft Multi-Path Device Specific Module msdsm.sys 6.1.7601.17514 Kernel Driver Stopped
Msfs Msfs File System Driver Running
mshidkmdf Pass-through HID to KMDF Filter Driver mshidkmdf.sys 6.1.7600.16385 Kernel Driver Stopped
msisadrv msisadrv msisadrv.sys 6.1.7600.16385 Kernel Driver Running
MSKSSRV Microsoft Streaming Service Proxy MSKSSRV.sys 6.1.7600.16385 Kernel Driver Stopped
MSPCLOCK Microsoft Streaming Clock Proxy MSPCLOCK.sys 6.1.7600.16385 Kernel Driver Stopped
MSPQM Microsoft Streaming Quality Manager Proxy MSPQM.sys 6.1.7600.16385 Kernel Driver Stopped
MsRPC MsRPC Kernel Driver Stopped
mssmbios Microsoft System Management BIOS Driver mssmbios.sys 6.1.7600.16385 Kernel Driver Running
MSTEE Microsoft Streaming Tee/Sink-to-Sink Converter MSTEE.sys 6.1.7600.16385 Kernel Driver Stopped
MTConfig Microsoft Input Configuration Driver MTConfig.sys 6.1.7600.16385 Kernel Driver Stopped
Mup Mup mup.sys 6.1.7600.16385 File System Driver Running
NativeWifiP NativeWiFi Filter nwifi.sys 6.1.7600.16385 Kernel Driver Stopped
NDIS NDIS System Driver ndis.sys 6.1.7601.17514 Kernel Driver Running
NdisCap NDIS Capture LightWeight Filter ndiscap.sys 6.1.7600.16385 Kernel Driver Stopped
NdisTapi Remote Access NDIS TAPI Driver ndistapi.sys 6.1.7600.16385 Kernel Driver Running
Ndisuio NDIS Usermode I/O Protocol ndisuio.sys 6.1.7601.17514 Kernel Driver Stopped
NdisWan Remote Access NDIS WAN Driver ndiswan.sys 6.1.7601.17514 Kernel Driver Running
NDProxy NDIS Proxy Kernel Driver Running
NetBIOS NetBIOS Interface netbios.sys 6.1.7600.16385 File System Driver Running
NetBT NetBT netbt.sys 6.1.7601.17514 Kernel Driver Running
nfrd960 nfrd960 nfrd960.sys 7.10.0.0 Kernel Driver Stopped
Npfs Npfs File System Driver Running
nsiproxy NSI proxy service driver. nsiproxy.sys 6.1.7600.16385 Kernel Driver Running
Ntfs Ntfs File System Driver Running
Null Null Kernel Driver Running
nusb3hub Renesas Electronics USB 3.0 Hub Driver nusb3hub.sys 2.0.32.0 Kernel Driver Running
nusb3xhc Renesas Electronics USB 3.0 Host Controller Driver nusb3xhc.sys 2.0.32.0 Kernel Driver Running
nv_agp NVIDIA nForce AGP Bus Filter nv_agp.sys 6.1.7600.16385 Kernel Driver Stopped
nvraid nvraid nvraid.sys 10.6.0.18 Kernel Driver Stopped
nvstor nvstor nvstor.sys 10.6.0.18 Kernel Driver Stopped
ohci1394 1394 OHCI Compliant Host Controller (Legacy) ohci1394.sys 6.1.7600.16385 Kernel Driver Stopped
Parport Parallel port driver parport.sys 6.1.7600.16385 Kernel Driver Stopped
partmgr Partition Manager partmgr.sys 6.1.7601.17514 Kernel Driver Running
pci PCI Bus Driver pci.sys 6.1.7601.17514 Kernel Driver Running
pciide pciide pciide.sys 6.1.7600.16385 Kernel Driver Running
pcmcia pcmcia pcmcia.sys 6.1.7600.16385 Kernel Driver Stopped
pcw Performance Counters for Windows Driver pcw.sys 6.1.7600.16385 Kernel Driver Running
PEAUTH PEAUTH peauth.sys 6.1.7600.16385 Kernel Driver Running
PptpMiniport WAN Miniport (PPTP) raspptp.sys 6.1.7601.17514 Kernel Driver Running
Processor Processor Driver processr.sys 6.1.7600.16385 Kernel Driver Stopped
Psched QoS Packet Scheduler pacer.sys 6.1.7601.17514 Kernel Driver Running
ql2300 ql2300 ql2300.sys 9.1.8.6 Kernel Driver Stopped
ql40xx ql40xx ql40xx.sys 2.1.3.20 Kernel Driver Stopped
QWAVEdrv QWAVE driver qwavedrv.sys 6.1.7600.16385 Kernel Driver Stopped
RasAcd Remote Access Auto Connection Driver rasacd.sys 6.1.7600.16385 Kernel Driver Stopped
RasAgileVpn WAN Miniport (IKEv2) AgileVpn.sys 6.1.7600.16385 Kernel Driver Running
Rasl2tp WAN Miniport (L2TP) rasl2tp.sys 6.1.7601.17514 Kernel Driver Running
RasPppoe Remote Access PPPOE Driver raspppoe.sys 6.1.7600.16385 Kernel Driver Running
RasSstp WAN Miniport (SSTP) rassstp.sys 6.1.7600.16385 Kernel Driver Running
rdbss Redirected Buffering Sub Sysytem rdbss.sys 6.1.7601.17514 File System Driver Running
rdpbus Remote Desktop Device Redirector Bus Driver rdpbus.sys 6.1.7600.16385 Kernel Driver Running
RDPCDD RDPCDD RDPCDD.sys 6.1.7600.16385 Kernel Driver Running
RDPDR Terminal Server Device Redirector Driver rdpdr.sys 6.1.7601.17514 Kernel Driver Stopped
RDPENCDD RDP Encoder Mirror Driver rdpencdd.sys 6.1.7600.16385 Kernel Driver Running
RDPREFMP Reflector Display Driver used to gain access to graphics data rdprefmp.sys 6.1.7600.16385 Kernel Driver Running
RdpVideoMiniport Remote Desktop Video Miniport Driver rdpvideominiport.sys 6.1.7601.17514 Kernel Driver Stopped
RDPWD RDP Winstation Driver Kernel Driver Stopped
rdyboost ReadyBoost rdyboost.sys 6.1.7601.17514 Kernel Driver Running
RFCOMM Bluetooth Device (RFCOMM Protocol TDI) rfcomm.sys 6.1.7600.16385 Kernel Driver Stopped
rspndr Link-Layer Topology Discovery Responder rspndr.sys 6.1.7600.16385 Kernel Driver Running
s3cap s3cap vms3cap.sys 6.1.7601.17514 Kernel Driver Stopped
sbp2port SBP-2 Transport/Protocol Bus Driver sbp2port.sys 6.1.7601.17514 Kernel Driver Stopped
scfilter Smart card PnP Class Filter Driver scfilter.sys 6.1.7601.17514 Kernel Driver Stopped
secdrv Security Driver Kernel Driver Running
Serenum Serenum Filter Driver serenum.sys 6.1.7600.16385 Kernel Driver Stopped
Serial Serial port driver serial.sys 6.1.7600.16385 Kernel Driver Stopped
sermouse Serial Mouse Driver sermouse.sys 6.1.7600.16385 Kernel Driver Stopped
sffdisk SFF Storage Class Driver sffdisk.sys 6.1.7600.16385 Kernel Driver Stopped
sffp_mmc SFF Storage Protocol Driver for MMC sffp_mmc.sys 6.1.7600.16385 Kernel Driver Stopped
sffp_sd SFF Storage Protocol Driver for SDBus sffp_sd.sys 6.1.7601.17514 Kernel Driver Stopped
sfloppy High-Capacity Floppy Disk Drive sfloppy.sys 6.1.7600.16385 Kernel Driver Stopped
SiSRaid2 SiSRaid2 SiSRaid2.sys 5.1.1039.2600 Kernel Driver Stopped
SiSRaid4 SiSRaid4 sisraid4.sys 5.1.1039.3600 Kernel Driver Stopped
Smb Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) smb.sys 6.1.7600.16385 Kernel Driver Stopped
spldr Security Processor Loader Driver Kernel Driver Running
srv Server SMB 1.xxx Driver srv.sys 6.1.7601.17565 File System Driver Running
srv2 Server SMB 2.xxx Driver srv2.sys 6.1.7601.17565 File System Driver Running
srvnet srvnet srvnet.sys 6.1.7601.17565 File System Driver Running
ssudmdm SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) ssudmdm.sys 2.9.10.209 Kernel Driver Running
stexstor stexstor stexstor.sys 5.0.1.1 Kernel Driver Stopped
storflt Disk Virtual Machine Bus Acceleration Filter Driver vmstorfl.sys 6.1.7601.17514 Kernel Driver Running
storvsc storvsc storvsc.sys 6.1.7601.17514 Kernel Driver Stopped
swenum Software Bus Driver swenum.sys 6.1.7600.16385 Kernel Driver Running
Synth3dVsc Synth3dVsc synth3dvsc.sys Kernel Driver Stopped
Tcpip TCP/IP Protocol Driver tcpip.sys 6.1.7601.17514 Kernel Driver Running
TCPIP6 Microsoft IPv6 Protocol Driver tcpip.sys 6.1.7601.17514 Kernel Driver Stopped
tcpipreg TCP/IP Registry Compatibility tcpipreg.sys 6.1.7601.17514 Kernel Driver Running
TDPIPE TDPIPE tdpipe.sys 6.1.7600.16385 Kernel Driver Stopped
TDTCP TDTCP tdtcp.sys 6.1.7600.16385 Kernel Driver Stopped
tdx NetIO Legacy TDI Support Driver tdx.sys 6.1.7601.17514 Kernel Driver Running
TermDD Terminal Device Driver termdd.sys 6.1.7601.17514 Kernel Driver Running
tssecsrv Remote Desktop Services Security Filter Driver tssecsrv.sys 6.1.7601.17514 Kernel Driver Stopped
TsUsbFlt TsUsbFlt tsusbflt.sys 6.1.7601.17514 Kernel Driver Stopped
tsusbhub tsusbhub tsusbhub.sys Kernel Driver Stopped
tunnel Microsoft Tunnel Miniport Adapter Driver tunnel.sys 6.1.7601.17514 Kernel Driver Running
uagp35 Microsoft AGPv3.5 Filter uagp35.sys 6.1.7600.16385 Kernel Driver Stopped
udfs udfs udfs.sys 6.1.7601.17514 File System Driver Stopped
uliagpkx Uli AGP Bus Filter uliagpkx.sys 6.1.7600.16385 Kernel Driver Stopped
umbus UMBus Enumerator Driver umbus.sys 6.1.7601.17514 Kernel Driver Running
UmPass Microsoft UMPass Driver umpass.sys 6.1.7600.16385 Kernel Driver Stopped
usbccgp Microsoft USB Generic Parent Driver usbccgp.sys 6.1.7601.17514 Kernel Driver Running
usbcir eHome Infrared Receiver (USBCIR) usbcir.sys 6.1.7600.16385 Kernel Driver Stopped
usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver usbehci.sys 6.1.7601.17514 Kernel Driver Running
usbhub Microsoft USB Standard Hub Driver usbhub.sys 6.1.7601.17514 Kernel Driver Running
usbohci Microsoft USB Open Host Controller Miniport Driver usbohci.sys 6.1.7600.16385 Kernel Driver Stopped
usbprint Microsoft USB PRINTER Class usbprint.sys 6.1.7600.16385 Kernel Driver Stopped
USBSTOR USB Mass Storage Driver USBSTOR.SYS 6.1.7601.17514 Kernel Driver Running
usbuhci Microsoft USB Universal Host Controller Miniport Driver usbuhci.sys 6.1.7600.16385 Kernel Driver Stopped
vdrvroot Microsoft Virtual Drive Enumerator Driver vdrvroot.sys 6.1.7600.16385 Kernel Driver Running
vga vga vgapnp.sys 6.1.7600.16385 Kernel Driver Stopped
VgaSave VgaSave vga.sys 6.1.7600.16385 Kernel Driver Running
VGPU VGPU rdvgkmd.sys Kernel Driver Stopped
vhdmp vhdmp vhdmp.sys 6.1.7601.17514 Kernel Driver Stopped
viaide viaide viaide.sys 6.0.6000.170 Kernel Driver Stopped
vmbus Virtual Machine Bus vmbus.sys 6.1.7601.17514 Kernel Driver Running
VMBusHID VMBusHID VMBusHID.sys 6.1.7601.17514 Kernel Driver Stopped
volmgr Volume Manager Driver volmgr.sys 6.1.7601.17514 Kernel Driver Running
volmgrx Dynamic Volume Manager volmgrx.sys 6.1.7601.17514 Kernel Driver Running
volsnap Storage volumes volsnap.sys 6.1.7601.17514 Kernel Driver Running
vsmraid vsmraid vsmraid.sys 6.0.6000.6210 Kernel Driver Stopped
vwifibus Virtual WiFi Bus Driver vwifibus.sys 6.1.7600.16385 Kernel Driver Stopped
WacomPen Wacom Serial Pen HID Driver wacompen.sys 6.1.7600.16385 Kernel Driver Stopped
WANARP Remote Access IP ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Stopped
Wanarpv6 Remote Access IPv6 ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Running
Wd Wd wd.sys 6.1.7600.16385 Kernel Driver Stopped
Wdf01000 Kernel Mode Driver Frameworks service Wdf01000.sys 1.9.7600.16385 Kernel Driver Running
WfpLwf WFP Lightweight Filter wfplwf.sys 6.1.7600.16385 Kernel Driver Running
WIMMount WIMMount wimmount.sys 6.1.7600.16385 File System Driver Stopped
WinUsb WinUsb WinUsb.sys 6.1.7601.17514 Kernel Driver Stopped
WmiAcpi Microsoft Windows Management Interface for ACPI wmiacpi.sys 6.1.7600.16385 Kernel Driver Running
ws2ifsl Winsock IFS Driver ws2ifsl.sys 6.1.7600.16385 Kernel Driver Stopped
WudfPf User Mode Driver Frameworks Platform Driver WudfPf.sys 6.1.7601.17514 Kernel Driver Running
WUDFRd WUDFRd WUDFRd.sys 6.1.7601.17514 Kernel Driver Running
xusb21 Xbox 360 Wireless Receiver Driver Service 21 xusb21.sys 9.18.1034.0 Kernel Driver Running
Services
Service Name Service Description File Name Version Type State Account
AeLookupSvc Application Experience svchost.exe 6.1.7600.16385 Share Process Running localSystem
ALG Application Layer Gateway Service alg.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService
AMD External Events Utility AMD External Events Utility atiesrxx.exe 6.14.11.1092 Own Process Running LocalSystem
AppIDSvc Application Identity svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
Appinfo Application Information svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
AppMgmt Application Management svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
asComSvc ASUS Com Service atkexComSvc.exe Own Process Running LocalSystem
ASDR ASDR ASDR.exe 1.1.0.1 Own Process Running LocalSystem
asHmComSvc ASUS HM Com Service aaHMSvc.exe Own Process Running LocalSystem
AsSysCtrlService ASUS System Control Service AsSysCtrlService.exe Own Process Running LocalSystem
AtherosSvc AtherosSvc adminservice.exe 7.2.0.40 Own Process Running LocalSystem
AudioEndpointBuilder Windows Audio Endpoint Builder svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
AudioSrv Windows Audio svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
AxInstSV ActiveX Installer (AxInstSV) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
BDESVC BitLocker Drive Encryption Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
BFE Base Filtering Engine svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
BITS Background Intelligent Transfer Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
Browser Computer Browser svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
bthserv Bluetooth Support Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
CertPropSvc Certificate Propagation svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
clr_optimization_v2.0.50727_32 Microsoft .NET Framework NGEN v2.0.50727_X86 mscorsvw.exe 2.0.50727.4927 Own Process Stopped LocalSystem
clr_optimization_v2.0.50727_64 Microsoft .NET Framework NGEN v2.0.50727_X64 mscorsvw.exe 2.0.50727.4927 Own Process Stopped LocalSystem
clr_optimization_v4.0.30319_32 Microsoft .NET Framework NGEN v4.0.30319_X86 mscorsvw.exe 4.0.30319.1 Own Process Stopped LocalSystem
clr_optimization_v4.0.30319_64 Microsoft .NET Framework NGEN v4.0.30319_X64 mscorsvw.exe 4.0.30319.1 Own Process Stopped LocalSystem
COMSysApp COM+ System Application dllhost.exe 6.1.7600.16385 Own Process Stopped LocalSystem
CryptSvc Cryptographic Services svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService
CscService Offline Files svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
DcomLaunch DCOM Server Process Launcher svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
defragsvc Disk Defragmenter svchost.exe 6.1.7600.16385 Own Process Stopped localSystem
Dhcp DHCP Client svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService
Dnscache DNS Client svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
dot3svc Wired AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
DPS Diagnostic Policy Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
EapHost Extensible Authentication Protocol svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
EFS Encrypting File System (EFS) lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem
ehRecvr Windows Media Center Receiver Service ehRecvr.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\networkService
ehSched Windows Media Center Scheduler Service ehsched.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\networkService
eventlog Windows Event Log svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
EventSystem COM+ Event System svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
Fax Fax fxssvc.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\NetworkService
fdPHost Function Discovery Provider Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
FDResPub Function Discovery Resource Publication svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
FontCache Windows Font Cache Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
FontCache3.0.0.0 Windows Presentation Foundation Font Cache 3.0.0.0 PresentationFontCache.exe 3.0.6920.5011 Own Process Running NT Authority\LocalService
gpsvc Group Policy Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
hidserv Human Interface Device Access svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
hkmsvc Health Key and Certificate Management svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
HomeGroupListener HomeGroup Listener svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
HomeGroupProvider HomeGroup Provider svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
IDriverT InstallDriver Table Manager IDriverT.exe 11.0.0.28844 Own Process Stopped LocalSystem
idsvc Windows CardSpace infocard.exe 3.0.4506.5420 Share Process Stopped LocalSystem
IKEEXT IKE and AuthIP IPsec Keying Modules svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
Intel® PROSet Monitoring Service Intel® PROSet Monitoring Service IProsetMonitor.exe 15.6.1.1 Own Process Running LocalSystem
IPBusEnum PnP-X IP Bus Enumerator svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
iphlpsvc IP Helper svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
KeyIso CNG Key Isolation lsass.exe 6.1.7600.16385 Share Process Running LocalSystem
KtmRm KtmRm for Distributed Transaction Coordinator svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
LanmanServer Server svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
LanmanWorkstation Workstation svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
lltdsvc Link-Layer Topology Discovery Mapper svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
lmhosts TCP/IP NetBIOS Helper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
Mcx2Svc Media Center Extender Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
MMCSS Multimedia Class Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
MpsSvc Windows Firewall svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService
MSDTC Distributed Transaction Coordinator msdtc.exe 2001.12.8530.16385 Own Process Stopped NT AUTHORITY\NetworkService
MSiSCSI Microsoft iSCSI Initiator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
msiserver Windows Installer msiexec.exe 5.0.7601.17514 Own Process Stopped LocalSystem
napagent Network Access Protection Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
Netlogon Netlogon lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem
Netman Network Connections svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
netprofm Network List Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
NetTcpPortSharing Net.Tcp Port Sharing Service SMSvcHost.exe 3.0.4506.4926 Share Process Stopped NT AUTHORITY\LocalService
NlaSvc Network Location Awareness svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
nsi Network Store Interface Service svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService
p2pimsvc Peer Networking Identity Manager svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
p2psvc Peer Networking Grouping svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
PcaSvc Program Compatibility Assistant Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
PeerDistSvc BranchCache svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
PerfHost Performance Counter DLL Host perfhost.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService
pla Performance Logs & Alerts svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
PlugPlay Plug and Play svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
PnkBstrA PnkBstrA PnkBstrA.exe Own Process Running LocalSystem
PnkBstrB PnkBstrB PnkBstrB.exe Own Process Running LocalSystem
PNRPAutoReg PNRP Machine Name Publication Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
PNRPsvc Peer Name Resolution Protocol svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
PolicyAgent IPsec Policy Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService
Power Power svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
ProfSvc User Profile Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
ProtectedStorage Protected Storage lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem
QWAVE Quality Windows Audio Video Experience svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
RadeonPro Support Service RadeonPro Support Service RadeonProSupport.exe 1.0.3.4 Own Process Running LocalSystem
RasAuto Remote Access Auto Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
RasMan Remote Access Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
RemoteAccess Routing and Remote Access svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
RemoteRegistry Remote Registry svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
RpcEptMapper RPC Endpoint Mapper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
RpcLocator Remote Procedure Call (RPC) Locator locator.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\NetworkService
RpcSs Remote Procedure Call (RPC) svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
SamSs Security Accounts Manager lsass.exe 6.1.7600.16385 Share Process Running LocalSystem
SCardSvr Smart Card svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
Schedule Task Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
SCPolicySvc Smart Card Removal Policy svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
SDRSVC Windows Backup svchost.exe 6.1.7600.16385 Own Process Stopped localSystem
seclogon Secondary Logon svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
SENS System Event Notification Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
SensrSvc Adaptive Brightness svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
SessionEnv Remote Desktop Configuration svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
SharedAccess Internet Connection Sharing (ICS) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
ShellHWDetection Shell Hardware Detection svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
SNMPTRAP SNMP Trap snmptrap.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService
Spooler Print Spooler spoolsv.exe 6.1.7601.17514 Own Process Running LocalSystem
sppsvc Software Protection sppsvc.exe 6.1.7601.17514 Own Process Running NT AUTHORITY\NetworkService
sppuinotify SPP Notification Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
SSDPSRV SSDP Discovery svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
SstpSvc Secure Socket Tunneling Protocol Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
Steam Client Service Steam Client Service Program Own Process Stopped LocalSystem
stisvc Windows Image Acquisition (WIA) svchost.exe 6.1.7600.16385 Own Process Running NT Authority\LocalService
swprv Microsoft Software Shadow Copy Provider svchost.exe 6.1.7600.16385 Own Process Stopped LocalSystem
SysMain Superfetch svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
TabletInputService Tablet PC Input Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
TapiSrv Telephony svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
TBS TPM Base Services svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
TermService Remote Desktop Services svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService
Themes Themes svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
THREADORDER Thread Ordering Server svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
TrkWks Distributed Link Tracking Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
TrustedInstaller Windows Modules Installer TrustedInstaller.exe 6.1.7601.17514 Own Process Stopped localSystem
UI0Detect Interactive Services Detection UI0Detect.exe 6.1.7600.16385 Own Process Stopped LocalSystem
UmRdpService Remote Desktop Services UserMode Port Redirector svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
upnphost UPnP Device Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
UxSms Desktop Window Manager Session Manager svchost.exe 6.1.7600.16385 Share Process Running localSystem
VaultSvc Credential Manager lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem
vds Virtual Disk vds.exe 6.1.7601.17514 Own Process Stopped LocalSystem
VSS Volume Shadow Copy vssvc.exe 6.1.7601.17514 Own Process Stopped LocalSystem
W32Time Windows Time svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
WatAdminSvc WatAdminSvc WatAdminSvc.exe Own Process Stopped LocalSystem
wbengine Block Level Backup Engine Service wbengine.exe 6.1.7601.17514 Own Process Stopped localSystem
WbioSrvc Windows Biometric Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
wcncsvc Windows Connect Now - Config Registrar svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
WcsPlugInService Windows Color System svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
WdiServiceHost Diagnostic Service Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
WdiSystemHost Diagnostic System Host svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
WebClient WebClient svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
Wecsvc Windows Event Collector svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
wercplsupport Problem Reports and Solutions Control Panel Support svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
WerSvc Windows Error Reporting Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
WinDefend Windows Defender svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
Winmgmt Windows Management Instrumentation svchost.exe 6.1.7600.16385 Share Process Running localSystem
WinRM Windows Remote Management (WS-Management) svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
Wlansvc WLAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
wlidsvc Windows Live ID Sign-in Assistant WLIDSVC.EXE 6.500.3165.0 Own Process Running LocalSystem
wmiApSrv WMI Performance Adapter WmiApSrv.exe 6.1.7600.16385 Own Process Stopped localSystem
WMPNetworkSvc Windows Media Player Network Sharing Service wmpnetwk.exe Own Process Running NT AUTHORITY\NetworkService
WPCSvc Parental Controls svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
WPDBusEnum Portable Device Enumerator Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
wscsvc Security Center svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
WSearch Windows Search SearchIndexer.exe 7.0.7600.16385 Own Process Running LocalSystem
wuauserv Windows Update svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
wudfsvc Windows Driver Foundation - User-mode Driver Framework svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
WwanSvc WWAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
AX Files
AX File Version Description
3daudio.ax
bdaplgin.ax 6.1.7600.16385 Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax 6.1.7601.17514 Intel G711 CODEC
iac25_32.ax 2.0.5.53 Indeo® audio software
ir41_32.ax 4.51.16.3 Intel Indeo® Video 4.5
ivfsrc.ax 5.10.2.51 Intel Indeo® video IVF Source Filter 5.10
ksproxy.ax 6.1.7601.17514 WDM Streaming ActiveMovie Proxy
kstvtune.ax 6.1.7601.17514 WDM Streaming TvTuner
kswdmcap.ax 6.1.7601.17514 WDM Streaming Video Capture
ksxbar.ax 6.1.7601.17514 WDM Streaming Crossbar
mpeg2data.ax 6.6.7601.17514 Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax 6.6.7601.17528 DirectShow MPEG-2 Splitter.
msdvbnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks.
msnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks.
muzdecode.ax 1.0.0.60207 PCube Audio Decoder Filter
muzeffect.ax 1.0.0.60210 P3AudioEffect Filter
muzmp4sp.ax 1.0.0.60210 P3MP4Splitter Filter
muzmpgsp.ax 1.1.7.911 PCube MPEG Splitter Filter
muzoggsp.ax 1.0.0.60207 OGG Splitter
psisrndr.ax 6.6.7601.17514 Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax 6.6.7601.17514 Microsoft VBI Codec
vbisurf.ax 6.1.7601.17514 VBI Surface Allocator Filter
vidcap.ax 6.1.7600.16385 Video Capture Interface Server
wstpager.ax 6.6.7601.17514 Microsoft Teletext Server
DLL Files
DLL File Version Description
aaclient.dll 6.1.7601.17514 Anywhere access client
accessibilitycpl.dll 6.1.7601.17514 Ease of access control panel
acctres.dll 6.1.7600.16385 Microsoft Internet Account Manager Resources
acledit.dll 6.1.7600.16385 Access Control List Editor
aclui.dll 6.1.7600.16385 Security Descriptor Editor
acppage.dll 6.1.7601.17514 Compatibility Tab Shell Extension Library
actioncenter.dll 6.1.7601.17514 Action Center
actioncentercpl.dll 6.1.7601.17514 Action Center Control Panel
activeds.dll 6.1.7601.17514 ADs Router Layer DLL
actxprxy.dll 6.1.7601.17514 ActiveX Interface Marshaling Library
admparse.dll 8.0.7600.16385 IEAK Global Policy Template Parser
admtmpl.dll 6.1.7601.17514 Administrative Templates Extension
adprovider.dll 6.1.7600.16385 adprovider DLL
adsldp.dll 6.1.7601.17514 ADs LDAP Provider DLL
adsldpc.dll 6.1.7600.16385 ADs LDAP Provider C DLL
adsmsext.dll 6.1.7600.16385 ADs LDAP Provider DLL
adsnt.dll 6.1.7600.16385 ADs Windows NT Provider DLL
adtschema.dll 6.1.7600.16385 Security Audit Schema DLL
advapi32.dll 6.1.7601.17514 Advanced Windows 32 Base API
advpack.dll 8.0.7600.16385 ADVPACK
aecache.dll 6.1.7600.16385 AECache Sysprep Plugin
aeevts.dll 6.1.7600.16385 Application Experience Event Resources
alttab.dll 6.1.7600.16385 Windows Shell Alt Tab
amdocl.dll 2.4.595.10 AMD Accelerated Parallel Processing OpenCL 1.1 Runtime
amdpcom32.dll 8.14.10.23 Radeon PCOM Universal Driver
amstream.dll 6.6.7601.17514 DirectShow Runtime.
amxread.dll 6.1.7600.16385 API Tracing Manifest Read Library
apds.dll 6.1.7600.16385 Microsoft® Help Data Services Module
apilogen.dll 6.1.7600.16385 API Tracing Log Engine
api-ms-win-core-console-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-datetime-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-debug-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-delayload-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-errorhandling-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-fibers-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-file-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-handle-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-heap-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-interlocked-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-io-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-libraryloader-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-localization-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-localregistry-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-memory-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-misc-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-namedpipe-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-processenvironment-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-processthreads-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-profile-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-rtlsupport-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-string-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-synch-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-sysinfo-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-threadpool-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-util-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-xstate-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-security-base-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-security-lsalookup-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-security-sddl-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-service-core-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-service-management-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-service-management-l2-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-service-winsvc-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
apircl.dll 6.1.7600.16385 Microsoft® InfoTech IR Local DLL
apisetschema.dll 6.1.7600.16385 ApiSet Schema DLL
apphelp.dll 6.1.7601.17514 Application Compatibility Client Library
apphlpdm.dll 6.1.7600.16385 Application Compatibility Help Module
appidapi.dll 6.1.7600.16385 Application Identity APIs Dll
appidpolicyengineapi.dll 6.1.7600.16385 AppId Policy Engine API Module
appmgmts.dll 6.1.7600.16385 Software installation Service
appmgr.dll 6.1.7601.17514 Software Installation Snapin Extenstion
apss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library
asferror.dll 12.0.7600.16385 ASF Error Definitions
asio.dll 1.0.0.4 AsIO DLL
asycfilt.dll 6.1.7601.17514
ati2edxx.dll 6.14.10.2514 ati2edxx
atiadlxy.dll 6.14.10.1057 ADL
aticalcl.dll 6.14.10.1385 ATI CAL compiler runtime
aticaldd.dll 6.14.10.1385 ATI CAL DD
aticalrt.dll 6.14.10.1385 ATI CAL runtime
aticfx32.dll 8.17.10.1077 aticfx32.dll
atidxx32.dll 8.17.10.355 atidxx32.dll
atigktxx.dll 8.14.1.6210 atigktxx.dll
atiglpxx.dll 8.14.1.6210 atiglpxx.dll
atimpc32.dll 8.14.10.23 Radeon PCOM Universal Driver
atioglxx.dll 6.14.10.10767 ATI OpenGL driver
atipdlxx.dll 6.14.10.2563 ATI Desktop CWDDEDI DLL
atiu9pag.dll 8.14.1.6210 atiu9pag.dll
atiumdag.dll 7.14.10.833 atiumdag.dll
atiumdmv.dll 7.14.10.184 Radeon Video Acceleration Universal Driver
atiumdva.dll 8.14.10.308 Radeon Video Acceleration Universal Driver
atiuxpag.dll 8.14.1.6210 atiuxpag.dll
atl.dll 3.5.2284.0 ATL Module for Windows XP (Unicode)
atmfd.dll 5.1.2.234 Windows NT OpenType/Type 1 Font Driver
atmlib.dll 5.1.2.234 Windows NT OpenType/Type 1 API Library.
audiodev.dll 6.1.7601.17514 Portable Media Devices Shell Extension
audioeng.dll 6.1.7600.16385 Audio Engine
audiokse.dll 6.1.7600.16385 Audio Ks Endpoint
audioses.dll 6.1.7601.17514 Audio Session
auditnativesnapin.dll 6.1.7600.16385 Audit Policy Group Policy Editor Extension
auditpolicygpinterop.dll 6.1.7600.16385 Audit Policy GP Module
auditpolmsg.dll 6.1.7600.16385 Audit Policy MMC SnapIn Messages
authfwcfg.dll 6.1.7600.16385 Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll 6.1.7600.16385 Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll 6.1.7601.17514 Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll 6.1.7600.16385 Wizard Framework
authui.dll 6.1.7601.17514 Windows Authentication UI
authz.dll 6.1.7600.16385 Authorization Framework
autoplay.dll 6.1.7601.17514 AutoPlay Control Panel
auxiliarydisplayapi.dll 6.1.7600.16385 Microsoft Windows SideShow API
auxiliarydisplaycpl.dll 6.1.7601.17514 Microsoft Windows SideShow Control Panel
avicap32.dll 6.1.7600.16385 AVI Capture window class
avifil32.dll 6.1.7601.17514 Microsoft AVI File support library
avrt.dll 6.1.7600.16385 Multimedia Realtime Runtime
azroles.dll 6.1.7601.17514 azroles Module
azroleui.dll 6.1.7601.17514 Authorization Manager
azsqlext.dll 6.1.7601.17514 AzMan Sql Audit Extended Stored Procedures Dll
basecsp.dll 6.1.7601.17514 Microsoft Base Smart Card Crypto Provider
batmeter.dll 6.1.7601.17514 Battery Meter Helper DLL
bcrypt.dll 6.1.7600.16385 Windows Cryptographic Primitives Library (Wow64)
bcryptprimitives.dll 6.1.7600.16385 Windows Cryptographic Primitives Library
bidispl.dll 6.1.7600.16385 Bidispl DLL
biocredprov.dll 6.1.7600.16385 WinBio Credential Provider
bitsperf.dll 7.5.7601.17514 Perfmon Counter Access
bitsprx2.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy
bitsprx3.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.0 Proxy
bitsprx4.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.5 Proxy
bitsprx5.dll 7.5.7600.16385 Background Intelligent Transfer Service 3.0 Proxy
bitsprx6.dll 7.5.7600.16385 Background Intelligent Transfer Service 4.0 Proxy
blackbox.dll 11.0.7601.17514 BlackBox DLL
bootvid.dll 6.1.7600.16385 VGA Boot Driver
browcli.dll 6.1.7601.17514 Browser Service Client DLL
browseui.dll 6.1.7601.17514 Shell Browser UI Library
btpanui.dll 6.1.7600.16385 Bluetooth PAN User Interface
bwcontexthandler.dll 1.0.0.1 ContextH Application
bwunpairelevated.dll 6.1.7600.16385 BWUnpairElevated Proxy Dll
c_g18030.dll 6.1.7600.16385 GB18030 DBCS-Unicode Conversion DLL
c_is2022.dll 6.1.7600.16385 ISO-2022 Code Page Translation DLL
c_iscii.dll 6.1.7601.17514 ISCII Code Page Translation DLL
cabinet.dll 6.1.7601.17514 Microsoft® Cabinet File API
cabview.dll 6.1.7601.17514 Cabinet File Viewer Shell Extension
capiprovider.dll 6.1.7600.16385 capiprovider DLL
capisp.dll 6.1.7600.16385 Sysprep cleanup dll for CAPI
catsrv.dll 2001.12.8530.16385 COM+ Configuration Catalog Server
catsrvps.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Utilities
cca.dll 6.6.7601.17514 CCA DirectShow Filter.
cdosys.dll 6.6.7601.17514 Microsoft CDO for Windows Library
certcli.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Client
certcredprovider.dll 6.1.7600.16385 Cert Credential Provider
certenc.dll 6.1.7600.16385 Active Directory Certificate Services Encoding
certenroll.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Enrollment Client
certenrollui.dll 6.1.7600.16385 X509 Certificate Enrollment UI
certmgr.dll 6.1.7601.17514 Certificates snap-in
certpoleng.dll 6.1.7601.17514 Certificate Policy Engine
cewmdm.dll 12.0.7600.16385 Windows CE WMDM Service Provider
cfgbkend.dll 6.1.7600.16385 Configuration Backend Interface
cfgmgr32.dll 6.1.7601.17514 Configuration Manager DLL
chsbrkr.dll 6.1.7600.16385 Simplified Chinese Word Breaker
chtbrkr.dll 6.1.7600.16385 Chinese Traditional Word Breaker
chxreadingstringime.dll 6.1.7600.16385 CHxReadingStringIME
cic.dll 6.1.7600.16385 CIC - MMC controls for Taskpad
cis-2.4.dll
clb.dll 6.1.7600.16385 Column List Box
clbcatq.dll 2001.12.8530.16385 COM+ Configuration Catalog
clfsw32.dll 6.1.7600.16385 Common Log Marshalling Win32 DLL
cliconfg.dll 6.1.7600.16385 SQL Client Configuration Utility DLL
clusapi.dll 6.1.7601.17514 Cluster API Library
cmcfg32.dll 7.2.7600.16385 Microsoft Connection Manager Configuration Dll
cmdial32.dll 7.2.7600.16385 Microsoft Connection Manager
cmicryptinstall.dll 6.1.7600.16385 Installers for cryptographic elements of CMI objects
cmifw.dll 6.1.7600.16385 Windows Firewall rule configuration plug-in
cmipnpinstall.dll 6.1.7600.16385 PNP plugin installer for CMI
cmlua.dll 7.2.7600.16385 Connection Manager Admin API Helper
cmpbk32.dll 7.2.7600.16385 Microsoft Connection Manager Phonebook
cmstplua.dll 7.2.7600.16385 Connection Manager Admin API Helper for Setup
cmutil.dll 7.2.7600.16385 Microsoft Connection Manager Utility Lib
cngaudit.dll 6.1.7600.16385 Windows Cryptographic Next Generation audit library
cngprovider.dll 6.1.7600.16385 cngprovider DLL
cnvfat.dll 6.1.7600.16385 FAT File System Conversion Utility DLL
colbact.dll 2001.12.8530.16385 COM+
colorcnv.dll 6.1.7600.16385 Windows Media Color Conversion
colorui.dll 6.1.7600.16385 Microsoft Color Control Panel
comcat.dll 6.1.7600.16385 Microsoft Component Category Manager Library
comctl32.dll 5.82.7601.17514 User Experience Controls Library
comdlg32.dll 6.1.7601.17514 Common Dialogs DLL
compobj.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library
compstui.dll 6.1.7600.16385 Common Property Sheet User Interface DLL
comrepl.dll 2001.12.8530.16385 COM+
comres.dll 2001.12.8530.16385 COM+ Resources
comsnap.dll 2001.12.8530.16385 COM+ Explorer MMC Snapin
comsvcs.dll 2001.12.8530.16385 COM+ Services
comuid.dll 2001.12.8530.16385 COM+ Explorer UI
connect.dll 6.1.7600.16385 Get Connected Wizards
console.dll 6.1.7600.16385 Control Panel Console Applet
corpol.dll 8.0.7600.16385 Microsoft COM Runtime Execution Engine
cpfilters.dll 6.6.7601.17528 PTFilter & Encypter/Decrypter Tagger Filters.
credssp.dll 6.1.7601.17514 Credential Delegation Security Package
credui.dll 6.1.7601.17514 Credential Manager User Interface
crtdll.dll 4.0.1183.1 Microsoft C Runtime Library
crypt32.dll 6.1.7601.17514 Crypto API32
cryptbase.dll 6.1.7600.16385 Base cryptographic API DLL
cryptdlg.dll 6.1.7600.16385 Microsoft Common Certificate Dialogs
cryptdll.dll 6.1.7600.16385 Cryptography Manager
cryptext.dll 6.1.7600.16385 Crypto Shell Extensions
cryptnet.dll 6.1.7600.16385 Crypto Network Related API
cryptsp.dll 6.1.7600.16385 Cryptographic Service Provider API
cryptsvc.dll 6.1.7601.17514 Cryptographic Services
cryptui.dll 6.1.7601.17514 Microsoft Trust UI Provider
cryptxml.dll 6.1.7600.16385 XML DigSig API
cscapi.dll 6.1.7601.17514 Offline Files Win32 API
cscdll.dll 6.1.7601.17514 Offline Files Temporary Shim
cscobj.dll 6.1.7601.17514 In-proc COM object used by clients of CSC API
csver.dll 9.2.0.1021 CSVer
ctl3d32.dll 2.31.0.0 Ctl3D 3D Windows Controls
d2d1.dll 6.1.7601.17563 Microsoft D2D Library
d3d10.dll 6.1.7600.16385 Direct3D 10 Runtime
d3d10_1.dll 6.1.7600.16385 Direct3D 10.1 Runtime
d3d10_1core.dll 6.1.7601.17514 Direct3D 10.1 Runtime
d3d10core.dll 6.1.7600.16385 Direct3D 10 Runtime
d3d10level9.dll 6.1.7601.17514 Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll 6.1.7601.17514 Direct3D 10 Rasterizer
d3d11.dll 6.1.7601.17514 Direct3D 11 Runtime
d3d8.dll 6.1.7600.16385 Microsoft Direct3D
d3d8thk.dll 6.1.7600.16385 Microsoft Direct3D OS Thunk Layer
d3d9.dll 6.1.7601.17514 Direct3D 9 Runtime
d3dcompiler_33.dll 9.18.904.15 Microsoft Direct3D
d3dcompiler_34.dll 9.19.949.46 Microsoft Direct3D
d3dcompiler_35.dll 9.19.949.1104 Microsoft Direct3D
d3dcompiler_36.dll 9.19.949.2111 Microsoft Direct3D
d3dcompiler_37.dll 9.22.949.2248 Microsoft Direct3D
d3dcompiler_38.dll 9.23.949.2378 Microsoft Direct3D
d3dcompiler_39.dll 9.24.949.2307 Microsoft Direct3D
d3dcompiler_40.dll 9.24.950.2656 Direct3D HLSL Compiler
d3dcompiler_41.dll 9.26.952.2844 Direct3D HLSL Compiler
d3dcompiler_42.dll 9.27.952.3022 Direct3D HLSL Compiler
d3dcompiler_43.dll 9.29.952.3111 Direct3D HLSL Compiler
d3dcsx_42.dll 9.27.952.3022 Direct3D 10.1 Extensions
d3dcsx_43.dll 9.29.952.3111 Direct3D 10.1 Extensions
d3dim.dll 6.1.7600.16385 Microsoft Direct3D
d3dim700.dll 6.1.7600.16385 Microsoft Direct3D
d3dramp.dll 6.1.7600.16385 Microsoft Direct3D
d3dx10.dll 9.16.843.0 Microsoft Direct3D
d3dx10_33.dll 9.18.904.21 Microsoft Direct3D
d3dx10_34.dll 9.19.949.46 Microsoft Direct3D
d3dx10_35.dll 9.19.949.1104 Microsoft Direct3D
d3dx10_36.dll 9.19.949.2009 Microsoft Direct3D
d3dx10_37.dll 9.19.949.2187 Microsoft Direct3D
d3dx10_38.dll 9.23.949.2378 Microsoft Direct3D
d3dx10_39.dll 9.24.949.2307 Microsoft Direct3D
d3dx10_40.dll 9.24.950.2656 Direct3D 10.1 Extensions
d3dx10_41.dll 9.26.952.2844 Direct3D 10.1 Extensions
d3dx10_42.dll 9.27.952.3001 Direct3D 10.1 Extensions
d3dx10_43.dll 9.29.952.3111 Direct3D 10.1 Extensions
d3dx11_42.dll 9.27.952.3022 Direct3D 10.1 Extensions
d3dx11_43.dll 9.29.952.3111 Direct3D 10.1 Extensions
d3dx9_24.dll 9.5.132.0 Microsoft® DirectX for Windows®
d3dx9_25.dll 9.6.168.0 Microsoft® DirectX for Windows®
d3dx9_26.dll 9.7.239.0 Microsoft® DirectX for Windows®
d3dx9_27.dll 9.8.299.0 Microsoft® DirectX for Windows®
d3dx9_28.dll 9.10.455.0 Microsoft® DirectX for Windows®
d3dx9_29.dll 9.11.519.0 Microsoft® DirectX for Windows®
d3dx9_30.dll 9.12.589.0 Microsoft® DirectX for Windows®
d3dx9_31.dll 9.15.779.0 Microsoft® DirectX for Windows®
d3dx9_32.dll 9.16.843.0 Microsoft® DirectX for Windows®
d3dx9_33.dll 9.18.904.15 Microsoft® DirectX for Windows®
d3dx9_34.dll 9.19.949.46 Microsoft® DirectX for Windows®
d3dx9_35.dll 9.19.949.1104 Microsoft® DirectX for Windows®
d3dx9_36.dll 9.19.949.2111 Microsoft® DirectX for Windows®
d3dx9_37.dll 9.22.949.2248 Microsoft® DirectX for Windows®
d3dx9_38.dll 9.23.949.2378 Microsoft® DirectX for Windows®
d3dx9_39.dll 9.24.949.2307 Microsoft® DirectX for Windows®
d3dx9_40.dll 9.24.950.2656 Direct3D 9 Extensions
d3dx9_41.dll 9.26.952.2844 Direct3D 9 Extensions
d3dx9_42.dll 9.27.952.3001 Direct3D 9 Extensions
d3dx9_43.dll 9.29.952.3111 Direct3D 9 Extensions
d3dxof.dll 6.1.7600.16385 DirectX Files DLL
dataclen.dll 6.1.7600.16385 Disk Space Cleaner for Windows
davclnt.dll 6.1.7601.17514 Web DAV Client DLL
davhlpr.dll 6.1.7600.16385 DAV Helper DLL
dbgeng.dll 6.1.7601.17514 Windows Symbolic Debugger Engine
dbghelp.dll 6.1.7601.17514 Windows Image Helper
dbnetlib.dll 6.1.7600.16385 Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll 6.1.7600.16385 Named Pipes Net DLL for SQL Clients
dciman32.dll 6.1.7600.16385 DCI Manager
ddaclsys.dll 6.1.7600.16385 SysPrep module for Reseting Data Drive ACL
ddoiproxy.dll 6.1.7600.16385 DDOI Interface Proxy
ddores.dll 6.1.7600.16385 Device Category information and resources
ddraw.dll 6.1.7600.16385 Microsoft DirectDraw
ddrawex.dll 6.1.7600.16385 Direct Draw Ex
defaultlocationcpl.dll 6.1.7601.17514 Default Location Control Panel
deskadp.dll 6.1.7600.16385 Advanced display adapter properties
deskmon.dll 6.1.7600.16385 Advanced display monitor properties
deskperf.dll 6.1.7600.16385 Advanced display performance properties
devenum.dll 6.6.7600.16385 Device enumeration.
devicecenter.dll 6.1.7601.17514 Device Center
devicedisplaystatusmanager.dll 6.1.7600.16385 Device Display Status Manager
devicemetadataparsers.dll 6.1.7600.16385 Common Device Metadata parsers
devicepairing.dll 6.1.7600.16385 Shell extensions for Device Pairing
devicepairingfolder.dll 6.1.7601.17514 Device Pairing Folder
devicepairinghandler.dll 6.1.7600.16385 Device Pairing Handler Dll
devicepairingproxy.dll 6.1.7600.16385 Device Pairing Proxy Dll
deviceuxres.dll 6.1.7600.16385 Windows Device User Experience Resource File
devmgr.dll 6.1.7600.16385 Device Manager MMC Snapin
devobj.dll 6.1.7600.16385 Device Information Set DLL
devrtl.dll 6.1.7600.16385 Device Management Run Time Library
dfscli.dll 6.1.7600.16385 Windows NT Distributed File System Client DLL
dfshim.dll 4.0.40305.0 ClickOnce Application Deployment Support Library
dfsshlex.dll 6.1.7600.16385 Distributed File System shell extension
dgderapi.dll 1.3.1900.0 Device Error Recovery SDK(x86)
dhcpcmonitor.dll 6.1.7600.16385 DHCP Client Monitor Dll
dhcpcore.dll 6.1.7601.17514 DHCP Client Service
dhcpcore6.dll 6.1.7600.16385 DHCPv6 Client
dhcpcsvc.dll 6.1.7600.16385 DHCP Client Service
dhcpcsvc6.dll 6.1.7600.16385 DHCPv6 Client
dhcpqec.dll 6.1.7600.16385 Microsoft DHCP NAP Enforcement Client
dhcpsapi.dll 6.1.7600.16385 DHCP Server API Stub DLL
difxapi.dll 2.1.0.0 Driver Install Frameworks for API library module
dimsjob.dll 6.1.7600.16385 DIMS Job DLL
dimsroam.dll 6.1.7600.16385 Key Roaming DIMS Provider DLL
dinput.dll 6.1.7600.16385 Microsoft DirectInput
dinput8.dll 6.1.7600.16385 Microsoft DirectInput
directdb.dll 6.1.7600.16385 Microsoft Direct Database API
diskcopy.dll 6.1.7600.16385 Windows DiskCopy
dispex.dll 5.8.7600.16385 Microsoft ® DispEx
display.dll 6.1.7601.17514 Display Control Panel
dmband.dll 6.1.7600.16385 Microsoft DirectMusic Band
dmcompos.dll 6.1.7600.16385 Microsoft DirectMusic Composer
dmdlgs.dll 6.1.7600.16385 Disk Management Snap-in Dialogs
dmdskmgr.dll 6.1.7600.16385 Disk Management Snap-in Support Library
dmdskres.dll 6.1.7600.16385 Disk Management Snap-in Resources
dmdskres2.dll 6.1.7600.16385 Disk Management Snap-in Resources
dmime.dll 6.1.7600.16385 Microsoft DirectMusic Interactive Engine
dmintf.dll 6.1.7600.16385 Disk Management DCOM Interface Stub
dmloader.dll 6.1.7600.16385 Microsoft DirectMusic Loader
dmocx.dll 6.1.7600.16385 TreeView OCX
dmrc.dll 6.1.7600.16385 Windows MRC
dmscript.dll 6.1.7600.16385 Microsoft DirectMusic Scripting
dmstyle.dll 6.1.7600.16385 Microsoft DirectMusic Style Engline
dmsynth.dll 6.1.7600.16385 Microsoft DirectMusic Software Synthesizer
dmusic.dll 6.1.7600.16385 Microsoft DirectMusic Core Services
dmutil.dll 6.1.7600.16385 Logical Disk Manager Utility Library
dmvdsitf.dll 6.1.7600.16385 Disk Management Snap-in Support Library
dnsapi.dll 6.1.7601.17570 DNS Client API DLL
dnscmmc.dll 6.1.7601.17514 DNS Client MMC Snap-in DLL
docprop.dll 6.1.7600.16385 OLE DocFile Property Page
dot3api.dll 6.1.7601.17514 802.3 Autoconfiguration API
dot3cfg.dll 6.1.7601.17514 802.3 Netsh Helper
dot3dlg.dll 6.1.7600.16385 802.3 UI Helper
dot3gpclnt.dll 6.1.7600.16385 802.3 Group Policy Client
dot3gpui.dll 6.1.7600.16385 802.3 Network Policy Management Snap-in
dot3hc.dll 6.1.7600.16385 Dot3 Helper Class
dot3msm.dll 6.1.7601.17514 802.3 Media Specific Module
dot3ui.dll 6.1.7601.17514 802.3 Advanced UI
dpapiprovider.dll 6.1.7600.16385 dpapiprovider DLL
dplayx.dll 6.1.7600.16385 Microsoft DirectPlay
dpmodemx.dll 6.1.7600.16385 Modem and Serial Connection For DirectPlay
dpnaddr.dll 6.1.7601.17514 Microsoft DirectPlay8 Address
dpnathlp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPnP
dpnet.dll 6.1.7600.16385 Microsoft DirectPlay
dpnhpast.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper PAST
dpnhupnp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPNP
dpnlobby.dll 6.1.7600.16385 Microsoft DirectPlay8 Lobby
dpwsockx.dll 6.1.7600.16385 Internet TCP/IP and IPX Connection For DirectPlay
dpx.dll 6.1.7601.17514 Microsoft(R) Delta Package Expander
drmmgrtn.dll 11.0.7601.17514 DRM Migration DLL
drmv2clt.dll 11.0.7600.16385 DRMv2 Client DLL
drprov.dll 6.1.7600.16385 Microsoft Remote Desktop Session Host Server Network Provider
drt.dll 6.1.7600.16385 Distributed Routing Table
drtprov.dll 6.1.7600.16385 Distributed Routing Table Providers
drttransport.dll 6.1.7600.16385 Distributed Routing Table Transport Provider
drvstore.dll 6.1.7601.17514 Driver Store API
ds32gt.dll 6.1.7600.16385 ODBC Driver Setup Generic Thunk
dsauth.dll 6.1.7601.17514 DS Authorization for Services
dsdmo.dll 6.1.7600.16385 DirectSound Effects
dshowrdpfilter.dll 1.0.0.0 RDP Renderer Filter (redirector)
dskquota.dll 6.1.7600.16385 Windows Shell Disk Quota Support DLL
dskquoui.dll 6.1.7601.17514 Windows Shell Disk Quota UI DLL
dsound.dll 6.1.7600.16385 DirectSound
dsprop.dll 6.1.7600.16385 Windows Active Directory Property Pages
dsquery.dll 6.1.7600.16385 Directory Service Find
dsrole.dll 6.1.7600.16385 DS Role Client DLL
dssec.dll 6.1.7600.16385 Directory Service Security UI
dssenh.dll 6.1.7600.16385 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsuiext.dll 6.1.7601.17514 Directory Service Common UI
dswave.dll 6.1.7600.16385 Microsoft DirectMusic Wave
dtsh.dll 6.1.7600.16385 Detection and Sharing Status API
dui70.dll 6.1.7600.16385 Windows DirectUI Engine
duser.dll 6.1.7600.16385 Windows DirectUser Engine
dwmapi.dll 6.1.7600.16385 Microsoft Desktop Window Manager API
dwmcore.dll 6.1.7601.17514 Microsoft DWM Core Library
dwrite.dll 6.1.7601.17563 Microsoft DirectX Typography Services
dxdiagn.dll 6.1.7601.17514 Microsoft DirectX Diagnostic Tool
dxgi.dll 6.1.7601.17514 DirectX Graphics Infrastructure
dxmasf.dll 12.0.7601.17514 Microsoft Windows Media Component Removal File.
dxptaskringtone.dll 6.1.7601.17514 Microsoft Ringtone Editor
dxptasksync.dll 6.1.7601.17514 Microsoft Windows DXP Sync.
dxtmsft.dll 8.0.7600.16385 DirectX Media -- Image DirectX Transforms
dxtrans.dll 8.0.7600.16385 DirectX Media -- DirectX Transform Core
dxva2.dll 6.1.7600.16385 DirectX Video Acceleration 2.0 DLL
eapp3hst.dll 6.1.7601.17514 Microsoft ThirdPartyEapDispatcher
eappcfg.dll 6.1.7600.16385 Eap Peer Config
eappgnui.dll 6.1.7601.17514 EAP Generic UI
eapphost.dll 6.1.7601.17514 Microsoft EAPHost Peer service
eappprxy.dll 6.1.7600.16385 Microsoft EAPHost Peer Client DLL
eapqec.dll 6.1.7600.16385 Microsoft EAP NAP Enforcement Client
efsadu.dll 6.1.7600.16385 File Encryption Utility
efscore.dll 6.1.7601.17514 EFS Core Library
efsutil.dll 6.1.7600.16385 EFS Utility Library
ehstorapi.dll 6.1.7601.17514 Windows Enhanced Storage API
ehstorpwdmgr.dll 6.1.7600.16385 Windows Enhanced Storage Password Manager
ehstorshell.dll 6.1.7600.16385 Windows Enhanced Storage Shell Extension DLL
els.dll 6.1.7600.16385 Event Viewer Snapin
elscore.dll 6.1.7600.16385 Els Core Platform DLL
elslad.dll 6.1.7600.16385 ELS Language Detection
elstrans.dll 6.1.7601.17514 ELS Transliteration Service
encapi.dll 6.1.7600.16385 Encoder API
encdec.dll 6.6.7601.17528 XDSCodec & Encypter/Decrypter Tagger Filters.
eqossnap.dll 6.1.7600.16385 EQoS Snapin extension
es.dll 2001.12.8530.16385 COM+
esent.dll 6.1.7601.17514 Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll 6.1.7600.16385 Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
eventcls.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service event class
evr.dll 6.1.7601.17514 Enhanced Video Renderer DLL
explorerframe.dll 6.1.7601.17514 ExplorerFrame
expsrv.dll 6.0.72.9589 Visual Basic for Applications Runtime - Expression Service
f3ahvoas.dll 6.1.7600.16385 JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
faultrep.dll 6.1.7601.17514 Windows User Mode Crash Reporting DLL
fdbth.dll 6.1.7600.16385 Function Discovery Bluetooth Provider Dll
fdbthproxy.dll 6.1.7600.16385 Bluetooth Provider Proxy Dll
fde.dll 6.1.7601.17514 Folder Redirection Snapin Extension
fdeploy.dll 6.1.7601.17514 Folder Redirection Group Policy Extension
fdpnp.dll 6.1.7600.16385 Pnp Provider Dll
fdproxy.dll 6.1.7600.16385 Function Discovery Proxy Dll
fdssdp.dll 6.1.7600.16385 Function Discovery SSDP Provider Dll
fdwcn.dll 6.1.7600.16385 Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll 6.1.7600.16385 Function Discovery WNet Provider Dll
fdwsd.dll 6.1.7600.16385 Function Discovery WS Discovery Provider Dll
feclient.dll 6.1.7600.16385 Windows NT File Encryption Client Interfaces
filemgmt.dll 6.1.7600.16385 Services and Shared Folders
findnetprinters.dll 6.1.7600.16385 Find Network Printers COM Component
firewallapi.dll 6.1.7600.16385 Windows Firewall API
firewallcontrolpanel.dll 6.1.7601.17514 Windows Firewall Control Panel
fltlib.dll 6.1.7600.16385 Filter Library
fmifs.dll 6.1.7600.16385 FM IFS Utility DLL
fms.dll 1.1.6000.16384 Font Management Services
fontext.dll 6.1.7601.17514 Windows Font Folder
fontsub.dll 6.1.7601.17105 Font Subsetting DLL
fphc.dll 6.1.7601.17514 Filtering Platform Helper Class
framedyn.dll 6.1.7601.17514 WMI SDK Provider Framework
framedynos.dll 6.1.7601.17514 WMI SDK Provider Framework
frapsvid.dll 3.2.6.12176 Fraps
fthsvc.dll 6.1.7600.16385 Microsoft Windows Fault Tolerant Heap Diagnostic Module
fundisc.dll 6.1.7600.16385 Function Discovery Dll
fwcfg.dll 6.1.7600.16385 Windows Firewall Configuration Helper
fwpuclnt.dll 6.1.7601.17514 FWP/IPsec User-Mode API
fwremotesvr.dll 6.1.7600.16385 Windows Firewall Remote APIs Server
fxsapi.dll 6.1.7600.16385 Microsoft Fax API Support DLL
fxscom.dll 6.1.7600.16385 Microsoft Fax Server COM Client Interface
fxscomex.dll 6.1.7600.16385 Microsoft Fax Server Extended COM Client Interface
fxsext32.dll 6.1.7600.16385 Microsoft Fax Exchange Command Extension
fxsresm.dll 6.1.7600.16385 Microsoft Fax Resource DLL
fxsxp32.dll 6.1.7600.16385 Microsoft Fax Transport Provider
gameux.dll 6.1.7601.17514 Games Explorer
gameuxlegacygdfs.dll 1.0.0.1 Legacy GDF resource DLL
gcdef.dll 6.1.7600.16385 Game Controllers Default Sheets
gdi32.dll 6.1.7601.17514 GDI Client DLL
getuname.dll 6.1.7600.16385 Unicode name Dll for UCE
glmf32.dll 6.1.7600.16385 OpenGL Metafiling DLL
glu32.dll 6.1.7600.16385 OpenGL Utility Library DLL
gpapi.dll 6.1.7600.16385 Group Policy Client API
gpedit.dll 6.1.7600.16385 GPEdit
gpprefcl.dll 6.1.7601.17514 Group Policy Preference Client
gpprnext.dll 6.1.7600.16385 Group Policy Printer Extension
gpscript.dll 6.1.7600.16385 Script Client Side Extension
gptext.dll 6.1.7600.16385 GPTExt
hbaapi.dll 6.1.7601.17514 HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll 6.1.7600.16385 Action Center Providers
helppaneproxy.dll 6.1.7600.16385 Microsoft® Help Proxy
hgcpl.dll 6.1.7601.17514 HomeGroup Control Panel
hhsetup.dll 6.1.7600.16385 Microsoft® HTML Help
hid.dll 6.1.7600.16385 Hid User Library
hidserv.dll 6.1.7600.16385 HID Service
hlink.dll 6.1.7600.16385 Microsoft Office 2000 component
hnetcfg.dll 6.1.7600.16385 Home Networking Configuration Manager
hnetmon.dll 6.1.7600.16385 Home Networking Monitor DLL
httpapi.dll 6.1.7601.17514 HTTP Protocol Stack API
htui.dll 6.1.7600.16385 Common halftone Color Adjustment Dialogs
ias.dll 6.1.7600.16385 Network Policy Server
iasacct.dll 6.1.7601.17514 NPS Accounting Provider
iasads.dll 6.1.7600.16385 NPS Active Directory Data Store
iasdatastore.dll 6.1.7600.16385 NPS Datastore server
iashlpr.dll 6.1.7600.16385 NPS Surrogate Component
iasmigplugin.dll 6.1.7600.16385 NPS Migration DLL
iasnap.dll 6.1.7600.16385 NPS NAP Provider
iaspolcy.dll 6.1.7600.16385 NPS Pipeline
iasrad.dll 6.1.7601.17514 NPS RADIUS Protocol Component
iasrecst.dll 6.1.7601.17514 NPS XML Datastore Access
iassam.dll 6.1.7600.16385 NPS NT SAM Provider
iassdo.dll 6.1.7600.16385 NPS SDO Component
iassvcs.dll 6.1.7600.16385 NPS Services Component
icardie.dll 8.0.7600.16385 Microsoft Information Card IE Helper
icardres.dll 3.0.4506.4926 Windows CardSpace
icclibdll.dll
iccvid.dll 1.10.0.13 Cinepak® Codec
icm32.dll 6.1.7600.16385 Microsoft Color Management Module (CMM)
icmp.dll 6.1.7600.16385 ICMP DLL
icmui.dll 6.1.7600.16385 Microsoft Color Matching System User Interface DLL
iconcodecservice.dll 6.1.7600.16385 Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll 6.1.7600.16385 Internet Gateway Device properties
idndl.dll 6.1.7600.16385 Downlevel DLL
idstore.dll 6.1.7600.16385 Identity Store
ieakeng.dll 8.0.7600.16385 Internet Explorer Administration Kit Engine Library
ieaksie.dll 8.0.7600.16385 Internet Explorer Snap-in Extension to Group Policy
ieakui.dll 8.0.7600.16385 Microsoft IEAK Shared UI DLL
ieapfltr.dll 8.0.6001.18669 Microsoft SmartScreen Filter
iedkcs32.dll 18.0.7601.17514 IEAK branding
ieframe.dll 8.0.7601.17573 Internet Browser
iepeers.dll 8.0.7601.17514 Internet Explorer Peer Objects
iernonce.dll 8.0.7600.16385 Extended RunOnce processing with UI
iertutil.dll 8.0.7601.17514 Run time utility for Internet Explorer
iesetup.dll 8.0.7600.16385 IOD Version Map
iesysprep.dll 8.0.7601.17514 IE Sysprep Provider
ieui.dll 8.0.7601.17573 Internet Explorer UI Engine
ifmon.dll 6.1.7600.16385 IF Monitor DLL
ifsutil.dll 6.1.7601.17514 IFS Utility DLL
ifsutilx.dll 6.1.7600.16385 IFS Utility Extension DLL
imagehlp.dll 6.1.7601.17514 Windows NT Image Helper
imageres.dll 6.1.7600.16385 Windows Image Resource
imagesp1.dll 6.1.7600.16385 Windows SP1 Image Resource
imapi.dll 6.1.7600.16385 Image Mastering API
imapi2.dll 6.1.7601.17514 Image Mastering API v2
imapi2fs.dll 6.1.7601.17514 Image Mastering File System Imaging API v2
imgutil.dll 8.0.7601.17514 IE plugin image decoder support DLL
imjp10k.dll 10.1.7600.16385 Microsoft IME
imm32.dll 6.1.7601.17514 Multi-User Windows IMM32 API Client DLL
inetcomm.dll 6.1.7601.17574 Microsoft Internet Messaging API Resources
inetmib1.dll 6.1.7601.17514 Microsoft MIB-II subagent
inetres.dll 6.1.7600.16385 Microsoft Internet Messaging API Resources
infocardapi.dll 3.0.4506.4926 Microsoft InfoCards
inked.dll 6.1.7600.16385 Microsoft Tablet PC InkEdit Control
input.dll 6.1.7601.17514 InputSetting DLL
inseng.dll 8.0.7601.17514 Install engine
iologmsg.dll 6.1.7600.16385 IO Logging DLL
ipbusenumproxy.dll 6.1.7600.16385 Associated Device Presence Proxy Dll
iphlpapi.dll 6.1.7601.17514 IP Helper API
iprop.dll 6.1.7600.16385 OLE PropertySet Implementation
iprtprio.dll 6.1.7600.16385 IP Routing Protocol Priority DLL
iprtrmgr.dll 6.1.7601.17514 IP Router Manager
ipsecsnp.dll 6.1.7600.16385 IP Security Policy Management Snap-in
ipsmsnap.dll 6.1.7601.17514 IP Security Monitor Snap-in
ir32_32.dll 3.24.15.3 Intel Indeo(R) Video R3.2 32-bit Driver
ir41_qc.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor
ir41_qcx.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor
ir50_32.dll 5.2562.15.55 Intel Indeo® video 5.10
ir50_qc.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor
ir50_qcx.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor
irclass.dll 6.1.7600.16385 Infrared Class Coinstaller
iscsicpl.dll 5.2.3790.1830 iSCSI Initiator Control Panel Applet
iscsidsc.dll 6.1.7600.16385 iSCSI Discovery api
iscsied.dll 6.1.7600.16385 iSCSI Extension DLL
iscsium.dll 6.1.7601.17514 iSCSI Discovery api
iscsiwmi.dll 6.1.7600.16385 MS iSCSI Initiator WMI Provider
issacapi_bs-2.3.dll
issacapi_pe-2.3.dll
issacapi_se-2.3.dll
itircl.dll 6.1.7601.17514 Microsoft® InfoTech IR Local DLL
itss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library
itvdata.dll 6.6.7601.17514 iTV Data Filters.
iyuv_32.dll 6.1.7601.17514 Intel Indeo(R) Video YUV Codec
jscript.dll 5.8.7601.17562 Microsoft ® JScript
jsproxy.dll 8.0.7601.17573 JScript Proxy Auto-Configuration
kbd101.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 101
kbd101a.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 103
kbd106.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106
kbd106n.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106
kbda1.dll 6.1.7600.16385 Arabic_English_101 Keyboard Layout
kbda2.dll 6.1.7600.16385 Arabic_2 Keyboard Layout
kbda3.dll 6.1.7600.16385 Arabic_French_102 Keyboard Layout
kbdal.dll 6.1.7600.16385 Albania Keyboard Layout
kbdarme.dll 6.1.7600.16385 Eastern Armenian Keyboard Layout
kbdarmw.dll 6.1.7600.16385 Western Armenian Keyboard Layout
kbdax2.dll 6.1.7600.16385 JP Japanese Keyboard Layout for AX2
kbdaze.dll 6.1.7600.16385 Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll 6.1.7600.16385 Azeri-Latin Keyboard Layout
kbdbash.dll 6.1.7601.17514 Bashkir Keyboard Layout
kbdbe.dll 6.1.7600.16385 Belgian Keyboard Layout
kbdbene.dll 6.1.7600.16385 Belgian Dutch Keyboard Layout
kbdbgph.dll 6.1.7600.16385 Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll 6.1.7600.16385 Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll 6.1.7600.16385 Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll 6.1.7601.17514 Belarusian Keyboard Layout
kbdbr.dll 6.1.7600.16385 Brazilian Keyboard Layout
kbdbu.dll 6.1.7600.16385 Bulgarian (Typewriter) Keyboard Layout
kbdbulg.dll 6.1.7601.17514 Bulgarian Keyboard Layout
kbdca.dll 6.1.7600.16385 Canadian Multilingual Keyboard Layout
kbdcan.dll 6.1.7600.16385 Canadian Multilingual Standard Keyboard Layout
kbdcr.dll 6.1.7600.16385 Croatian/Slovenian Keyboard Layout
kbdcz.dll 6.1.7600.16385 Czech Keyboard Layout
kbdcz1.dll 6.1.7601.17514 Czech_101 Keyboard Layout
kbdcz2.dll 6.1.7600.16385 Czech_Programmer's Keyboard Layout
kbdda.dll 6.1.7600.16385 Danish Keyboard Layout
kbddiv1.dll 6.1.7600.16385 Divehi Phonetic Keyboard Layout
kbddiv2.dll 6.1.7600.16385 Divehi Typewriter Keyboard Layout
kbddv.dll 6.1.7600.16385 Dvorak US English Keyboard Layout
kbdes.dll 6.1.7600.16385 Spanish Alernate Keyboard Layout
kbdest.dll 6.1.7600.16385 Estonia Keyboard Layout
kbdfa.dll 6.1.7600.16385 Persian Keyboard Layout
kbdfc.dll 6.1.7600.16385 Canadian French Keyboard Layout
kbdfi.dll 6.1.7600.16385 Finnish Keyboard Layout
kbdfi1.dll 6.1.7600.16385 Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll 6.1.7600.16385 Færoese Keyboard Layout
kbdfr.dll 6.1.7600.16385 French Keyboard Layout
kbdgae.dll 6.1.7600.16385 Gaelic Keyboard Layout
kbdgeo.dll 6.1.7601.17514 Georgian Keyboard Layout
kbdgeoer.dll 6.1.7600.16385 Georgian (Ergonomic) Keyboard Layout
kbdgeoqw.dll 6.1.7600.16385 Georgian (QWERTY) Keyboard Layout
kbdgkl.dll 6.1.7601.17514 Greek_Latin Keyboard Layout
kbdgr.dll 6.1.7600.16385 German Keyboard Layout
kbdgr1.dll 6.1.7601.17514 German_IBM Keyboard Layout
kbdgrlnd.dll 6.1.7600.16385 Greenlandic Keyboard Layout
kbdhau.dll 6.1.7600.16385 Hausa Keyboard Layout
kbdhe.dll 6.1.7600.16385 Greek Keyboard Layout
kbdhe220.dll 6.1.7600.16385 Greek IBM 220 Keyboard Layout
kbdhe319.dll 6.1.7600.16385 Greek IBM 319 Keyboard Layout
kbdheb.dll 6.1.7600.16385 KBDHEB Keyboard Layout
kbdhela2.dll 6.1.7600.16385 Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll 6.1.7600.16385 Greek IBM 319 Latin Keyboard Layout
kbdhept.dll 6.1.7600.16385 Greek_Polytonic Keyboard Layout
kbdhu.dll 6.1.7600.16385 Hungarian Keyboard Layout
kbdhu1.dll 6.1.7600.16385 Hungarian 101-key Keyboard Layout
kbdibm02.dll 6.1.7600.16385 JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll 6.1.7600.16385 Igbo Keyboard Layout
kbdic.dll 6.1.7600.16385 Icelandic Keyboard Layout
kbdinasa.dll 6.1.7600.16385 Assamese (Inscript) Keyboard Layout
kbdinbe1.dll 6.1.7600.16385 Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll 6.1.7600.16385 Bengali (Inscript) Keyboard Layout
kbdinben.dll 6.1.7601.17514 Bengali Keyboard Layout
kbdindev.dll 6.1.7600.16385 Devanagari Keyboard Layout
kbdinguj.dll 6.1.7600.16385 Gujarati Keyboard Layout
kbdinhin.dll 6.1.7601.17514 Hindi Keyboard Layout
kbdinkan.dll 6.1.7601.17514 Kannada Keyboard Layout
kbdinmal.dll 6.1.7600.16385 Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll 6.1.7601.17514 Marathi Keyboard Layout
kbdinori.dll 6.1.7601.17514 Oriya Keyboard Layout
kbdinpun.dll 6.1.7600.16385 Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll 6.1.7601.17514 Tamil Keyboard Layout
kbdintel.dll 6.1.7601.17514 Telugu Keyboard Layout
kbdinuk2.dll 6.1.7600.16385 Inuktitut Naqittaut Keyboard Layout
kbdir.dll 6.1.7600.16385 Irish Keyboard Layout
kbdit.dll 6.1.7600.16385 Italian Keyboard Layout
kbdit142.dll 6.1.7600.16385 Italian 142 Keyboard Layout
kbdiulat.dll 6.1.7600.16385 Inuktitut Latin Keyboard Layout
kbdjpn.dll 6.1.7600.16385 JP Japanese Keyboard Layout Stub driver
kbdkaz.dll 6.1.7600.16385 Kazak_Cyrillic Keyboard Layout
kbdkhmr.dll 6.1.7600.16385 Cambodian Standard Keyboard Layout
kbdkor.dll 6.1.7600.16385 KO Hangeul Keyboard Layout Stub driver
kbdkyr.dll 6.1.7600.16385 Kyrgyz Keyboard Layout
kbdla.dll 6.1.7600.16385 Latin-American Spanish Keyboard Layout
kbdlao.dll 6.1.7600.16385 Lao Standard Keyboard Layout
kbdlk41a.dll 6.1.7601.17514 DEC LK411-AJ Keyboard Layout
kbdlt.dll 6.1.7600.16385 Lithuania Keyboard Layout
kbdlt1.dll 6.1.7601.17514 Lithuanian Keyboard Layout
kbdlt2.dll 6.1.7600.16385 Lithuanian Standard Keyboard Layout
kbdlv.dll 6.1.7600.16385 Latvia Keyboard Layout
kbdlv1.dll 6.1.7600.16385 Latvia-QWERTY Keyboard Layout
kbdmac.dll 6.1.7600.16385 Macedonian (FYROM) Keyboard Layout
kbdmacst.dll 6.1.7600.16385 Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll 6.1.7601.17514 Maori Keyboard Layout
kbdmlt47.dll 6.1.7600.16385 Maltese 47-key Keyboard Layout
kbdmlt48.dll 6.1.7600.16385 Maltese 48-key Keyboard Layout
kbdmon.dll 6.1.7601.17514 Mongolian Keyboard Layout
kbdmonmo.dll 6.1.7600.16385 Mongolian (Mongolian Script) Keyboard Layout
kbdne.dll 6.1.7600.16385 Dutch Keyboard Layout
kbdnec.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll 6.1.7600.16385 JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll 6.1.7601.17514 Nepali Keyboard Layout
kbdno.dll 6.1.7600.16385 Norwegian Keyboard Layout
kbdno1.dll 6.1.7600.16385 Norwegian with Sami Keyboard Layout
kbdnso.dll 6.1.7600.16385 Sesotho sa Leboa Keyboard Layout
kbdpash.dll 6.1.7600.16385 Pashto (Afghanistan) Keyboard Layout
kbdpl.dll 6.1.7600.16385 Polish Keyboard Layout
kbdpl1.dll 6.1.7600.16385 Polish Programmer's Keyboard Layout
kbdpo.dll 6.1.7601.17514 Portuguese Keyboard Layout
kbdro.dll 6.1.7600.16385 Romanian (Legacy) Keyboard Layout
kbdropr.dll 6.1.7600.16385 Romanian (Programmers) Keyboard Layout
kbdrost.dll 6.1.7600.16385 Romanian (Standard) Keyboard Layout
kbdru.dll 6.1.7600.16385 Russian Keyboard Layout
kbdru1.dll 6.1.7600.16385 Russia(Typewriter) Keyboard Layout
kbdsf.dll 6.1.7601.17514 Swiss French Keyboard Layout
kbdsg.dll 6.1.7601.17514 Swiss German Keyboard Layout
kbdsl.dll 6.1.7600.16385 Slovak Keyboard Layout
kbdsl1.dll 6.1.7600.16385 Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll 6.1.7600.16385 Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll 6.1.7600.16385 Sami Extended Norway Keyboard Layout
kbdsn1.dll 6.1.7600.16385 Sinhala Keyboard Layout
kbdsorex.dll 6.1.7600.16385 Sorbian Extended Keyboard Layout
kbdsors1.dll 6.1.7600.16385 Sorbian Standard Keyboard Layout
kbdsorst.dll 6.1.7600.16385 Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll 6.1.7600.16385 Spanish Keyboard Layout
kbdsw.dll 6.1.7600.16385 Swedish Keyboard Layout
kbdsw09.dll 6.1.7600.16385 Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll 6.1.7600.16385 Syriac Standard Keyboard Layout
kbdsyr2.dll 6.1.7600.16385 Syriac Phoenetic Keyboard Layout
kbdtajik.dll 6.1.7601.17514 Tajik Keyboard Layout
kbdtat.dll 6.1.7600.16385 Tatar_Cyrillic Keyboard Layout
kbdth0.dll 6.1.7600.16385 Thai Kedmanee Keyboard Layout
kbdth1.dll 6.1.7600.16385 Thai Pattachote Keyboard Layout
kbdth2.dll 6.1.7600.16385 Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll 6.1.7600.16385 Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdtiprc.dll 6.1.7600.16385 Tibetan (PRC) Keyboard Layout
kbdtuf.dll 6.1.7601.17514 Turkish F Keyboard Layout
kbdtuq.dll 6.1.7601.17514 Turkish Q Keyboard Layout
kbdturme.dll 6.1.7601.17514 Turkmen Keyboard Layout
kbdughr.dll 6.1.7600.16385 Uyghur (Legacy) Keyboard Layout
kbdughr1.dll 6.1.7601.17514 Uyghur Keyboard Layout
kbduk.dll 6.1.7600.16385 United Kingdom Keyboard Layout
kbdukx.dll 6.1.7600.16385 United Kingdom Extended Keyboard Layout
kbdur.dll 6.1.7600.16385 Ukrainian Keyboard Layout
kbdur1.dll 6.1.7600.16385 Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll 6.1.7600.16385 Urdu Keyboard Layout
kbdus.dll 6.1.7601.17514 United States Keyboard Layout
kbdusa.dll 6.1.7600.16385 US IBM Arabic 238_L Keyboard Layout
kbdusl.dll 6.1.7600.16385 Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll 6.1.7600.16385 Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll 6.1.7600.16385 US Multinational Keyboard Layout
kbduzb.dll 6.1.7600.16385 Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll 6.1.7600.16385 Vietnamese Keyboard Layout
kbdwol.dll 6.1.7600.16385 Wolof Keyboard Layout
kbdyak.dll 6.1.7600.16385 Yakut - Russia Keyboard Layout
kbdyba.dll 6.1.7600.16385 Yoruba Keyboard Layout
kbdycc.dll 6.1.7600.16385 Serbian (Cyrillic) Keyboard Layout
kbdycl.dll 6.1.7600.16385 Serbian (Latin) Keyboard Layout
kerberos.dll 6.1.7601.17527 Kerberos Security Package
kernel32.dll 6.1.7601.17514 Windows NT BASE API Client DLL
kernelbase.dll 6.1.7601.17514 Windows NT BASE API Client DLL
keyiso.dll 6.1.7600.16385 CNG Key Isolation Service
keymgr.dll 6.1.7600.16385 Stored User Names and Passwords
korwbrkr.dll 6.1.7600.16385 korwbrkr
ksuser.dll 6.1.7600.16385 User CSA Library
ktmw32.dll 6.1.7600.16385 Windows KTM Win32 Client DLL
l2gpstore.dll 6.1.7600.16385 Policy Storage dll
l2nacp.dll 6.1.7600.16385 Windows Onex Credential Provider
l2sechc.dll 6.1.7600.16385 Layer 2 Security Diagnostics Helper Classes
laprxy.dll 12.0.7600.16385 Windows Media Logagent Proxy
licmgr10.dll 8.0.7601.17514 Microsoft® License Manager DLL
linkinfo.dll 6.1.7600.16385 Windows Volume Tracking
livessp.dll 6.500.3165.0 LiveSSP
loadperf.dll 6.1.7600.16385 Load & Unload Performance Counters
localsec.dll 6.1.7601.17514 Local Users and Groups MMC Snapin
locationapi.dll 6.1.7600.16385 Microsoft Windows Location API
loghours.dll 6.1.7600.16385 Schedule Dialog
logoncli.dll 6.1.7601.17514 Net Logon Client DLL
lpk.dll 6.1.7600.16385 Language Pack
lsmproxy.dll 6.1.7601.17514 LSM interfaces proxy Dll
luainstall.dll 6.1.7601.17514 Lua manifest install
lz32.dll 6.1.7600.16385 LZ Expand/Compress API DLL
macxmlproto.dll 1.2.2005.128 ????? ???? ?????
madrm.dll 3.0.2004.1011 MaDRM DLL
magnification.dll 6.1.7600.16385 Microsoft Magnification API
majguilib.dll 1.0.2004.301 MaJGUILib DLL
mamacextract.dll 1.0.531.1 MAMACExtract
mapi32.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT
mapistub.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT
maxmlproto.dll 1.0.2004.602 MaXMLProto DLL
mcewmdrmndbootstrap.dll 1.3.2302.0 Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL
mciavi32.dll 6.1.7601.17514 Video For Windows MCI driver
mcicda.dll 6.1.7600.16385 MCI driver for cdaudio devices
mciqtz32.dll 6.6.7601.17514 DirectShow MCI Driver
mciseq.dll 6.1.7600.16385 MCI driver for MIDI sequencer
mciwave.dll 6.1.7600.16385 MCI driver for waveform audio
mctres.dll 6.1.7600.16385 MCT resource DLL
mdminst.dll 6.1.7600.16385 Modem Class Installer
mediametadatahandler.dll 6.1.7601.17514 Media Metadata Handler
mf.dll 12.0.7601.17514 Media Foundation DLL
mf3216.dll 6.1.7600.16385 32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll 6.1.7600.16385 Media Foundation AAC Encoder
mfc40.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version
mfc40u.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version
mfc42.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version
mfc42u.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version
mfcsubs.dll 2001.12.8530.16385 COM+
mfds.dll 12.0.7601.17514 Media Foundation Direct Show wrapper DLL
mfdvdec.dll 6.1.7600.16385 Media Foundation DV Decoder
mferror.dll 12.0.7600.16385 Media Foundation Error DLL
mfh264enc.dll 6.1.7600.16385 Media Foundation H264 Encoder
mfmjpegdec.dll 6.1.7600.16385 Media Foundation MJPEG Decoder
mfplat.dll 12.0.7600.16385 Media Foundation Platform DLL
mfplay.dll 12.0.7601.17514 Media Foundation Playback API DLL
mfps.dll 12.0.7600.16385 Media Foundation Proxy DLL
mfreadwrite.dll 12.0.7601.17514 Media Foundation ReadWrite DLL
mfvdsp.dll 6.1.7600.16385 Windows Media Foundation Video DSP Components
mfwmaaec.dll 6.1.7600.16385 Windows Media Audio AEC for Media Foundation
mgmtapi.dll 6.1.7600.16385 Microsoft SNMP Manager API (uses WinSNMP)
midimap.dll 6.1.7600.16385 Microsoft MIDI Mapper
migisol.dll 6.1.7601.17514 Migration System Isolation Layer
miguiresource.dll 6.1.7600.16385 MIG wini32 resources
mimefilt.dll 2008.0.7601.17514 MIME Filter
mk_lyric.dll 1.0.1124.1 MK_Lyric
mkl_blueripple.dll 1.0.2.0 Custom Math Kernel Library
mlang.dll 6.1.7600.16385 Multi Language Support DLL
mmcbase.dll 6.1.7600.16385 MMC Base DLL
mmci.dll 6.1.7600.16385 Media class installer
mmcico.dll 6.1.7600.16385 Media class co-installer
mmcndmgr.dll 6.1.7601.17514 MMC Node Manager DLL
mmcshext.dll 6.1.7600.16385 MMC Shell Extension DLL
mmdevapi.dll 6.1.7601.17514 MMDevice API
mmres.dll 6.1.7600.16385 General Audio Resources
modemui.dll 6.1.7600.16385 Windows Modem Properties
moricons.dll 6.1.7600.16385 Windows NT Setup Icon Resources Library
mp3dmod.dll 6.1.7600.16385 Microsoft MP3 Decoder DMO
mp43decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder
mp4sdecd.dll 6.1.7600.16385 Windows Media MPEG-4 S Video Decoder
mpg4decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder
mpr.dll 6.1.7600.16385 Multiple Provider Router DLL
mprapi.dll 6.1.7601.17514 Windows NT MP Router Administration DLL
mprddm.dll 6.1.7601.17514 Demand Dial Manager Supervisor
mprdim.dll 6.1.7600.16385 Dynamic Interface Manager
mprmsg.dll 6.1.7600.16385 Multi-Protocol Router Service Messages DLL
msaatext.dll 2.0.10413.0 Active Accessibility text support
msac3enc.dll 6.1.7601.17514 Microsoft AC-3 Encoder
msacm32.dll 6.1.7600.16385 Microsoft ACM Audio Filter
msadce.dll 6.1.7601.17514 OLE DB Cursor Engine
msadcer.dll 6.1.7600.16385 OLE DB Cursor Engine Resources
msadcf.dll 6.1.7601.17514 Remote Data Services Data Factory
msadcfr.dll 6.1.7600.16385 Remote Data Services Data Factory Resources
msadco.dll 6.1.7601.17514 Remote Data Services Data Control
msadcor.dll 6.1.7600.16385 Remote Data Services Data Control Resources
msadcs.dll 6.1.7601.17514 Remote Data Services ISAPI Library
msadds.dll 6.1.7600.16385 OLE DB Data Shape Provider
msaddsr.dll 6.1.7600.16385 OLE DB Data Shape Provider Resources
msader15.dll 6.1.7600.16385 ActiveX Data Objects Resources
msado15.dll 6.1.7601.17514 ActiveX Data Objects
msadomd.dll 6.1.7601.17514 ActiveX Data Objects (Multi-Dimensional)
msador15.dll 6.1.7601.17514 Microsoft ActiveX Data Objects Recordset
msadox.dll 6.1.7601.17514 ActiveX Data Objects Extensions
msadrh15.dll 6.1.7600.16385 ActiveX Data Objects Rowset Helper
msafd.dll 6.1.7600.16385 Microsoft Windows Sockets 2.0 Service Provider
msasn1.dll 6.1.7601.17514 ASN.1 Runtime APIs
msaudite.dll 6.1.7600.16385 Security Audit Events DLL
mscandui.dll 6.1.7600.16385 MSCANDUI Server DLL
mscat32.dll 6.1.7600.16385 MSCAT32 Forwarder DLL
msclib.dll 1.0.0.8 MSCLib DLL
msclmd.dll 6.1.7601.17514 Microsoft Class Mini-driver
mscms.dll 6.1.7601.17514 Microsoft Color Matching System DLL
mscoree.dll 4.0.40305.0 Microsoft .NET Runtime Execution Engine
mscorier.dll 2.0.50727.5420 Microsoft .NET Runtime IE resources
mscories.dll 2.0.50727.5420 Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll 6.1.7600.16385 ODBC Code Page Translator Resources
mscpxl32.dll 6.1.7600.16385 ODBC Code Page Translator
msctf.dll 6.1.7600.16385 MSCTF Server DLL
msctfmonitor.dll 6.1.7600.16385 MsCtfMonitor DLL
msctfp.dll 6.1.7600.16385 MSCTFP Server DLL
msctfui.dll 6.1.7600.16385 MSCTFUI Server DLL
msdadc.dll 6.1.7600.16385 OLE DB Data Conversion Stub
msdadiag.dll 6.1.7600.16385 Built-In Diagnostics
msdaenum.dll 6.1.7600.16385 OLE DB Root Enumerator Stub
msdaer.dll 6.1.7600.16385 OLE DB Error Collection Stub
msdaora.dll 6.1.7600.16385 OLE DB Provider for Oracle
msdaorar.dll 6.1.7600.16385 OLE DB Provider for Oracle Resources
msdaosp.dll 6.1.7601.17514 OLE DB Simple Provider
msdaprsr.dll 6.1.7600.16385 OLE DB Persistence Services Resources
msdaprst.dll 6.1.7600.16385 OLE DB Persistence Services
msdaps.dll 6.1.7600.16385 OLE DB Interface Proxies/Stubs
msdarem.dll 6.1.7601.17514 OLE DB Remote Provider
msdaremr.dll 6.1.7600.16385 OLE DB Remote Provider Resources
msdart.dll 6.1.7600.16385 OLE DB Runtime Routines
msdasc.dll 6.1.7600.16385 OLE DB Service Components Stub
msdasql.dll 6.1.7601.17514 OLE DB Provider for ODBC Drivers
msdasqlr.dll 6.1.7600.16385 OLE DB Provider for ODBC Drivers Resources
msdatl3.dll 6.1.7600.16385 OLE DB Implementation Support Routines
msdatt.dll 6.1.7600.16385 OLE DB Temporary Table Services
msdaurl.dll 6.1.7600.16385 OLE DB RootBinder Stub
msdelta.dll 6.1.7600.16385 Microsoft Patch Engine
msdfmap.dll 6.1.7601.17514 Data Factory Handler
msdmo.dll 6.6.7601.17514 DMO Runtime
msdrm.dll 6.1.7601.17514 Windows Rights Management client
msdtcprx.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexch40.dll 4.0.9756.0 Microsoft Jet Exchange Isam
msexcl40.dll 4.0.9756.0 Microsoft Jet Excel Isam
msfeeds.dll 8.0.7601.17514 Microsoft Feeds Manager
msfeedsbs.dll 8.0.7601.17514 Microsoft Feeds Background Sync
msflib.dll 1.0.0.7 MSFLib DLL
msftedit.dll 5.41.21.2510 Rich Text Edit Control, v4.1
mshtml.dll 8.0.7601.17573 Microsoft (R) HTML Viewer
mshtmled.dll 8.0.7601.17514 Microsoft® HTML Editing Component
mshtmler.dll 8.0.7600.16385 Microsoft® HTML Editing Component's Resource DLL
msi.dll 5.0.7601.17514 Windows Installer
msidcrl30.dll 6.1.7600.16385 IDCRL Dynamic Link Library
msident.dll 6.1.7600.16385 Microsoft Identity Manager
msidle.dll 6.1.7600.16385 User Idle Monitor
msidntld.dll 6.1.7600.16385 Microsoft Identity Manager
msieftp.dll 6.1.7601.17514 Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll 5.0.7601.17514 Windows® installer
msiltcfg.dll 5.0.7600.16385 Windows Installer Configuration API Stub
msimg32.dll 6.1.7600.16385 GDIEXT Client DLL
msimsg.dll 5.0.7600.16385 Windows® Installer International Messages
msimtf.dll 6.1.7600.16385 Active IMM Server DLL
msisip.dll 5.0.7600.16385 MSI Signature SIP Provider
msjet40.dll 4.0.9756.0 Microsoft Jet Engine Library
msjetoledb40.dll 4.0.9756.0
msjint40.dll 4.0.9756.0 Microsoft Jet Database Engine International DLL
msjro.dll 6.1.7601.17514 Jet and Replication Objects
msjter40.dll 4.0.9756.0 Microsoft Jet Database Engine Error DLL
msjtes40.dll 4.0.9756.0 Microsoft Jet Expression Service
msls31.dll 3.10.349.0 Microsoft Line Services library file
msltus40.dll 4.0.9756.0 Microsoft Jet Lotus 1-2-3 Isam
mslur71.dll 7.10.0.0 User-Generated Microsoft (R) C/C++ Runtime Library
msmpeg2adec.dll 6.1.7140.0 Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll 6.1.7601.17514 Microsoft MPEG-2 Encoder
msmpeg2vdec.dll 6.1.7140.0 Microsoft DTV-DVD Video Decoder
msnetobj.dll 11.0.7601.17514 DRM ActiveX Network Object
msobjs.dll 6.1.7600.16385 System object audit names
msoeacct.dll 6.1.7600.16385 Microsoft Internet Account Manager
msoert2.dll 6.1.7600.16385 Microsoft Windows Mail RT Lib
msorc32r.dll 6.1.7600.16385 ODBC Driver for Oracle Resources
msorcl32.dll 6.1.7601.17514 ODBC Driver for Oracle
mspatcha.dll 6.1.7600.16385 Microsoft File Patch Application API
mspbde40.dll 4.0.9756.0 Microsoft Jet Paradox Isam
msports.dll 6.1.7600.16385 Ports Class Installer
msrating.dll 8.0.7601.17514 Internet Ratings and Local User Management DLL
msrd2x40.dll 4.0.9756.0 Microsoft (R) Red ISAM
msrd3x40.dll 4.0.9756.0 Microsoft (R) Red ISAM
msrdc.dll 6.1.7600.16385 Remote Differential Compression COM server
msrdpwebaccess.dll 6.1.7600.16385 Microsoft Remote Desktop Services Web Access Control
msrepl40.dll 4.0.9756.0 Microsoft Replication Library
msrle32.dll 6.1.7601.17514 Microsoft RLE Compressor
msscntrs.dll 7.0.7600.16385 msscntrs.dll
msscp.dll 11.0.7601.17514 Windows Media Secure Content Provider
mssha.dll 6.1.7600.16385 Windows Security Health Agent
msshavmsg.dll 6.1.7600.16385 Windows Security Health Agent Validator Message
msshooks.dll 7.0.7600.16385 MSSHooks.dll
mssign32.dll 6.1.7600.16385 Microsoft Trust Signing APIs
mssip32.dll 6.1.7600.16385 MSSIP32 Forwarder DLL
mssitlb.dll 7.0.7600.16385 mssitlb
mssph.dll 7.0.7600.16385 Microsoft Search Protocol Handler
mssphtb.dll 7.0.7601.17514 Outlook MSSearch Connector
mssprxy.dll 7.0.7600.16385 Microsoft Search Proxy
mssrch.dll 7.0.7601.17514 mssrch.dll
mssvp.dll 7.0.7601.17514 MSSearch Vista Platform
msswch.dll 6.1.7600.16385 msswch
mstask.dll 6.1.7601.17514 Task Scheduler interface DLL
mstext40.dll 4.0.9756.0 Microsoft Jet Text Isam
mstime.dll 8.0.7601.17514 Microsoft (R) Timed Interactive Multimedia Extensions to HTML
mstscax.dll 6.1.7601.17514 Remote Desktop Services ActiveX Client
msutb.dll 6.1.7601.17514 MSUTB Server DLL
msv1_0.dll 6.1.7601.17514 Microsoft Authentication Package v1.0
msvbvm60.dll 6.0.98.15 Visual Basic Virtual Machine
msvcirt.dll 7.0.7600.16385 Windows NT IOStreams DLL
msvcp60.dll 7.0.7600.16385 Windows NT C++ Runtime Library DLL
msvcr100_clr0400.dll 10.0.30319.1 Microsoft® C Runtime Library
msvcr71.dll 7.10.3052.4 Microsoft® C Runtime Library
msvcrt.dll 7.0.7600.16385 Windows NT CRT DLL
msvcrt20.dll 2.12.0.0 Microsoft® C Runtime Library
msvcrt40.dll 6.1.7600.16385 VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll 6.1.7601.17514 Microsoft Video for Windows DLL
msvidc32.dll 6.1.7601.17514 Microsoft Video 1 Compressor
msvidctl.dll 6.5.7601.17514 ActiveX control for streaming video
mswdat10.dll 4.0.9756.0 Microsoft Jet Sort Tables
mswmdm.dll 12.0.7600.16385 Windows Media Device Manager Core
mswsock.dll 6.1.7601.17514 Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll 4.0.9756.0 Microsoft Jet Sort Library
msxactps.dll 6.1.7600.16385 OLE DB Transaction Proxies/Stubs
msxbde40.dll 4.0.9756.0 Microsoft Jet xBASE Isam
msxml3.dll 8.110.7601.17514 MSXML 3.0 SP11
msxml3r.dll 8.110.7600.16385 XML Resources
msxml6.dll 6.30.7601.17514 MSXML 6.0 SP3
msxml6r.dll 6.30.7600.16385 XML Resources
msyuv.dll 6.1.7601.17514 Microsoft UYVY Video Decompressor
mttelechip.dll 1.9.4.2 USB Dynamic Link Library for TCC730
mtxclu.dll 2001.12.8531.17514 Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll 2001.12.8530.16385 COM+
mtxex.dll 2001.12.8530.16385 COM+
mtxlegih.dll 2001.12.8530.16385 COM+
mtxoci.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
mtxsyncicon.dll 1.0.0.1 MTXSYNCICON Module
muifontsetup.dll 6.1.7601.17514 MUI Callback for font registry settings
muzaf1.dll 1.0.0.60410 AOD Sourcer Filter
muzapp.dll 1.3.9.303 MUZAoDAppCtrl Module
muzwmts.dll 1.0.0.60208 P3WMTSplitter Filter
mycomput.dll 6.1.7600.16385 Computer Management
mydocs.dll 6.1.7601.17514 My Documents Folder UI
napcrypt.dll 6.1.7601.17514 NAP Cryptographic API helper
napdsnap.dll 6.1.7601.17514 NAP GPEdit Extension
naphlpr.dll 6.1.7601.17514 NAP client config API helper
napinsp.dll 6.1.7600.16385 E-mail Naming Shim Provider
napipsec.dll 6.1.7600.16385 NAP IPSec Enforcement Client
napmontr.dll 6.1.7600.16385 NAP Netsh Helper
nativehooks.dll 6.1.7600.16385 Microsoft Narrator Native hook handler
naturallanguage6.dll 6.1.7601.17514 Natural Language Development Platform 6
ncdprop.dll 6.1.7600.16385 Advanced network device properties
nci.dll 6.1.7601.17514 CoInstaller: NET
ncobjapi.dll 6.1.7600.16385 Microsoft® Windows® Operating System
ncrypt.dll 6.1.7600.16385 Windows cryptographic library
ncryptui.dll 6.1.7601.17514 Windows cryptographic key protection UI library
ncsi.dll 6.1.7601.17514 Network Connectivity Status Indicator
nddeapi.dll 6.1.7600.16385 Network DDE Share Management APIs
ndfapi.dll 6.1.7600.16385 Network Diagnostic Framework Client API
ndfetw.dll 6.1.7600.16385 Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll 6.1.7600.16385 Network Diagnostic Framework HC Discovery API
ndiscapcfg.dll 6.1.7600.16385 NdisCap Notify Object
ndishc.dll 6.1.7600.16385 NDIS Helper Classes
ndproxystub.dll 6.1.7600.16385 Network Diagnostic Engine Proxy/Stub
negoexts.dll 6.1.7600.16385 NegoExtender Security Package
netapi32.dll 6.1.7601.17514 Net Win32 API DLL
netbios.dll 6.1.7600.16385 NetBIOS Interface Library
netcenter.dll 6.1.7601.17514 Network Center control panel
netcfgx.dll 6.1.7601.17514 Network Configuration Objects
netcorehc.dll 6.1.7600.16385 Networking Core Diagnostics Helper Classes
netdiagfx.dll 6.1.7601.17514 Network Diagnostic Framework
netevent.dll 6.1.7600.16385 Net Event Handler
netfxperf.dll 4.0.40305.0 Extensible Performance Counter Shim
neth.dll 6.1.7600.16385 Net Help Messages DLL
netid.dll 6.1.7601.17514 System Control Panel Applet; Network ID Page
netiohlp.dll 6.1.7601.17514 Netio Helper DLL
netjoin.dll 6.1.7601.17514 Domain Join DLL
netlogon.dll 6.1.7601.17514 Net Logon Services DLL
netmsg.dll 6.1.7600.16385 Net Messages DLL
netplwiz.dll 6.1.7601.17514 Map Network Drives/Network Places Wizard
netprof.dll 6.1.7600.16385 Network Profile Management UI
netprofm.dll 6.1.7600.16385 Network List Manager
netshell.dll 6.1.7601.17514 Network Connections Shell
netutils.dll 6.1.7601.17514 Net Win32 API Helpers DLL
networkexplorer.dll 6.1.7601.17514 Network Explorer
networkitemfactory.dll 6.1.7600.16385 NetworkItem Factory
networkmap.dll 6.1.7601.17514 Network Map
newdev.dll 6.0.5054.0 Add Hardware Device Library
nlaapi.dll 6.1.7601.17514 Network Location Awareness 2
nlhtml.dll 2008.0.7600.16385 HTML filter
nlmgp.dll 6.1.7600.16385 Network List Manager Snapin
nlmsprep.dll 6.1.7600.16385 Network List Manager Sysprep Module
nlsbres.dll 6.1.7601.17514 NLSBuild resource DLL
nlsdata0000.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code
nlsdata0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code
nlsdata000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code
nlsdata000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code
nlsdata000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code
nlsdata0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdl.dll 6.1.7600.16385 Nls Downlevel DLL
nlslexicons0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code
nlslexicons0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code
nlslexicons000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code
nlslexicons000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code
nlslexicons000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code
nlslexicons0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsmodels0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code
normaliz.dll 6.1.7600.16385 Unicode Normalization DLL
npmproxy.dll 6.1.7600.16385 Network List Manager Proxy
nshhttp.dll 6.1.7600.16385 HTTP netsh DLL
nshipsec.dll 6.1.7601.17514 Net Shell IP Security helper DLL
nshwfp.dll 6.1.7601.17514 Windows Filtering Platform Netsh Helper
nsi.dll 6.1.7600.16385 NSI User-mode interface DLL
ntdll.dll 6.1.7601.17514 NT Layer DLL
ntdsapi.dll 6.1.7600.16385 Active Directory Domain Services API
ntlanman.dll 6.1.7601.17514 Microsoft® Lan Manager
ntlanui2.dll 6.1.7600.16385 Network object shell UI
ntmarta.dll 6.1.7600.16385 Windows NT MARTA provider
ntprint.dll 6.1.7601.17514 Spooler Setup DLL
ntshrui.dll 6.1.7601.17514 Shell extensions for sharing
ntvdm64.dll 6.1.7600.16385 16-bit Emulation on NT64
objsel.dll 6.1.7600.16385 Object Picker Dialog
occache.dll 8.0.7601.17514 Object Control Viewer
ocsetapi.dll 6.1.7601.17514 Windows Optional Component Setup API
odbc32.dll 6.1.7601.17514 ODBC Driver Manager
odbc32gt.dll 6.1.7600.16385 ODBC Driver Generic Thunk
odbcbcp.dll 6.1.7600.16385 BCP for ODBC
odbcconf.dll 6.1.7601.17514 ODBC Driver Configuration Program
odbccp32.dll 6.1.7601.17514 ODBC Installer
odbccr32.dll 6.1.7600.16385 ODBC Cursor Library
odbccu32.dll 6.1.7600.16385 ODBC Cursor Library
odbcint.dll 6.1.7600.16385 ODBC Resources
odbcji32.dll 6.1.7600.16385 Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll 6.1.7601.17514 Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll 6.1.7601.17514 ODBC Driver Manager Trace
oddbse32.dll 6.1.7600.16385 ODBC (3.0) driver for DBase
odexl32.dll 6.1.7600.16385 ODBC (3.0) driver for Excel
odfox32.dll 6.1.7600.16385 ODBC (3.0) driver for FoxPro
odpdx32.dll 6.1.7600.16385 ODBC (3.0) driver for Paradox
odtext32.dll 6.1.7600.16385 ODBC (3.0) driver for text files
oemdspif.dll 6.15.6.6 ATI Driver Interface DLL
offfilt.dll 2008.0.7600.16385 OFFICE Filter
ogldrv.dll 6.1.7600.16385 MSOGL
ole2.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library
ole2disp.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library
ole2nls.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library
ole32.dll 6.1.7601.17514 Microsoft OLE for Windows
oleacc.dll 7.0.0.0 Active Accessibility Core Component
oleacchooks.dll 7.0.0.0 Active Accessibility Event Hooks Library
oleaccrc.dll 7.0.0.0 Active Accessibility Resource DLL
oleaut32.dll 6.1.7601.17514
olecli32.dll 6.1.7600.16385 Object Linking and Embedding Client Library
oledb32.dll 6.1.7601.17514 OLE DB Core Services
oledb32r.dll 6.1.7600.16385 OLE DB Core Services Resources
oledlg.dll 6.1.7600.16385 OLE User Interface Support
oleprn.dll 6.1.7600.16385 Oleprn DLL
olepro32.dll 6.1.7601.17514
oleres.dll 6.1.7600.16385 Ole resource dll
olesvr32.dll 6.1.7600.16385 Object Linking and Embedding Server Library
olethk32.dll 6.1.7601.17514 Microsoft OLE for Windows
onex.dll 6.1.7601.17514 IEEE 802.1X supplicant library
onexui.dll 6.1.7601.17514 IEEE 802.1X supplicant UI library
onlineidcpl.dll 6.1.7601.17514 Online IDs Control Panel
oobefldr.dll 6.1.7601.17514 Getting Started
opcservices.dll 6.1.7601.17514 Native Code OPC Services Library
openal32.dll 6.14.357.24 Standard OpenAL(TM) Implementation
opencl.dll 1.1.0.0 OpenCL Client DLL
opengl32.dll 6.1.7600.16385 OpenGL Client DLL
osbaseln.dll 6.1.7600.16385 Service Reporting API
osuninst.dll 6.1.7600.16385 Uninstall Interface
ovdecode.dll
p2p.dll 6.1.7600.16385 Peer-to-Peer Grouping
p2pcollab.dll 6.1.7600.16385 Peer-to-Peer Collaboration
p2pgraph.dll 6.1.7600.16385 Peer-to-Peer Graphing
p2pnetsh.dll 6.1.7600.16385 Peer-to-Peer NetSh Helper
packager.dll 6.1.7600.16385 Object Packager2
panmap.dll 6.1.7600.16385 PANOSE(tm) Font Mapper
pautoenr.dll 6.1.7600.16385 Auto Enrollment DLL
pcaui.dll 6.1.7600.16385 Program Compatibility Assistant User Interface Module
pcwum.dll 6.1.7600.16385 Performance Counters for Windows Native DLL
pdh.dll 6.1.7601.17514 Windows Performance Data Helper DLL
pdhui.dll 6.1.7601.17514 PDH UI
peerdist.dll 6.1.7600.16385 BranchCache Client Library
peerdistsh.dll 6.1.7600.16385 BranchCache Netshell Helper
perfcentercpl.dll 6.1.7601.17514 Performance Center
perfctrs.dll 6.1.7600.16385 Performance Counters
perfdisk.dll 6.1.7600.16385 Windows Disk Performance Objects DLL
perfnet.dll 6.1.7600.16385 Windows Network Service Performance Objects DLL
perfos.dll 6.1.7600.16385 Windows System Performance Objects DLL
perfproc.dll 6.1.7600.16385 Windows System Process Performance Objects DLL
perfts.dll 6.1.7601.17514 Windows Remote Desktop Services Performance Objects
photometadatahandler.dll 6.1.7600.16385 Photo Metadata Handler
photowiz.dll 6.1.7601.17514 Photo Printing Wizard
pid.dll 6.1.7600.16385 Microsoft PID
pidgenx.dll 6.1.7600.16385 Pid Generation
pifmgr.dll 6.1.7601.17514 Windows NT PIF Manager Icon Resources Library
pku2u.dll 6.1.7600.16385 Pku2u Security Package
pla.dll 6.1.7601.17514 Performance Logs & Alerts
playsndsrv.dll 6.1.7600.16385 PlaySound Service
pmcsnap.dll 6.1.7600.16385 pmcsnap dll
pngfilt.dll 8.0.7600.16385 IE PNG plugin image decoder
pnidui.dll 6.1.7601.17514 Network System Icon
pnpsetup.dll 6.1.7600.16385 Pnp installer for CMI
pnrpnsp.dll 6.1.7600.16385 PNRP Name Space Provider
polstore.dll 6.1.7600.16385 Policy Storage dll
portabledeviceapi.dll 6.1.7601.17514 Windows Portable Device API Components
portabledeviceclassextension.dll 6.1.7600.16385 Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll 6.1.7600.16385 Portable Device Connection API Components
portabledevicestatus.dll 6.1.7601.17514 Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll 6.1.7601.17514 Microsoft Windows Portable Device Provider.
portabledevicetypes.dll 6.1.7600.16385 Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll 6.1.7600.16385 PortableDevice WIA Compatibility Driver
portabledevicewmdrm.dll 6.1.7600.16385 Windows Portable Device WMDRM Component
pots.dll 6.1.7600.16385 Power Troubleshooter
powercpl.dll 6.1.7601.17514 Power Options Control Panel
powrprof.dll 6.1.7600.16385 Power Profile Helper DLL
ppcsnap.dll 6.1.7600.16385 ppcsnap DLL
presentationcffrasterizernative_v0300.dll 3.0.6920.4902 WinFX OpenType/CFF Rasterizer
presentationhostproxy.dll 4.0.40305.0 Windows Presentation Foundation Host Proxy
presentationnative_v0300.dll 3.0.6920.4902 PresentationNative_v0300.dll
prflbmsg.dll 6.1.7600.16385 Perflib Event Messages
printui.dll 6.1.7601.17514 Printer Settings User Interface
prncache.dll 6.1.7601.17514 Print UI Cache
prnfldr.dll 6.1.7601.17514 prnfldr dll
prnntfy.dll 6.1.7600.16385 prnntfy DLL
prntvpt.dll 6.1.7601.17514 Print Ticket Services Module
profapi.dll 6.1.7600.16385 User Profile Basic API
propsys.dll 7.0.7601.17514 Microsoft Property System
provsvc.dll 6.1.7601.17514 Windows HomeGroup
provthrd.dll 6.1.7600.16385 WMI Provider Thread & Log Library
psapi.dll 6.1.7600.16385 Process Status Helper
psbase.dll 6.1.7600.16385 Protected Storage default provider
pshed.dll 6.1.7600.16385 Platform Specific Hardware Error Driver
psisdecd.dll 6.6.7600.16385 Microsoft SI/PSI parser for MPEG2 based networks.
pstorec.dll 6.1.7600.16385 Protected Storage COM interfaces
pstorsvc.dll 6.1.7600.16385 Protected storage server
puiapi.dll 6.1.7600.16385 puiapi DLL
puiobj.dll 6.1.7601.17514 PrintUI Objects DLL
pwrshplugin.dll 6.1.7600.16385 pwrshplugin.dll
qagent.dll 6.1.7601.17514 Quarantine Agent Proxy
qasf.dll 12.0.7601.17514 DirectShow ASF Support
qcap.dll 6.6.7601.17514 DirectShow Runtime.
qcliprov.dll 6.1.7601.17514 Quarantine Client WMI Provider
qdv.dll 6.6.7601.17514 DirectShow Runtime.
qdvd.dll 6.6.7601.17514 DirectShow DVD PlayBack Runtime.
qedit.dll 6.6.7601.17514 DirectShow Editing.
qedwipes.dll 6.6.7600.16385 DirectShow Editing SMPTE Wipes
qmgrprxy.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy
qshvhost.dll 6.1.7601.17514 Quarantine SHV Host
qsvrmgmt.dll 6.1.7601.17514 Quarantine Server Management
quartz.dll 6.6.7601.17514 DirectShow Runtime.
query.dll 6.1.7601.17514 Content Index Utility DLL
qutil.dll 6.1.7601.17514 Quarantine Utilities
qwave.dll 6.1.7600.16385 Windows NT
racengn.dll 6.1.7601.17514 Reliability analysis metrics calculation engine
racpldlg.dll 6.1.7600.16385 Remote Assistance Contact List
radardt.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Detector
radarrs.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Resolver
rapture3d_oal.dll 2.4.8.0 Rapture3D OpenAL Renderer
rasadhlp.dll 6.1.7600.16385 Remote Access AutoDial Helper
rasapi32.dll 6.1.7600.16385 Remote Access API
rascfg.dll 6.1.7600.16385 RAS Configuration Objects
raschap.dll 6.1.7601.17514 Remote Access PPP CHAP
rasctrs.dll 6.1.7600.16385 Windows NT Remote Access Perfmon Counter dll
rasdiag.dll 6.1.7600.16385 RAS Diagnostics Helper Classes
rasdlg.dll 6.1.7600.16385 Remote Access Common Dialog API
rasgcw.dll 6.1.7600.16385 RAS Wizard Pages
rasman.dll 6.1.7600.16385 Remote Access Connection Manager
rasmm.dll 6.1.7600.16385 RAS Media Manager
rasmontr.dll 6.1.7600.16385 RAS Monitor DLL
rasmxs.dll 6.1.7600.16385 Remote Access Device DLL for modems, PADs and switches
rasplap.dll 6.1.7600.16385 RAS PLAP Credential Provider
rasppp.dll 6.1.7601.17514 Remote Access PPP
rasser.dll 6.1.7600.16385 Remote Access Media DLL for COM ports
rastapi.dll 6.1.7601.17514 Remote Access TAPI Compliance Layer
rastls.dll 6.1.7601.17514 Remote Access PPP EAP-TLS
rdpcore.dll 6.1.7601.17514 RDP Core DLL
rdpd3d.dll 6.1.7601.17514 RDP Direct3D Remoting DLL
rdpencom.dll 6.1.7601.17514 RDPSRAPI COM Objects
rdpendp.dll 6.1.7601.17514 RDP Audio Endpoint
rdprefdrvapi.dll 6.1.7601.17514 Reflector Driver API
rdvgumd32.dll 6.1.7601.17514 Microsoft vGPU
reagent.dll 6.1.7601.17514 Microsoft Windows Recovery Agent DLL
redemption.dll 4.8.0.1184 Outlook Redemption COM library
regapi.dll 6.1.7601.17514 Registry Configuration APIs
regctrl.dll 6.1.7600.16385 RegCtrl
remotepg.dll 6.1.7601.17514 Remote Sessions CPL Extension
resampledmo.dll 6.1.7600.16385 Windows Media Resampler
resutils.dll 6.1.7601.17514 Microsoft Cluster Resource Utility DLL
rgb9rast.dll 6.1.7600.16385 Microsoft® Windows® Operating System
riched20.dll 5.31.23.1230 Rich Text Edit Control, v3.1
riched32.dll 6.1.7601.17514 Wrapper Dll for Richedit 1.0
rnr20.dll 6.1.7600.16385 Windows Socket2 NameSpace DLL
rpcdiag.dll 6.1.7600.16385 RPC Diagnostics
rpchttp.dll 6.1.7601.17514 RPC HTTP DLL
rpcndfp.dll 1.0.0.1 RPC NDF Helper Class
rpcns4.dll 6.1.7600.16385 Remote Procedure Call Name Service Client
rpcnsh.dll 6.1.7600.16385 RPC Netshell Helper
rpcrt4.dll 6.1.7601.17514 Remote Procedure Call Runtime
rpcrtremote.dll 6.1.7601.17514 Remote RPC Extension
rsaenh.dll 6.1.7600.16385 Microsoft Enhanced Cryptographic Provider
rshx32.dll 6.1.7600.16385 Security Shell Extension
rstrtmgr.dll 6.1.7600.16385 Restart Manager
rtffilt.dll 2008.0.7600.16385 RTF Filter
rtm.dll 6.1.7600.16385 Routing Table Manager
rtutils.dll 6.1.7601.17514 Routing Utilities
samcli.dll 6.1.7601.17514 Security Accounts Manager Client DLL
samlib.dll 6.1.7600.16385 SAM Library DLL
sampleres.dll 6.1.7600.16385 Microsoft Samples
sas.dll 6.1.7600.16385 WinLogon Software SAS Library
sbe.dll 6.6.7601.17528 DirectShow Stream Buffer Filter.
sbeio.dll 12.0.7600.16385 Stream Buffer IO DLL
sberes.dll 6.6.7600.16385 DirectShow Stream Buffer Filter Resouces.
scansetting.dll 6.1.7601.17514 Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll 6.1.7600.16385 SCardDlg - Smart Card Common Dialog
scecli.dll 6.1.7601.17514 Windows Security Configuration Editor Client Engine
scesrv.dll 6.1.7601.17514 Windows Security Configuration Editor Engine
schannel.dll 6.1.7601.17514 TLS / SSL Security Provider
schedcli.dll 6.1.7601.17514 Scheduler Service Client DLL
scksp.dll 6.1.7600.16385 Microsoft Smart Card Key Storage Provider
scripto.dll 6.6.7600.16385 Microsoft ScriptO
scrobj.dll 5.8.7600.16385 Windows ® Script Component Runtime
scrptadm.dll 6.1.7601.17514 Script Adm Extension
scrrun.dll 5.8.7600.16385 Microsoft ® Script Runtime
sdiageng.dll 6.1.7600.16385 Scripted Diagnostics Execution Engine
sdiagprv.dll 6.1.7600.16385 Windows Scripted Diagnostic Provider API
sdohlp.dll 6.1.7600.16385 NPS SDO Helper Component
searchfolder.dll 6.1.7601.17514 SearchFolder
sechost.dll 6.1.7600.16385 Host for SCM/SDDL/LSA Lookup APIs
secproc.dll 6.1.7601.17514 Windows Rights Management Desktop Security Processor
secproc_isv.dll 6.1.7601.17514 Windows Rights Management Desktop Security Processor
secproc_ssp.dll 6.1.7601.17514 Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll 6.1.7601.17514 Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll 6.1.7601.17514 Security Support Provider Interface
security.dll 6.1.7600.16385 Security Support Provider Interface
sendmail.dll 6.1.7600.16385 Send Mail
sens.dll 6.1.7600.16385 System Event Notification Service (SENS)
sensapi.dll 6.1.7600.16385 SENS Connectivity API DLL
sensorsapi.dll 6.1.7600.16385 Sensor API
sensorscpl.dll 6.1.7601.17514 Open Location and Other Sensors
serialui.dll 6.1.7600.16385 Serial Port Property Pages
serwvdrv.dll 6.1.7600.16385 Unimodem Serial Wave driver
sessenv.dll 6.1.7601.17514 Remote Desktop Configuration service
setupapi.dll 6.1.7601.17514 Windows Setup API
setupcln.dll 6.1.7601.17514 Setup Files Cleanup
sfc.dll 6.1.7600.16385 Windows File Protection
sfc_os.dll 6.1.7600.16385 Windows File Protection
sfcom.dll 3.0.0.11 SFCOM.DLL
shacct.dll 6.1.7601.17514 Shell Accounts Classes
shdocvw.dll 6.1.7601.17514 Shell Doc Object and Control Library
shell32.dll 6.1.7601.17514 Windows Shell Common Dll
shellstyle.dll 6.1.7600.16385 Windows Shell Style Resource Dll
shfolder.dll 6.1.7600.16385 Shell Folder Service
shgina.dll 6.1.7601.17514 Windows Shell User Logon
shimeng.dll 6.1.7600.16385 Shim Engine DLL
shimgvw.dll 6.1.7601.17514 Photo Gallery Viewer
shlwapi.dll 6.1.7601.17514 Shell Light-weight Utility Library
shpafact.dll 6.1.7600.16385 Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll 6.1.7601.17514 Shell setup helper
shsvcs.dll 6.1.7601.17514 Windows Shell Services Dll
shunimpl.dll 6.1.7601.17514 Windows Shell Obsolete APIs
shwebsvc.dll 6.1.7601.17514 Windows Shell Web Services
signdrv.dll 6.1.7600.16385 WMI provider for Signed Drivers
sisbkup.dll 6.1.7601.17514 Single-Instance Store Backup Support Functions
slc.dll 6.1.7600.16385 Software Licensing Client Dll
slcext.dll 6.1.7600.16385 Software Licensing Client Extension Dll
slwga.dll 6.1.7601.17514 Software Licensing WGA API
smartcardcredentialprovider.dll 6.1.7601.17514 Windows Smartcard Credential Provider
smbhelperclass.dll 1.0.0.1 SMB (File Sharing) Helper Class for Network Diagnostic Framework
sndvolsso.dll 6.1.7601.17514 SCA Volume
snmpapi.dll 6.1.7600.16385 SNMP Utility Library
softkbd.dll 6.1.7600.16385 Soft Keyboard Server and Tip
softpub.dll 6.1.7600.16385 Softpub Forwarder DLL
sortserver2003compat.dll 6.1.7600.16385 Sort Version Server 2003
sortwindows6compat.dll 6.1.7600.16385 Sort Version Windows 6.0
spbcd.dll 6.1.7601.17514 BCD Sysprep Plugin
spfileq.dll 6.1.7600.16385 Windows SPFILEQ
spinf.dll 6.1.7600.16385 Windows SPINF
spnet.dll 6.1.7600.16385 Net Sysprep Plugin
spopk.dll 6.1.7601.17514 OPK Sysprep Plugin
spp.dll 6.1.7601.17514 Microsoft® Windows Shared Protection Point Library
sppc.dll 6.1.7601.17514 Software Licensing Client Dll
sppcc.dll 6.1.7600.16385 Software Licensing Commerce Client
sppcext.dll 6.1.7600.16385 Software Protection Platform Client Extension Dll
sppcomapi.dll 6.1.7601.17514 Software Licensing Library
sppcommdlg.dll 6.1.7600.16385 Software Licensing UI API
sppinst.dll 6.1.7601.17514 SPP CMI Installer Plug-in DLL
sppwmi.dll 6.1.7600.16385 Software Protection Platform WMI provider
spwinsat.dll 6.1.7600.16385 WinSAT Sysprep Plugin
spwizeng.dll 6.1.7601.17514 Setup Wizard Framework
spwizimg.dll 6.1.7600.16385 Setup Wizard Framework Resources
spwizres.dll 6.1.7601.17514 Setup Wizard Framework Resources
spwmp.dll 6.1.7601.17514 Windows Media Player System Preparation DLL
sqlceoledb30.dll 3.0.7600.0 Microsoft SQL Mobile
sqlceqp30.dll 3.0.7600.0 Microsoft SQL Mobile
sqlcese30.dll 3.0.7601.0 Microsoft SQL Mobile
sqloledb.dll 6.1.7601.17514 OLE DB Provider for SQL Server
sqlsrv32.dll 6.1.7601.17514 SQL Server ODBC Driver
sqlunirl.dll 2000.80.728.0 String Function .DLL for SQL Enterprise Components
sqlwid.dll 1999.10.20.0 Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll 1999.10.20.0 Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll 6.1.7600.16385 XML extensions for SQL Server
sqmapi.dll 6.1.7601.17514 SQM Client
srchadmin.dll 7.0.7601.17514 Indexing Options
srclient.dll 6.1.7600.16385 Microsoft® Windows System Restore Client Library
srhelper.dll 6.1.7600.16385 Microsoft® Windows driver and windows update enumeration library
srpuxnativesnapin.dll 6.1.7600.16385 Application Control Policies Group Policy Editor Extension
srvcli.dll 6.1.7601.17514 Server Service Client DLL
sscore.dll 6.1.7601.17514 Server Service Core DLL
ssdpapi.dll 6.1.7600.16385 SSDP Client API DLL
sspicli.dll 6.1.7601.17514 Security Support Provider Interface
ssshim.dll 6.1.7600.16385 Windows Componentization Platform Servicing API
stclient.dll 2001.12.8530.16385 COM+ Configuration Catalog Client
sti.dll 6.1.7600.16385 Still Image Devices client DLL
stobject.dll 6.1.7601.17514 Systray shell service object
storage.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library
storagecontexthandler.dll 6.1.7600.16385 Device Center Storage Context Menu Handler
storprop.dll 6.1.7600.16385 Property Pages for Storage Devices
structuredquery.dll 7.0.7601.17514 Structured Query
sud.dll 6.1.7601.17514 SUD Control Panel
sxproxy.dll 6.1.7600.16385 Microsoft® Windows System Protection Proxy Library
sxs.dll 6.1.7601.17514 Fusion 2.5
sxshared.dll 6.1.7600.16385 Microsoft® Windows SX Shared Library
sxsstore.dll 6.1.7600.16385 Sxs Store DLL
synccenter.dll 6.1.7601.17514 Microsoft Sync Center
synceng.dll 6.1.7600.16385 Windows Briefcase Engine
synchostps.dll 6.1.7600.16385 Proxystub for sync host
syncinfrastructure.dll 6.1.7600.16385 Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll 6.1.7600.16385 Microsoft Windows sync infrastructure proxy stub.
syncreg.dll 2007.94.7600.16385 Microsoft Synchronization Framework Registration
syncui.dll 6.1.7601.17514 Windows Briefcase
syssetup.dll 6.1.7601.17514 Windows NT System Setup
systemcpl.dll 6.1.7601.17514 My System CPL
t2embed.dll 6.1.7601.17514 Microsoft T2Embed Font Embedding
tapi3.dll 6.1.7600.16385 Microsoft TAPI3
tapi32.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API Client DLL
tapimigplugin.dll 6.1.7600.16385 Microsoft® Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Performance Monitor
tapisrv.dll 6.1.7601.17514 Microsoft® Windows(TM) Telephony Server
tapisysprep.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Sysprep Work
tapiui.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API UI DLL
taskcomp.dll 6.1.7601.17514 Task Scheduler Backward Compatibility Plug-in
taskschd.dll 6.1.7601.17514 Task Scheduler COM API
taskschdps.dll 6.1.7600.16385 Task Scheduler Interfaces Proxy
tbs.dll 6.1.7600.16385 TBS
tcpipcfg.dll 6.1.7601.17514 Network Configuration Objects
tcpmonui.dll 6.1.7600.16385 Standard TCP/IP Port Monitor UI DLL
tdh.dll 6.1.7600.16385 Event Trace Helper Library
termmgr.dll 6.1.7601.17514 Microsoft TAPI3 Terminal Manager
thawbrkr.dll 6.1.7600.16385 Thai Word Breaker
themecpl.dll 6.1.7601.17514 Personalization CPL
themeui.dll 6.1.7601.17514 Windows Theme API
thumbcache.dll 6.1.7601.17514 Microsoft Thumbnail Cache
timedatemuicallback.dll 6.1.7600.16385 Time Date Control UI Language Change plugin
tlscsp.dll 6.1.7601.17514 Microsoft® Remote Desktop Services Cryptographic Utility
tpmcompc.dll 6.1.7600.16385 Computer Chooser Dialog
tquery.dll 7.0.7601.17514 tquery.dll
traffic.dll 6.1.7600.16385 Microsoft Traffic Control 1.0 DLL
trapi.dll 6.1.7601.17514 Microsoft Narrator Text Renderer
tsbyuv.dll 6.1.7601.17514 Toshiba Video Codec
tschannel.dll 6.1.7600.16385 Task Scheduler Proxy
tsgqec.dll 6.1.7601.17514 RD Gateway QEC
tsmf.dll 6.1.7601.17514 RDP MF Plugin
tspkg.dll 6.1.7601.17514 Web Service Security Package
tsworkspace.dll 6.1.7601.17514 RemoteApp and Desktop Connection Component
tvratings.dll 6.6.7600.16385 Module for managing TV ratings
twext.dll 6.1.7601.17514 Previous Versions property page
txflog.dll 2001.12.8530.16385 COM+
txfw32.dll 6.1.7600.16385 TxF Win32 DLL
typelib.dll 2.10.3029.1 OLE 2.1 16/32 Interoperability Library
tzres.dll 6.1.7601.17514 Time Zones resource DLL
ubpm.dll 6.1.7600.16385 Unified Background Process Manager DLL
ucmhc.dll 6.1.7600.16385 UCM Helper Class
udhisapi.dll 6.1.7600.16385 UPnP Device Host ISAPI Extension
uexfat.dll 6.1.7600.16385 eXfat Utility DLL
ufat.dll 6.1.7600.16385 FAT Utility DLL
uianimation.dll 6.1.7600.16385 Windows Animation Manager
uiautomationcore.dll 7.0.0.0 Microsoft UI Automation Core
uicom.dll 6.1.7600.16385 Add/Remove Modems
uiribbon.dll 6.1.7601.17514 Windows Ribbon Framework
uiribbonres.dll 6.1.7601.17514 Windows Ribbon Framework Resources
ulib.dll 6.1.7600.16385 File Utilities Support DLL
umdmxfrm.dll 6.1.7600.16385 Unimodem Tranform Module
unimdmat.dll 6.1.7601.17514 Unimodem Service Provider AT Mini Driver
uniplat.dll 6.1.7600.16385 Unimodem AT Mini Driver Platform Driver for Windows NT
untfs.dll 6.1.7601.17514 NTFS Utility DLL
upnp.dll 6.1.7601.17514 UPnP Control Point API
upnphost.dll 6.1.7600.16385 UPnP Device Host
ureg.dll 6.1.7600.16385 Registry Utility DLL
url.dll 8.0.7600.16385 Internet Shortcut Shell Extension DLL
urlmon.dll 8.0.7601.17573 OLE32 Extensions for Win32
usbceip.dll 6.1.7600.16385 USBCEIP Task
usbperf.dll 6.1.7600.16385 USB Performance Objects DLL
usbui.dll 6.1.7600.16385 USB UI Dll
user32.dll 6.1.7601.17514 Multi-User Windows USER API Client DLL
useraccountcontrolsettings.dll 6.1.7601.17514 UserAccountControlSettings
usercpl.dll 6.1.7601.17514 User control panel
userenv.dll 6.1.7601.17514 Userenv
usp10.dll 1.626.7601.17514 Uniscribe Unicode script processor
utildll.dll 6.1.7601.17514 WinStation utility support DLL
uudf.dll 6.1.7600.16385 UDF Utility DLL
uxinit.dll 6.1.7600.16385 Windows User Experience Session Initialization Dll
uxlib.dll 6.1.7601.17514 Setup Wizard Framework
uxlibres.dll 6.1.7600.16385 UXLib Resources
uxtheme.dll 6.1.7600.16385 Microsoft UxTheme Library
van.dll 6.1.7601.17514 View Available Networks
vault.dll 6.1.7601.17514 Windows vault Control Panel
vaultcli.dll 6.1.7600.16385 Credential Vault Client Library
vbajet32.dll 6.0.1.9431 Visual Basic for Applications Development Environment - Expression Service Loader
vbscript.dll 5.8.7601.17562 Microsoft ® VBScript
vdmdbg.dll 6.1.7600.16385 VDMDBG.DLL
vds_ps.dll 6.1.7600.16385 Microsoft® Virtual Disk Service proxy/stub
vdsbas.dll 6.1.7601.17514 Virtual Disk Service Basic Provider
vdsdyn.dll 6.1.7600.16385 VDS Dynamic Volume Provider, Version 2.1.0.1
vdsvd.dll 6.1.7600.16385 VDS Virtual Disk Provider, Version 1.0
verifier.dll 6.1.7600.16385 Standard application verifier provider dll
version.dll 6.1.7600.16385 Version Checking and File Installation Libraries
vfpodbc.dll 1.0.2.0 vfpodbc
vfwwdm32.dll 6.1.7601.17514 VfW MM Driver for WDM Video Capture Devices
vidreszr.dll 6.1.7600.16385 Windows Media Resizer
virtdisk.dll 6.1.7600.16385 Virtual Disk API DLL
vpnikeapi.dll 6.1.7601.17514 VPN IKE API's
vss_ps.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service proxy/stub
vssapi.dll 6.1.7601.17514 Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service Tracing Library
w32topl.dll 6.1.7600.16385 Windows NT Topology Maintenance Tool
wab32.dll 6.1.7600.16385 Microsoft (R) Contacts DLL
wab32res.dll 6.1.7600.16385 Microsoft (R) Contacts DLL
wabsyncprovider.dll 6.1.7600.16385 Microsoft Windows Contacts Sync Provider
wavemsp.dll 6.1.7601.17514 Microsoft Wave MSP
wbemcomn.dll 6.1.7601.17514 WMI
wcnapi.dll 6.1.7600.16385 Windows Connect Now - API Helper DLL
wcncsvc.dll 6.1.7601.17514 Windows Connect Now - Config Registrar Service
wcneapauthproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP Authenticator Proxy
wcneappeerproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP PEER Proxy
wcnwiz.dll 6.1.7600.16385 Windows Connect Now Wizards
wcspluginservice.dll 6.1.7600.16385 WcsPlugInService DLL
wdc.dll 6.1.7601.17514 Performance Monitor
wdi.dll 6.1.7600.16385 Windows Diagnostic Infrastructure
wdigest.dll 6.1.7600.16385 Microsoft Digest Access
wdscore.dll 6.1.7601.17514 Panther Engine Module
webcheck.dll 8.0.7601.17514 Web Site Monitor
webclnt.dll 6.1.7601.17514 Web DAV Service DLL
webio.dll 6.1.7601.17514 Web Transfer Protocols API
webservices.dll 6.1.7601.17514 Windows Web Services Runtime
wecapi.dll 6.1.7600.16385 Event Collector Configuration API
wer.dll 6.1.7601.17514 Windows Error Reporting DLL
werdiagcontroller.dll 6.1.7600.16385 WER Diagnostic Controller
werui.dll 6.1.7600.16385 Windows Error Reporting UI DLL
wevtapi.dll 6.1.7600.16385 Eventing Consumption and Configuration API
wevtfwd.dll 6.1.7600.16385 WS-Management Event Forwarding Plug-in
wfapigp.dll 6.1.7600.16385 Windows Firewall GPO Helper dll
wfhc.dll 6.1.7600.16385 Windows Firewall Helper Class
whealogr.dll 6.1.7600.16385 WHEA Troubleshooter
whhelper.dll 6.1.7600.16385 Net shell helper DLL for winHttp
wiaaut.dll 6.1.7600.16385 WIA Automation Layer
wiadefui.dll 6.1.7601.17514 WIA Scanner Default UI
wiadss.dll 6.1.7600.16385 WIA TWAIN compatibility layer
wiaextensionhost64.dll 6.1.7600.16385 WIA Extension Host for thunking APIs from 32-bit to 64-bit process
wiascanprofiles.dll 6.1.7600.16385 Microsoft Windows ScanProfiles
wiashext.dll 6.1.7600.16385 Imaging Devices Shell Folder UI
wiatrace.dll 6.1.7600.16385 WIA Tracing
wiavideo.dll 6.1.7601.17514 WIA Video
wimgapi.dll 6.1.7601.17514 Windows Imaging Library
win32spl.dll 6.1.7601.17514 Client Side Rendering Print Provider
winbio.dll 6.1.7600.16385 Windows Biometrics Client API
winbrand.dll 6.1.7600.16385 Windows Branding Resources
wincredprovider.dll 6.1.7600.16385 wincredprovider DLL
windowscodecs.dll 6.1.7601.17514 Microsoft Windows Codecs Library
windowscodecsext.dll 6.1.7600.16385 Microsoft Windows Codecs Extended Library
winfax.dll 6.1.7600.16385 Microsoft Fax API Support DLL
winhttp.dll 6.1.7601.17514 Windows HTTP Services
wininet.dll 8.0.7601.17573 Internet Extensions for Win32
winipsec.dll 6.1.7600.16385 Windows IPsec SPD Client DLL
winmm.dll 6.1.7601.17514 MCI API DLL
winnsi.dll 6.1.7600.16385 Network Store Information RPC interface
winrnr.dll 6.1.7600.16385 LDAP RnR Provider DLL
winrscmd.dll 6.1.7600.16385 remtsvc
winrsmgr.dll 6.1.7600.16385 WSMan Shell API
winrssrv.dll 6.1.7600.16385 winrssrv
winsatapi.dll 6.1.7601.17514 Windows System Assessment Tool API
winscard.dll 6.1.7601.17514 Microsoft Smart Card API
winshfhc.dll 6.1.7600.16385 File Risk Estimation
winsockhc.dll 6.1.7600.16385 Winsock Network Diagnostic Helper Class
winsrpc.dll 6.1.7600.16385 WINS RPC LIBRARY
winsta.dll 6.1.7601.17514 Winstation Library
winsync.dll 2007.94.7600.16385 Synchronization Framework
winsyncmetastore.dll 2007.94.7600.16385 Windows Synchronization Metadata Store
winsyncproviders.dll 2007.94.7600.16385 Windows Synchronization Provider Framework
wintrust.dll 6.1.7601.17514 Microsoft Trust Verification APIs
winusb.dll 6.1.7600.16385 Windows USB Driver User Library
wkscli.dll 6.1.7601.17514 Workstation Service Client DLL
wksprtps.dll 6.1.7600.16385 WorkspaceRuntime ProxyStub DLL
wlanapi.dll 6.1.7600.16385 Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll 6.1.7600.16385 Wlan Netsh Helper DLL
wlanconn.dll 6.1.7600.16385 Dot11 Connection Flows
wlandlg.dll 6.1.7600.16385 Wireless Lan Dialog Wizards
wlangpui.dll 6.1.7601.17514 Wireless Network Policy Management Snap-in
wlanhlp.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Client Side Helper API
wlaninst.dll 6.1.7600.16385 Windows NET Device Class Co-Installer for Wireless LAN
wlanmm.dll 6.1.7600.16385 Dot11 Media and AdHoc Managers
wlanmsm.dll 6.1.7601.17514 Windows Wireless LAN 802.11 MSM DLL
wlanpref.dll 6.1.7601.17514 Wireless Preferred Networks
wlansec.dll 6.1.7600.16385 Windows Wireless LAN 802.11 MSM Security Module DLL
wlanui.dll 6.1.7601.17514 Wireless Profile UI
wlanutil.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Utility DLL
wldap32.dll 6.1.7601.17514 Win32 LDAP API DLL
wlgpclnt.dll 6.1.7600.16385 802.11 Group Policy Client
wls0wndh.dll 6.1.7600.16385 Session0 Viewer Window Hook DLL
wmadmod.dll 6.1.7601.17514 Windows Media Audio Decoder
wmadmoe.dll 6.1.7600.16385 Windows Media Audio 10 Encoder/Transcoder
wmasf.dll 12.0.7600.16385 Windows Media ASF DLL
wmcodecdspps.dll 6.1.7600.16385 Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll 12.0.7600.16385 Windows Media Device Manager Logger
wmdmps.dll 12.0.7600.16385 Windows Media Device Manager Proxy Stub
wmdrmdev.dll 12.0.7601.17514 Windows Media DRM for Network Devices Registration DLL
wmdrmnet.dll 12.0.7601.17514 Windows Media DRM for Network Devices DLL
wmdrmsdk.dll 11.0.7601.17514 Windows Media DRM SDK DLL
wmerror.dll 12.0.7600.16385 Windows Media Error Definitions (English)
wmi.dll 6.1.7600.16385 WMI DC and DP functionality
wmidx.dll 12.0.7600.16385 Windows Media Indexer DLL
wmiprop.dll 6.1.7600.16385 WDM Provider Dynamic Property Page CoInstaller
wmnetmgr.dll 12.0.7601.17514 Windows Media Network Plugin Manager DLL
wmp.dll 12.0.7601.17514 Windows Media Player
wmpcm.dll 12.0.7600.16385 Windows Media Player Compositing Mixer
wmpdui.dll 12.0.7600.16385 Windows Media Player UI Engine
wmpdxm.dll 12.0.7601.17514 Windows Media Player Extension
wmpeffects.dll 12.0.7601.17514 Windows Media Player Effects
wmpencen.dll 12.0.7601.17514 Windows Media Player Encoding Module
wmphoto.dll 6.1.7601.17514 Windows Media Photo Codec
wmploc.dll 12.0.7601.17514 Windows Media Player Resources
wmpmde.dll 12.0.7601.17514 WMPMDE DLL
wmpps.dll 12.0.7601.17514 Windows Media Player Proxy Stub Dll
wmpshell.dll 12.0.7601.17514 Windows Media Player Launcher
wmpsrcwp.dll 12.0.7601.17514 WMPSrcWp Module
wmsgapi.dll 6.1.7600.16385 WinLogon IPC Client
wmspdmod.dll 6.1.7601.17514 Windows Media Audio Voice Decoder
wmspdmoe.dll 6.1.7600.16385 Windows Media Audio Voice Encoder
wmvcore.dll 12.0.7601.17514 Windows Media Playback/Authoring DLL
wmvdecod.dll 6.1.7601.17514 Windows Media Video Decoder
wmvdspa.dll 6.1.7600.16385 Windows Media Video DSP Components - Advanced
wmvencod.dll 6.1.7600.16385 Windows Media Video 9 Encoder
wmvsdecd.dll 6.1.7601.17514 Windows Media Screen Decoder
wmvsencd.dll 6.1.7600.16385 Windows Media Screen Encoder
wmvxencd.dll 6.1.7600.16385 Windows Media Video Encoder
wow32.dll 6.1.7600.16385 Wow32
wpc.dll 1.0.0.1 WPC Settings Library
wpcao.dll 6.1.7600.16385 WPC Administrator Override
wpcsvc.dll 1.0.0.1 WPC Filtering Service
wpdshext.dll 6.1.7601.17514 Portable Devices Shell Extension
wpdshserviceobj.dll 6.1.7601.17514 Windows Portable Device Shell Service Object
wpdsp.dll 6.1.7601.17514 WMDM Service Provider for Windows Portable Devices
wpdwcn.dll 6.1.7601.17514 Windows Portable Device WCN Wizard
wrap_oal.dll 2.2.0.5 OpenAL32
ws2_32.dll 6.1.7601.17514 Windows Socket 2.0 32-Bit DLL
ws2help.dll 6.1.7600.16385 Windows Socket 2.0 Helper for Windows NT
wscapi.dll 6.1.7601.17514 Windows Security Center API
wscinterop.dll 6.1.7600.16385 Windows Health Center WSC Interop
wscisvif.dll 6.1.7600.16385 Windows Security Center ISV API
wscmisetup.dll 6.1.7600.16385 Installers for Winsock Transport and Name Space Providers
wscproxystub.dll 6.1.7600.16385 Windows Security Center ISV Proxy Stub
wsdapi.dll 6.1.7601.17514 Web Services for Devices API DLL
wsdchngr.dll 6.1.7601.17514 WSD Challenge Component
wsecedit.dll 6.1.7600.16385 Security Configuration UI Module
wshbth.dll 6.1.7601.17514 Windows Sockets Helper DLL
wshcon.dll 5.8.7600.16385 Microsoft ® Windows Script Controller
wshelper.dll 6.1.7600.16385 Winsock Net shell helper DLL for winsock
wshext.dll 5.8.7600.16385 Microsoft ® Shell Extension for Windows Script Host
wship6.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv6)
wshirda.dll 6.1.7601.17514 Windows Sockets Helper DLL
wshqos.dll 6.1.7600.16385 QoS Winsock2 Helper DLL
wshrm.dll 6.1.7600.16385 Windows Sockets Helper DLL for PGM
wshtcpip.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv4)
wsmanmigrationplugin.dll 6.1.7600.16385 WinRM Migration Plugin
wsmauto.dll 6.1.7600.16385 WSMAN Automation
wsmplpxy.dll 6.1.7600.16385 wsmplpxy
wsmres.dll 6.1.7600.16385 WSMan Resource DLL
wsmsvc.dll 6.1.7601.17514 WSMan Service
wsmwmipl.dll 6.1.7600.16385 WSMAN WMI Provider
wsnmp32.dll 6.1.7601.17514 Microsoft WinSNMP v2.0 Manager API
wsock32.dll 6.1.7600.16385 Windows Socket 32-Bit DLL
wtsapi32.dll 6.1.7601.17514 Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll 7.5.7601.17514 Windows Update Client API
wudriver.dll 7.5.7601.17514 Windows Update WUDriver Stub
wups.dll 7.5.7601.17514 Windows Update client proxy stub
wuwebv.dll 7.5.7601.17514 Windows Update Vista Web Control
wvc.dll 6.1.7601.17514 Windows Visual Components
wwanapi.dll 6.1.7600.16385 Mbnapi
wwapi.dll 8.1.2.0 WWAN API
wzcdlg.dll 6.1.7600.16385 Windows Connect Now - Flash Config Enrollee
x3daudio1_0.dll 9.11.519.0 X3DAudio
x3daudio1_1.dll 9.15.779.0 X3DAudio
x3daudio1_2.dll 9.21.1148.0 X3DAudio
x3daudio1_3.dll 9.22.1284.0 X3DAudio
x3daudio1_4.dll 9.23.1350.0 X3DAudio
x3daudio1_5.dll 9.25.1476.0 X3DAudio
x3daudio1_6.dll 9.26.1590.0 3D Audio Library
x3daudio1_7.dll 9.28.1886.0 3D Audio Library
xactengine2_0.dll 9.11.519.0 XACT Engine API
xactengine2_1.dll 9.12.589.0 XACT Engine API
xactengine2_10.dll 9.21.1148.0 XACT Engine API
xactengine2_2.dll 9.13.644.0 XACT Engine API
xactengine2_3.dll 9.14.701.0 XACT Engine API
xactengine2_4.dll 9.15.779.0 XACT Engine API
xactengine2_5.dll 9.16.857.0 XACT Engine API
xactengine2_6.dll 9.17.892.0 XACT Engine API
xactengine2_7.dll 9.18.944.0 XACT Engine API
xactengine2_8.dll 9.19.1007.0 XACT Engine API
xactengine2_9.dll 9.20.1057.0 XACT Engine API
xactengine3_0.dll 9.22.1284.0 XACT Engine API
xactengine3_1.dll 9.23.1350.0 XACT Engine API
xactengine3_2.dll 9.24.1400.0 XACT Engine API
xactengine3_3.dll 9.25.1476.0 XACT Engine API
xactengine3_4.dll 9.26.1590.0 XACT Engine API
xactengine3_5.dll 9.27.1734.0 XACT Engine API
xactengine3_6.dll 9.28.1886.0 XACT Engine API
xactengine3_7.dll 9.29.1962.0 XACT Engine API
xapofx1_0.dll 9.23.1350.0 XAPOFX
xapofx1_1.dll 9.24.1400.0 XAPOFX
xapofx1_2.dll 9.25.1476.0 XAPOFX
xapofx1_3.dll 9.26.1590.0 Audio Effect Library
xapofx1_4.dll 9.28.1886.0 Audio Effect Library
xapofx1_5.dll 9.29.1962.0 Audio Effect Library
xaudio2_0.dll 9.22.1284.0 XAudio2 Game Audio API
xaudio2_1.dll 9.23.1350.0 XAudio2 Game Audio API
xaudio2_2.dll 9.24.1400.0 XAudio2 Game Audio API
xaudio2_3.dll 9.25.1476.0 XAudio2 Game Audio API
xaudio2_4.dll 9.26.1590.0 XAudio2 Game Audio API
xaudio2_5.dll 9.27.1734.0 XAudio2 Game Audio API
xaudio2_6.dll 9.28.1886.0 XAudio2 Game Audio API
xaudio2_7.dll 9.29.1962.0 XAudio2 Game Audio API
xinput1_1.dll 9.12.589.0 Microsoft Common Controller API
xinput1_2.dll 9.14.701.0 Microsoft Common Controller API
xinput1_3.dll 9.18.944.0 Microsoft Common Controller API
xinput9_1_0.dll 6.1.7600.16385 XNA Common Controller
xlive.dll 3.5.88.0 Games for Windows - LIVE DLL
xlivefnt.dll 3.5.88.0 XLive Fonts DLL
xliveinstall.dll 3.2.6.0 XLiveInstall DLL
xmlfilter.dll 2008.0.7600.16385 XML Filter
xmllite.dll 1.3.1000.0 Microsoft XmlLite Library
xmlprovi.dll 6.1.7600.16385 Network Provisioning Service Client API
xolehlp.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsfilt.dll 6.1.7600.16385 XML Paper Specification Document IFilter
xpsgdiconverter.dll 6.1.7601.17566 XPS to GDI Converter
xpsprint.dll 6.1.7601.17578 XPS Printing DLL
xpsrasterservice.dll 6.1.7601.17514 XPS Rasterization Service Component
xpsservices.dll 6.1.7601.17514 Xps Object Model in memory creation and deserialization
xpsshhdr.dll 6.1.7600.16385 Package Document Shell Extension Handler
xpssvcs.dll 6.1.7600.16385 Native Code Xps Services Library
xvidcore.dll
xwizards.dll 6.1.7600.16385 Extensible Wizards Manager Module
xwreg.dll 6.1.7600.16385 Extensible Wizard Registration Manager Module
xwtpdui.dll 6.1.7600.16385 Extensible Wizard Type Plugin for DUI
xwtpw32.dll 6.1.7600.16385 Extensible Wizard Type Plugin for Win32
zipfldr.dll 6.1.7601.17514 Compressed (zipped) Folders
UpTime
Current Session:
Last Shutdown Time 14/06/2011 00:09:32
Last Boot Time 14/06/2011 20:12:22
Current Time 14/06/2011 21:35:53
UpTime 5036 sec (0 days, 1 hours, 23 min, 56 sec)
UpTime Statistics:
First Boot Time 03/04/2011 09:38:42
First Shutdown Time 03/04/2011 10:20:24
Total UpTime 1516941 sec (17 days, 13 hours, 22 min, 21 sec)
Total DownTime 5174916 sec (59 days, 21 hours, 28 min, 36 sec)
Longest UpTime 1180025 sec (13 days, 15 hours, 47 min, 5 sec)
Longest DownTime 2808238 sec (32 days, 12 hours, 3 min, 58 sec)
Total Reboots 160
System Availability 22.67%
Bluescreen Statistics:
Total Bluescreens 0
Information:
Information The above statistics are based on System Event Log entries
Share
Share Name Type Remark Local Path
C Folder C:\
Users Folder C:\Users
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
C$ Folder Default share C:\
IPC$ IPC Remote IPC
Account Security
Account Security Properties:
Computer Role Primary
Domain Name muggz-PC
Primary Domain Controller Not Specified
Forced Logoff Time Disabled
Min / Max Password Age 0 / 42 days
Minimum Password Length 0 chars
Password History Length Disabled
Lockout Threshold Disabled
Lockout Duration 30 min
Lockout Observation Window 30 min
Logon
User Full Name Logon Server Logon Domain
muggz MUGGZ-PC muggz-PC
Users
[ Administrator ]
User Properties:
User Name Administrator
Full Name Administrator
Comment Built-in account for administering the computer/domain
Member Of Groups HomeUsers; Administrators
Logon Count 1
Disk Quota -
User Features:
Logon Script Executed Yes
Account Disabled Yes
Locked Out User No
Home Folder Required No
Password Required Yes
Read-Only Password No
Password Never Expires Yes
[ Guest ]
User Properties:
User Name Guest
Full Name Guest
Comment Built-in account for guest access to the computer/domain
Member Of Groups Guests
Logon Count 0
Disk Quota -
User Features:
Logon Script Executed Yes
Account Disabled Yes
Locked Out User No
Home Folder Required No
Password Required No
Read-Only Password Yes
Password Never Expires Yes
[ HomeGroupUser$ ]
User Properties:
User Name HomeGroupUser$
Full Name HomeGroupUser$
Comment Built-in account for homegroup access to the computer
Member Of Groups HomeUsers
Logon Count 0
Disk Quota -
User Features:
Logon Script Executed Yes
Account Disabled No
Locked Out User No
Home Folder Required No
Password Required Yes
Read-Only Password No
Password Never Expires Yes
[ muggz ]
User Properties:
User Name muggz
Full Name muggz
Member Of Groups HomeUsers; Administrators
Logon Count 175
Disk Quota -
User Features:
Logon Script Executed Yes
Account Disabled No
Locked Out User No
Home Folder Required No
Password Required No
Read-Only Password No
Password Never Expires Yes
Local Groups
[ Administrators ]
Local Group Properties:
Comment Administrators have complete and unrestricted access to the computer/domain
Group Members:
Administrator
muggz
[ Backup Operators ]
Local Group Properties:
Comment Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
[ Cryptographic Operators ]
Local Group Properties:
Comment Members are authorized to perform cryptographic operations.
[ Distributed COM Users ]
Local Group Properties:
Comment Members are allowed to launch, activate and use Distributed COM objects on this machine.
[ Event Log Readers ]
Local Group Properties:
Comment Members of this group can read event logs from local machine
[ Guests ]
Local Group Properties:
Comment Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
Group Members:
Guest
[ HomeUsers ]
Local Group Properties:
Comment HomeUsers Security Group
Group Members:
Administrator
HomeGroupUser$ HomeGroupUser$
muggz
[ IIS_IUSRS ]
Local Group Properties:
Comment Built-in group used by Internet Information Services.
Group Members:
IUSR
[ Network Configuration Operators ]
Local Group Properties:
Comment Members in this group can have some administrative privileges to manage configuration of networking features
[ Performance Log Users ]
Local Group Properties:
Comment Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer
[ Performance Monitor Users ]
Local Group Properties:
Comment Members of this group can access performance counter data locally and remotely
[ Power Users ]
Local Group Properties:
Comment Power Users are included for backwards compatibility and possess limited administrative powers
[ Remote Desktop Users ]
Local Group Properties:
Comment Members in this group are granted the right to logon remotely
[ Replicator ]
Local Group Properties:
Comment Supports file replication in a domain
[ Users ]
Local Group Properties:
Comment Users are prevented from making accidental or intentional system-wide changes and can run most applications
Group Members:
Authenticated Users
INTERACTIVE
Global Groups
[ None ]
Global Group Properties:
Comment Ordinary users
Group Members:
Administrator
Guest
HomeGroupUser$ HomeGroupUser$
muggz
Windows Video
[ AMD Radeon HD 6900 Series ]
Video Adapter Properties:
Device Description AMD Radeon HD 6900 Series
Adapter String AMD Radeon HD 6900 Series
BIOS String 113-C2160100-106
Chip Type ATI display adapter (0x6719)
DAC Type Internal DAC(400MHz)
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
Memory Size 2048 MB
Installed Drivers:
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
atiumd64 7.14.10.0833
atidxx64 8.17.10.0355
atidxx64 8.17.10.0355
atiumdag 7.14.10.0833 - ATI Catalyst 11.5
atidxx32 8.17.10.0355
atidxx32 8.17.10.0355
atiumdva 8.14.10.0308
atiumd6a 8.14.10.0308
atitmm64 6.14.11.23
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
[ AMD Radeon HD 6900 Series ]
Video Adapter Properties:
Device Description AMD Radeon HD 6900 Series
Adapter String AMD Radeon HD 6900 Series
BIOS String 113-C2160100-106
Chip Type ATI display adapter (0x6719)
DAC Type Internal DAC(400MHz)
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
Memory Size 2048 MB
Installed Drivers:
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
atiumd64 7.14.10.0833
atidxx64 8.17.10.0355
atidxx64 8.17.10.0355
atiumdag 7.14.10.0833 - ATI Catalyst 11.5
atidxx32 8.17.10.0355
atidxx32 8.17.10.0355
atiumdva 8.14.10.0308
atiumd6a 8.14.10.0308
atitmm64 6.14.11.23
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
[ AMD Radeon HD 6900 Series ]
Video Adapter Properties:
Device Description AMD Radeon HD 6900 Series
Adapter String AMD Radeon HD 6900 Series
BIOS String 113-C2160100-106
Chip Type ATI display adapter (0x6719)
DAC Type Internal DAC(400MHz)
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
Memory Size 2048 MB
Installed Drivers:
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
atiumd64 7.14.10.0833
atidxx64 8.17.10.0355
atidxx64 8.17.10.0355
atiumdag 7.14.10.0833 - ATI Catalyst 11.5
atidxx32 8.17.10.0355
atidxx32 8.17.10.0355
atiumdva 8.14.10.0308
atiumd6a 8.14.10.0308
atitmm64 6.14.11.23
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
[ AMD Radeon HD 6900 Series ]
Video Adapter Properties:
Device Description AMD Radeon HD 6900 Series
Adapter String AMD Radeon HD 6900 Series
BIOS String 113-C2160100-106
Chip Type ATI display adapter (0x6719)
DAC Type Internal DAC(400MHz)
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
Memory Size 2048 MB
Installed Drivers:
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
atiumd64 7.14.10.0833
atidxx64 8.17.10.0355
atidxx64 8.17.10.0355
atiumdag 7.14.10.0833 - ATI Catalyst 11.5
atidxx32 8.17.10.0355
atidxx32 8.17.10.0355
atiumdva 8.14.10.0308
atiumd6a 8.14.10.0308
atitmm64 6.14.11.23
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
PCI / AGP Video
Device Description Device Type
AMD Radeon HD 6950 (Cayman) Video Adapter
AMD Radeon HD 6950 (Cayman) 3D Accelerator
GPU
[ PCI Express 2.0 x16: Asus EAH6950 ]
Graphics Processor Properties:
Video Adapter Asus EAH6950
BIOS Version 013.008.000.009.039285
BIOS Date 12/06/10 03:28
GPU Code Name Cayman Pro
Part Number 113-C2160100-106
PCI Device 1002-6719 / 1043-03BA (Rev 00)
Transistors 2640 million
Process Technology 40 nm
Die Size 389 mm2
Bus Type PCI Express 2.0 x16 @ x8
Memory Size 2 GB
GPU Clock 450 MHz (original: 810 MHz)
RAMDAC Clock 400 MHz
Pixel Pipelines 32
Texture Mapping Units 96
Unified Shaders 1536 (v5.0)
DirectX Hardware Support DirectX v11
Pixel Fillrate 14400 MPixel/s
Texel Fillrate [ TRIAL VERSION ]
Memory Bus Properties:
Bus Type GDDR5
Bus Width 256-bit
Real Clock 1300 MHz (DDR) (original: 1250 MHz, overclock: 4%)
Effective Clock 2600 MHz
Bandwidth [ TRIAL VERSION ]
Utilization:
GPU 3%
ATI PowerPlay (BIOS):
State #1 GPU: 800 MHz, Memory: 1250 MHz (Boot)
State #2 GPU: 810 MHz, Memory: 1250 MHz
State #3 GPU: 725 MHz, Memory: 1250 MHz (UVD)
State #4 GPU: 725 MHz, Memory: 1250 MHz
Graphics Processor Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
ATI GPU Registers:
ati-$0600 00300000
ati-$0604 00002002
ati-$0608 100C8000
ati-$061C 03001810
ati-$0624 8C620034
ati-$0628 0304FFFF
ati-$062C 8C620034
ati-$0660 01324400
ati-$0668 000101E0
ati-$06D0 00006978
ati-$0710 00000010
ati-$0730 00004C3A
ati-$073C 00000011
ati-$0740 007501BF
ati-$0760 000001BF
ati-$0764 000001C4
ati-$0768 000001D0
ati-$0770 002A1E87
ati-$078C 00125B87
ati-$1600 11030302
ati-$2004 00003210
ati-$2760 0000025A
ati-$5428 00000800
ati-$8950 F000F001
ati-$8954 00000000
ati-$98F0 00000001
ati-$98F8 12111003
[ PCI Express 2.0 x16: Asus EAH6950 ]
Graphics Processor Properties:
Video Adapter Asus EAH6950
BIOS Version 013.008.000.009.039285
BIOS Date 12/06/10 03:28
GPU Code Name Cayman Pro
Part Number 113-C2160100-106
PCI Device 1002-6719 / 1043-03BA (Rev 00)
Transistors 2640 million
Process Technology 40 nm
Die Size 389 mm2
Bus Type PCI Express 2.0 x16 @ x8
Memory Size 2 GB
GPU Clock 250 MHz (original: 810 MHz)
RAMDAC Clock 400 MHz
Pixel Pipelines 32
Texture Mapping Units 96
Unified Shaders 1536 (v5.0)
DirectX Hardware Support DirectX v11
Pixel Fillrate 8000 MPixel/s
Texel Fillrate [ TRIAL VERSION ]
Memory Bus Properties:
Bus Type GDDR5
Bus Width 256-bit
Real Clock 150 MHz (QDR) (original: 1250 MHz)
Effective Clock 600 MHz
Bandwidth [ TRIAL VERSION ]
Utilization:
GPU 0%
ATI PowerPlay (BIOS):
State #1 GPU: 800 MHz, Memory: 1250 MHz (Boot)
State #2 GPU: 810 MHz, Memory: 1250 MHz
State #3 GPU: 725 MHz, Memory: 1250 MHz (UVD)
State #4 GPU: 725 MHz, Memory: 1250 MHz
Graphics Processor Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
ATI GPU Registers:
ati-$0600 00600000
ati-$0604 00002004
ati-$0608 100DE38E
ati-$061C 03003C10
ati-$0624 85B40018
ati-$0628 2304FFFF
ati-$062C 05B40018
ati-$0660 01324400
ati-$0668 00010000
ati-$06D0 0004A4CB
ati-$0710 00000010
ati-$0730 0000401F
ati-$073C 00000011
ati-$0740 003E0188
ati-$0760 00000188
ati-$0764 00000187
ati-$0768 003C018A
ati-$0770 002A1E87
ati-$078C 00161F34
ati-$1600 11030302
ati-$2004 00003210
ati-$2760 0000025A
ati-$5428 00000800
ati-$8950 F000F001
ati-$8954 00000000
ati-$98F0 00000001
ati-$98F8 12011003
Monitor
[ Hannstar HZ281H ]
Monitor Properties:
Monitor Name Hannstar HZ281H
Monitor ID HSD6735
Model HZ281H
Monitor Type 28" LCD (WUXGA)
Manufacture Date Week 26 / 2010
Serial Number 026LM3AY00332
Max. Visible Display Size 59 cm x 37 cm (27.4")
Picture Aspect Ratio 16:10
Horizontal Frequency 30 - 85 kHz
Vertical Frequency 50 - 75 Hz
Maximum Pixel Clock 170 MHz
Maximum Resolution 1920 x 1200
Gamma 2.20
DPMS Mode Support Active-Off
Supported Video Modes:
640 x 480 75 Hz
800 x 480 75 Hz
800 x 600 75 Hz
1024 x 600 75 Hz
1024 x 768 75 Hz
1152 x 864 75 Hz
1280 x 720 75 Hz
1280 x 768 75 Hz
1280 x 800 75 Hz
1280 x 1024 75 Hz
1366 x 768 75 Hz
1400 x 1050 75 Hz
1440 x 900 75 Hz
1600 x 1200 65 Hz
1680 x 1050 75 Hz
1920 x 1080 70 Hz
1920 x 1200 65 Hz
[ Hannstar HZ281H ]
Monitor Properties:
Monitor Name Hannstar HZ281H
Monitor ID HSD6735
Model HZ281H
Monitor Type 28" LCD (WUXGA)
Manufacture Date Week 26 / 2010
Serial Number 026LM3AY00347
Max. Visible Display Size 59 cm x 37 cm (27.4")
Picture Aspect Ratio 16:10
Horizontal Frequency 30 - 85 kHz
Vertical Frequency 50 - 75 Hz
Maximum Pixel Clock 170 MHz
Maximum Resolution 1920 x 1200
Gamma 2.20
DPMS Mode Support Active-Off
Supported Video Modes:
640 x 480 75 Hz
800 x 480 75 Hz
800 x 600 75 Hz
1024 x 600 75 Hz
1024 x 768 75 Hz
1152 x 864 75 Hz
1280 x 720 75 Hz
1280 x 768 75 Hz
1280 x 800 75 Hz
1280 x 1024 75 Hz
1366 x 768 75 Hz
1400 x 1050 75 Hz
1440 x 900 75 Hz
1600 x 1200 65 Hz
1680 x 1050 75 Hz
1920 x 1080 70 Hz
1920 x 1200 65 Hz
[ Hannstar HZ281H ]
Monitor Properties:
Monitor Name Hannstar HZ281H
Monitor ID HSD6735
Model HZ281H
Monitor Type 28" LCD (WUXGA)
Manufacture Date Week 26 / 2010
Serial Number 026LM3AY00359
Max. Visible Display Size 59 cm x 37 cm (27.4")
Picture Aspect Ratio 16:10
Horizontal Frequency 30 - 85 kHz
Vertical Frequency 50 - 75 Hz
Maximum Pixel Clock 170 MHz
Maximum Resolution 1920 x 1200
Gamma 2.20
DPMS Mode Support Active-Off
Supported Video Modes:
640 x 480 75 Hz
800 x 480 75 Hz
800 x 600 75 Hz
1024 x 600 75 Hz
1024 x 768 75 Hz
1152 x 864 75 Hz
1280 x 720 75 Hz
1280 x 768 75 Hz
1280 x 800 75 Hz
1280 x 1024 75 Hz
1366 x 768 75 Hz
1400 x 1050 75 Hz
1440 x 900 75 Hz
1600 x 1200 65 Hz
1680 x 1050 75 Hz
1920 x 1080 70 Hz
1920 x 1200 65 Hz
Desktop
Desktop Properties:
Device Technology Raster Display
Resolution 5760 x 1200
Color Depth 32-bit
Color Planes 1
Font Resolution 96 dpi
Pixel Width / Height 36 / 36
Pixel Diagonal 51
Vertical Refresh Rate 60 Hz
Desktop Wallpaper C:\Windows\Web\Wallpaper\Landscapes\img7.jpg
Desktop Effects:
Combo-Box Animation Enabled
Drop Shadow Effect Enabled
Flat Menu Effect Enabled
Font Smoothing Enabled
ClearType Enabled
Full Window Dragging Enabled
Gradient Window Title Bars Enabled
Hide Menu Access Keys Enabled
Hot Tracking Effect Enabled
Icon Title Wrapping Enabled
List-Box Smooth Scrolling Enabled
Menu Animation Enabled
Menu Fade Effect Enabled
Minimize/Restore Animation Enabled
Mouse Cursor Shadow Enabled
Selection Fade Effect Enabled
ShowSounds Accessibility Feature Disabled
ToolTip Animation Enabled
ToolTip Fade Effect Enabled
Windows Aero Enabled
Windows Plus! Extension Disabled
Multi-Monitor
Device ID Primary Upper Left Corner Bottom Right Corner
\\.\DISPLAY10 Yes (0,0) (5760,1200)
Video Modes
Resolution Color Depth Refresh Rate
640 x 480 8-bit 60 Hz
640 x 480 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 480 8-bit 60 Hz
720 x 480 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 480 16-bit 60 Hz
720 x 480 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 480 32-bit 60 Hz
720 x 480 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 576 8-bit 60 Hz
720 x 576 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 576 16-bit 60 Hz
720 x 576 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 576 32-bit 60 Hz
720 x 576 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
800 x 600 8-bit 60 Hz
800 x 600 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1024 x 768 8-bit 60 Hz
1024 x 768 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 720 8-bit 60 Hz
1280 x 720 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 720 16-bit 60 Hz
1280 x 720 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 720 32-bit 60 Hz
1280 x 720 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 800 8-bit 60 Hz
1280 x 800 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 800 16-bit 60 Hz
1280 x 800 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 800 32-bit 60 Hz
1280 x 800 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 1024 8-bit 60 Hz
1280 x 1024 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1600 x 1200 8-bit 60 Hz
1600 x 1200 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1680 x 1050 8-bit 60 Hz
1680 x 1050 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1680 x 1050 16-bit 60 Hz
1680 x 1050 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1680 x 1050 32-bit 60 Hz
1680 x 1050 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1920 x 1200 8-bit 60 Hz
1920 x 1200 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
2400 x 600 32-bit 60 Hz
2400 x 600 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
2532 x 600 32-bit 60 Hz
5040 x 1050 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
5320 x 1050 32-bit 60 Hz
5320 x 1050 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
5760 x 1200 32-bit 60 Hz
6080 x 1200 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
OpenGL
OpenGL Properties:
Vendor ATI Technologies Inc.
Renderer AMD Radeon HD 6900 Series
Version 4.1.10767 Compatibility Profile Context
Shading Language Version 4.10
OpenGL DLL 6.1.7600.16385(win7_rtm.090713-1255)
Multitexture Texture Units 8
Occlusion Query Counter Bits 32
Sub-Pixel Precision 8-bit
Max Viewport Size 16384 x 16384
Max Cube Map Texture Size 16384 x 16384
Max Rectangle Texture Size 16384 x 16384
Max 3D Texture Size 8192 x 8192 x 8192
Max Anisotropy 16
Max Clipping Planes 8
Max Display-List Nesting Level 64
Max Draw Buffers 8
Max Evaluator Order 40
Max Light Sources 8
Max Pixel Map Table Size 256
Min / Max Program Texel Offset -8 / 7
Max Texture Array Layers 8192
Max Texture LOD Bias 16
OpenGL Compliancy:
OpenGL 1.1 Yes (100%)
OpenGL 1.2 Yes (100%)
OpenGL 1.3 Yes (100%)
OpenGL 1.4 Yes (100%)
OpenGL 1.5 Yes (100%)
OpenGL 2.0 Yes (100%)
OpenGL 2.1 Yes (100%)
OpenGL 3.0 Yes (100%)
OpenGL 3.1 Yes (100%)
OpenGL 3.2 Yes (100%)
OpenGL 3.3 Yes (100%)
OpenGL 4.0 Yes (100%)
OpenGL 4.1 Yes (100%)
Max Stack Depth:
Attribute Stack 16
Client Attribute Stack 16
Modelview Matrix Stack 32
Name Stack 64
Projection Matrix Stack 10
Texture Matrix Stack 10
Draw Range Elements:
Max Index Count 16777215
Max Vertex Count 2147483647
Transform Feedback:
Max Interleaved Components 64
Max Separate Attributes 4
Max Separate Components 4
Framebuffer Object:
Max Color Attachments 8
Max Render Buffer Size 16384 x 16384
Imaging:
Max Color Matrix Stack Depth 10
Max Convolution Width / Height 11 / 11
Vertex Shader:
Max Uniform Vertex Components 16384
Max Varying Floats 128
Max Vertex Texture Image Units 16
Max Combined Texture Image Units 32
Geometry Shader:
Max Geometry Texture Units 16
Max Varying Components 128
Max Geometry Varying Components 128
Max Vertex Varying Components 128
Max Geometry Uniform Components 16384
Max Geometry Output Vertices 1024
Max Geometry Total Output Components 16384
Fragment Shader:
Max Uniform Fragment Components 16384
Max Fragment Registers 6
Max Fragment Constants 8
Max Passes 2
Max Instructions Per Pass 8
Max Total Instructions 16
Max Input Interpolator Components 3
Max Loopback Components 3
Vertex Program:
Max Local Parameters 256
Max Environment Parameters 256
Max Program Matrices 32
Max Program Matrix Stack Depth 32
Max Vertex Attributes 29
Max Instructions 2147483647
Max Native Instructions 2147483647
Max Temporaries 320
Max Native Temporaries 256
Max Parameters 256
Max Native Parameters 256
Max Attributes 29
Max Native Attributes 32
Max Address Registers 1
Max Native Address Registers 1
Fragment Program:
Max Local Parameters 256
Max Environment Parameters 256
Max Texture Coordinates 16
Max Texture Image Units 16
Max Instructions 2147483647
Max Native Instructions 2147483647
Max Temporaries 320
Max Native Temporaries 256
Max Parameters 256
Max Native Parameters 256
Max Attributes 29
Max Native Attributes 16
Max Address Registers 0
Max Native Address Registers 0
Max ALU Instructions 2147483647
Max Native ALU Instructions 2147483647
Max Texture Instructions 2147483647
Max Native Texture Instructions 2147483647
Max Texture Indirections 2147483647
Max Native Texture Indirections 2147483647
OpenGL Extensions:
GL_3DFX_multisample Not Supported
GL_3DFX_tbuffer Not Supported
GL_3DFX_texture_compression_FXT1 Not Supported
GL_3DL_direct_texture_access2 Not Supported
GL_3Dlabs_multisample_transparency_id Not Supported
GL_3Dlabs_multisample_transparency_range Not Supported
GL_AMD_blend_minmax_factor Supported
GL_AMD_conservative_depth Supported
GL_AMD_debug_output Supported
GL_AMD_depth_clamp_separate Supported
GL_AMD_draw_buffers_blend Supported
GL_AMD_multi_draw_indirect Supported
GL_AMD_name_gen_delete Supported
GL_AMD_performance_monitor Supported
GL_AMD_pinned_memory Supported
GL_AMD_sample_positions Supported
GL_AMD_seamless_cubemap_per_texture Supported
GL_AMD_shader_stencil_export Supported
GL_AMD_shader_trace Supported
GL_AMD_texture_compression_dxt6 Not Supported
GL_AMD_texture_compression_dxt7 Not Supported
GL_AMD_texture_cube_map_array Supported
GL_AMD_texture_texture4 Supported
GL_AMD_transform_feedback3_lines_triangles Supported
GL_AMD_vertex_shader_tessellator Supported
GL_AMDX_debug_output Supported
GL_AMDX_name_gen_delete Not Supported
GL_AMDX_random_access_target Not Supported
GL_AMDX_vertex_shader_tessellator Supported
GL_APPLE_aux_depth_stencil Not Supported
GL_APPLE_client_storage Not Supported
GL_APPLE_element_array Not Supported
GL_APPLE_fence Not Supported
GL_APPLE_float_pixels Not Supported
GL_APPLE_flush_buffer_range Not Supported
GL_APPLE_flush_render Not Supported
GL_APPLE_object_purgeable Not Supported
GL_APPLE_packed_pixel Not Supported
GL_APPLE_packed_pixels Not Supported
GL_APPLE_pixel_buffer Not Supported
GL_APPLE_rgb_422 Not Supported
GL_APPLE_specular_vector Not Supported
GL_APPLE_texture_range Not Supported
GL_APPLE_transform_hint Not Supported
GL_APPLE_vertex_array_object Not Supported
GL_APPLE_vertex_array_range Not Supported
GL_APPLE_vertex_program_evaluators Not Supported
GL_APPLE_ycbcr_422 Not Supported
GL_ARB_blend_func_extended Supported
GL_ARB_color_buffer_float Supported
GL_ARB_compatibility Not Supported
GL_ARB_copy_buffer Supported
GL_ARB_debug_output Not Supported
GL_ARB_depth_buffer_float Supported
GL_ARB_depth_clamp Supported
GL_ARB_depth_texture Supported
GL_ARB_draw_buffers Supported
GL_ARB_draw_buffers_blend Supported
GL_ARB_draw_elements_base_vertex Supported
GL_ARB_draw_indirect Supported
GL_ARB_draw_instanced Supported
GL_ARB_ES2_compatibility Supported
GL_ARB_explicit_attrib_location Supported
GL_ARB_fragment_coord_conventions Supported
GL_ARB_fragment_program Supported
GL_ARB_fragment_program_shadow Supported
GL_ARB_fragment_shader Supported
GL_ARB_framebuffer_object Supported
GL_ARB_framebuffer_sRGB Supported
GL_ARB_geometry_shader4 Supported
GL_ARB_get_program_binary Supported
GL_ARB_gpu_shader_fp64 Supported
GL_ARB_gpu_shader5 Supported
GL_ARB_half_float_pixel Supported
GL_ARB_half_float_vertex Supported
GL_ARB_imaging Supported
GL_ARB_instanced_arrays Supported
GL_ARB_make_current_read Not Supported
GL_ARB_map_buffer_range Supported
GL_ARB_matrix_palette Not Supported
GL_ARB_multisample Supported
GL_ARB_multitexture Supported
GL_ARB_occlusion_query Supported
GL_ARB_occlusion_query2 Supported
GL_ARB_pixel_buffer_object Supported
GL_ARB_point_parameters Supported
GL_ARB_point_sprite Supported
GL_ARB_provoking_vertex Supported
GL_ARB_robustness Not Supported
GL_ARB_sample_shading Supported
GL_ARB_sampler_objects Supported
GL_ARB_seamless_cube_map Supported
GL_ARB_separate_shader_objects Supported
GL_ARB_shader_atomic_counters Not Supported
GL_ARB_shader_bit_encoding Supported
GL_ARB_shader_objects Supported
GL_ARB_shader_precision Supported
GL_ARB_shader_stencil_export Supported
GL_ARB_shader_subroutine Supported
GL_ARB_shader_texture_lod Supported
GL_ARB_shading_language_100 Supported
GL_ARB_shading_language_120 Not Supported
GL_ARB_shading_language_include Not Supported
GL_ARB_shadow Supported
GL_ARB_shadow_ambient Supported
GL_ARB_swap_buffers Not Supported
GL_ARB_sync Supported
GL_ARB_tessellation_shader Supported
GL_ARB_texture_border_clamp Supported
GL_ARB_texture_buffer_object Supported
GL_ARB_texture_buffer_object_rgb32 Supported
GL_ARB_texture_compression Supported
GL_ARB_texture_compression_bptc Supported
GL_ARB_texture_compression_rgtc Supported
GL_ARB_texture_cube_map Supported
GL_ARB_texture_cube_map_array Supported
GL_ARB_texture_env_add Supported
GL_ARB_texture_env_combine Supported
GL_ARB_texture_env_crossbar Supported
GL_ARB_texture_env_dot3 Supported
GL_ARB_texture_float Supported
GL_ARB_texture_gather Supported
GL_ARB_texture_mirrored_repeat Supported
GL_ARB_texture_multisample Supported
GL_ARB_texture_non_power_of_two Supported
GL_ARB_texture_query_lod Supported
GL_ARB_texture_rectangle Supported
GL_ARB_texture_rg Supported
GL_ARB_texture_rgb10_a2ui Supported
GL_ARB_texture_snorm Supported
GL_ARB_texture_swizzle Not Supported
GL_ARB_timer_query Supported
GL_ARB_transform_feedback2 Supported
GL_ARB_transform_feedback3 Supported
GL_ARB_transpose_matrix Supported
GL_ARB_uber_buffers Not Supported
GL_ARB_uber_mem_image Not Supported
GL_ARB_uber_vertex_array Not Supported
GL_ARB_uniform_buffer_object Supported
GL_ARB_vertex_array_bgra Supported
GL_ARB_vertex_array_object Supported
GL_ARB_vertex_attrib_64bit Supported
GL_ARB_vertex_blend Not Supported
GL_ARB_vertex_buffer_object Supported
GL_ARB_vertex_program Supported
GL_ARB_vertex_shader Supported
GL_ARB_vertex_type_2_10_10_10_rev Supported
GL_ARB_viewport_array Supported
GL_ARB_window_pos Supported
GL_ATI_array_rev_comps_in_4_bytes Not Supported
GL_ATI_blend_equation_separate Not Supported
GL_ATI_blend_weighted_minmax Not Supported
GL_ATI_draw_buffers Supported
GL_ATI_element_array Not Supported
GL_ATI_envmap_bumpmap Supported
GL_ATI_fragment_shader Supported
GL_ATI_lock_texture Not Supported
GL_ATI_map_object_buffer Not Supported
GL_ATI_meminfo Supported
GL_ATI_pixel_format_float Not Supported
GL_ATI_pn_triangles Not Supported
GL_ATI_point_cull_mode Not Supported
GL_ATI_separate_stencil Supported
GL_ATI_shader_texture_lod Not Supported
GL_ATI_text_fragment_shader Not Supported
GL_ATI_texture_compression_3dc Supported
GL_ATI_texture_env_combine3 Supported
GL_ATI_texture_float Supported
GL_ATI_texture_mirror_once Supported
GL_ATI_vertex_array_object Not Supported
GL_ATI_vertex_attrib_array_object Not Supported
GL_ATI_vertex_blend Not Supported
GL_ATI_vertex_shader Not Supported
GL_ATI_vertex_streams Not Supported
GL_ATIX_pn_triangles Not Supported
GL_ATIX_texture_env_combine3 Not Supported
GL_ATIX_texture_env_route Not Supported
GL_ATIX_vertex_shader_output_point_size Not Supported
GL_Autodesk_facet_normal Not Supported
GL_Autodesk_valid_back_buffer_hint Not Supported
GL_DIMD_YUV Not Supported
GL_EXT_422_pixels Not Supported
GL_EXT_abgr Supported
GL_EXT_bgra Supported
GL_EXT_bindable_uniform Supported
GL_EXT_blend_color Supported
GL_EXT_blend_equation_separate Supported
GL_EXT_blend_func_separate Supported
GL_EXT_blend_logic_op Not Supported
GL_EXT_blend_minmax Supported
GL_EXT_blend_subtract Supported
GL_EXT_Cg_shader Not Supported
GL_EXT_clip_volume_hint Not Supported
GL_EXT_cmyka Not Supported
GL_EXT_color_matrix Not Supported
GL_EXT_color_subtable Not Supported
GL_EXT_color_table Not Supported
GL_EXT_compiled_vertex_array Supported
GL_EXT_convolution Not Supported
GL_EXT_convolution_border_modes Not Supported
GL_EXT_coordinate_frame Not Supported
GL_EXT_copy_buffer Supported
GL_EXT_copy_texture Supported
GL_EXT_cull_vertex Not Supported
GL_EXT_depth_bounds_test Not Supported
GL_EXT_depth_buffer_float Not Supported
GL_EXT_direct_state_access Supported
GL_EXT_draw_buffers2 Supported
GL_EXT_draw_indirect Not Supported
GL_EXT_draw_instanced Supported
GL_EXT_draw_range_elements Supported
GL_EXT_fog_coord Supported
GL_EXT_fog_function Not Supported
GL_EXT_fog_offset Not Supported
GL_EXT_fragment_lighting Not Supported
GL_EXT_framebuffer_blit Supported
GL_EXT_framebuffer_multisample Supported
GL_EXT_framebuffer_object Supported
GL_EXT_framebuffer_sRGB Supported
GL_EXT_generate_mipmap Not Supported
GL_EXT_geometry_shader4 Supported
GL_EXT_gpu_program_parameters Supported
GL_EXT_gpu_shader_fp64 Not Supported
GL_EXT_gpu_shader4 Supported
GL_EXT_gpu_shader5 Not Supported
GL_EXT_histogram Supported
GL_EXT_index_array_formats Not Supported
GL_EXT_index_func Not Supported
GL_EXT_index_material Not Supported
GL_EXT_index_texture Not Supported
GL_EXT_interlace Not Supported
GL_EXT_light_texture Not Supported
GL_EXT_misc_attribute Not Supported
GL_EXT_multi_draw_arrays Supported
GL_EXT_multisample Not Supported
GL_EXT_packed_depth_stencil Supported
GL_EXT_packed_float Supported
GL_EXT_packed_pixels Supported
GL_EXT_packed_pixels_12 Not Supported
GL_EXT_paletted_texture Not Supported
GL_EXT_pixel_buffer_object Supported
GL_EXT_pixel_format Not Supported
GL_EXT_pixel_texture Not Supported
GL_EXT_pixel_transform Not Supported
GL_EXT_pixel_transform_color_table Not Supported
GL_EXT_point_parameters Supported
GL_EXT_polygon_offset Not Supported
GL_EXT_provoking_vertex Supported
GL_EXT_rescale_normal Supported
GL_EXT_scene_marker Not Supported
GL_EXT_secondary_color Supported
GL_EXT_separate_shader_objects Not Supported
GL_EXT_separate_specular_color Supported
GL_EXT_shader_atomic_counters Not Supported
GL_EXT_shader_image_load_store Supported
GL_EXT_shader_subroutine Not Supported
GL_EXT_shadow_funcs Supported
GL_EXT_shared_texture_palette Not Supported
GL_EXT_stencil_clear_tag Not Supported
GL_EXT_stencil_two_side Not Supported
GL_EXT_stencil_wrap Supported
GL_EXT_subtexture Supported
GL_EXT_swap_control Not Supported
GL_EXT_tessellation_shader Not Supported
GL_EXT_texgen_reflection Supported
GL_EXT_texture Not Supported
GL_EXT_texture_array Supported
GL_EXT_texture_border_clamp Not Supported
GL_EXT_texture_buffer_object Supported
GL_EXT_texture_buffer_object_rgb32 Not Supported
GL_EXT_texture_color_table Not Supported
GL_EXT_texture_compression_bptc Supported
GL_EXT_texture_compression_dxt1 Not Supported
GL_EXT_texture_compression_latc Supported
GL_EXT_texture_compression_rgtc Supported
GL_EXT_texture_compression_s3tc Supported
GL_EXT_texture_cube_map Supported
GL_EXT_texture_edge_clamp Supported
GL_EXT_texture_env Not Supported
GL_EXT_texture_env_add Supported
GL_EXT_texture_env_combine Supported
GL_EXT_texture_env_dot3 Supported
GL_EXT_texture_filter_anisotropic Supported
GL_EXT_texture_integer Supported
GL_EXT_texture_lod Supported
GL_EXT_texture_lod_bias Supported
GL_EXT_texture_mirror_clamp Supported
GL_EXT_texture_object Supported
GL_EXT_texture_perturb_normal Not Supported
GL_EXT_texture_rectangle Supported
GL_EXT_texture_shared_exponent Supported
GL_EXT_texture_snorm Supported
GL_EXT_texture_sRGB Supported
GL_EXT_texture_swizzle Supported
GL_EXT_texture3D Supported
GL_EXT_texture4D Not Supported
GL_EXT_timer_query Supported
GL_EXT_transform_feedback Supported
GL_EXT_transform_feedback2 Not Supported
GL_EXT_transform_feedback3 Not Supported
GL_EXT_vertex_array Supported
GL_EXT_vertex_array_bgra Supported
GL_EXT_vertex_attrib_64bit Supported
GL_EXT_vertex_shader Not Supported
GL_EXT_vertex_weighting Not Supported
GL_EXTX_framebuffer_mixed_formats Not Supported
GL_EXTX_packed_depth_stencil Not Supported
GL_FGL_lock_texture Not Supported
GL_GL2_geometry_shader Not Supported
GL_GREMEDY_frame_terminator Not Supported
GL_GREMEDY_string_marker Not Supported
GL_HP_convolution_border_modes Not Supported
GL_HP_image_transform Not Supported
GL_HP_occlusion_test Not Supported
GL_HP_texture_lighting Not Supported
GL_I3D_argb Not Supported
GL_I3D_color_clamp Not Supported
GL_I3D_interlace_read Not Supported
GL_IBM_clip_check Not Supported
GL_IBM_cull_vertex Not Supported
GL_IBM_load_named_matrix Not Supported
GL_IBM_multi_draw_arrays Not Supported
GL_IBM_multimode_draw_arrays Not Supported
GL_IBM_occlusion_cull Not Supported
GL_IBM_pixel_filter_hint Not Supported
GL_IBM_rasterpos_clip Not Supported
GL_IBM_rescale_normal Not Supported
GL_IBM_static_data Not Supported
GL_IBM_texture_clamp_nodraw Not Supported
GL_IBM_texture_mirrored_repeat Supported
GL_IBM_vertex_array_lists Not Supported
GL_IBM_YCbCr Not Supported
GL_IMG_read_format Not Supported
GL_IMG_texture_compression_pvrtc Not Supported
GL_IMG_texture_env_enhanced_fixed_function Not Supported
GL_IMG_texture_format_BGRA8888 Not Supported
GL_IMG_user_clip_planes Not Supported
GL_IMG_vertex_program Not Supported
GL_INGR_blend_func_separate Not Supported
GL_INGR_color_clamp Not Supported
GL_INGR_interlace_read Not Supported
GL_INGR_multiple_palette Not Supported
GL_INTEL_parallel_arrays Not Supported
GL_INTEL_texture_scissor Not Supported
GL_KTX_buffer_region Supported
GL_MESA_pack_invert Not Supported
GL_MESA_program_debug Not Supported
GL_MESA_resize_buffers Not Supported
GL_MESA_window_pos Not Supported
GL_MESA_ycbcr_texture Not Supported
GL_MESAX_texture_stack Not Supported
GL_MTX_fragment_shader Not Supported
GL_MTX_precision_dpi Not Supported
GL_NV_blend_square Supported
GL_NV_centroid_sample Not Supported
GL_NV_conditional_render Supported
GL_NV_copy_depth_to_color Supported
GL_NV_copy_image Not Supported
GL_NV_depth_buffer_float Not Supported
GL_NV_depth_clamp Not Supported
GL_NV_depth_range_unclamped Not Supported
GL_NV_evaluators Not Supported
GL_NV_explicit_multisample Supported
GL_NV_fence Not Supported
GL_NV_float_buffer Supported
GL_NV_fog_distance Not Supported
GL_NV_fragment_program Not Supported
GL_NV_fragment_program_option Not Supported
GL_NV_fragment_program2 Not Supported
GL_NV_fragment_program4 Not Supported
GL_NV_framebuffer_multisample_coverage Not Supported
GL_NV_framebuffer_multisample_ex Not Supported
GL_NV_geometry_program4 Not Supported
GL_NV_geometry_shader4 Not Supported
GL_NV_gpu_program_fp64 Not Supported
GL_NV_gpu_program4 Not Supported
GL_NV_gpu_program4_1 Not Supported
GL_NV_gpu_program5 Not Supported
GL_NV_gpu_shader5 Not Supported
GL_NV_half_float Supported
GL_NV_light_max_exponent Not Supported
GL_NV_multisample_coverage Not Supported
GL_NV_multisample_filter_hint Not Supported
GL_NV_occlusion_query Not Supported
GL_NV_packed_depth_stencil Not Supported
GL_NV_parameter_buffer_object Not Supported
GL_NV_parameter_buffer_object2 Not Supported
GL_NV_pixel_buffer_object Not Supported
GL_NV_pixel_data_range Not Supported
GL_NV_point_sprite Not Supported
GL_NV_present_video Not Supported
GL_NV_primitive_restart Supported
GL_NV_register_combiners Not Supported
GL_NV_register_combiners2 Not Supported
GL_NV_shader_buffer_load Not Supported
GL_NV_shader_buffer_store Not Supported
GL_NV_tessellation_program5 Not Supported
GL_NV_texgen_emboss Not Supported
GL_NV_texgen_reflection Supported
GL_NV_texture_barrier Supported
GL_NV_texture_compression_latc Not Supported
GL_NV_texture_compression_vtc Not Supported
GL_NV_texture_env_combine4 Not Supported
GL_NV_texture_expand_normal Not Supported
GL_NV_texture_multisample Not Supported
GL_NV_texture_rectangle Not Supported
GL_NV_texture_shader Not Supported
GL_NV_texture_shader2 Not Supported
GL_NV_texture_shader3 Not Supported
GL_NV_timer_query Not Supported
GL_NV_transform_feedback Not Supported
GL_NV_transform_feedback2 Not Supported
GL_NV_vdpau_interop Not Supported
GL_NV_vertex_array_range Not Supported
GL_NV_vertex_array_range2 Not Supported
GL_NV_vertex_attrib_64bit Not Supported
GL_NV_vertex_attrib_integer_64bit Not Supported
GL_NV_vertex_buffer_unified_memory Not Supported
GL_NV_vertex_program Not Supported
GL_NV_vertex_program1_1 Not Supported
GL_NV_vertex_program2 Not Supported
GL_NV_vertex_program2_option Not Supported
GL_NV_vertex_program3 Not Supported
GL_NV_vertex_program4 Not Supported
GL_NVX_conditional_render Not Supported
GL_NVX_flush_hold Not Supported
GL_NVX_gpu_memory_info Not Supported
GL_NVX_instanced_arrays Not Supported
GL_NVX_ycrcb Not Supported
GL_OES_blend_subtract Not Supported
GL_OES_byte_coordinates Not Supported
GL_OES_compressed_paletted_texture Not Supported
GL_OES_conditional_query Not Supported
GL_OES_depth24 Not Supported
GL_OES_draw_texture Not Supported
GL_OES_fixed_point Not Supported
GL_OES_framebuffer_object Not Supported
GL_OES_mapbuffer Not Supported
GL_OES_matrix_get Not Supported
GL_OES_matrix_palette Not Supported
GL_OES_point_size_array Not Supported
GL_OES_point_sprite Not Supported
GL_OES_query_matrix Not Supported
GL_OES_read_format Not Supported
GL_OES_rgb8_rgba8 Not Supported
GL_OES_single_precision Not Supported
GL_OES_texture_mirrored_repeat Not Supported
GL_OML_interlace Not Supported
GL_OML_resample Not Supported
GL_OML_subsample Not Supported
GL_PGI_misc_hints Not Supported
GL_PGI_vertex_hints Not Supported
GL_REND_screen_coordinates Not Supported
GL_S3_performance_analyzer Not Supported
GL_S3_s3tc Not Supported
GL_SGI_color_matrix Not Supported
GL_SGI_color_table Not Supported
GL_SGI_compiled_vertex_array Not Supported
GL_SGI_cull_vertex Not Supported
GL_SGI_index_array_formats Not Supported
GL_SGI_index_func Not Supported
GL_SGI_index_material Not Supported
GL_SGI_index_texture Not Supported
GL_SGI_make_current_read Not Supported
GL_SGI_texture_add_env Not Supported
GL_SGI_texture_color_table Not Supported
GL_SGI_texture_edge_clamp Not Supported
GL_SGI_texture_lod Not Supported
GL_SGIS_color_range Not Supported
GL_SGIS_detail_texture Not Supported
GL_SGIS_fog_function Not Supported
GL_SGIS_generate_mipmap Supported
GL_SGIS_multisample Not Supported
GL_SGIS_multitexture Not Supported
GL_SGIS_pixel_texture Not Supported
GL_SGIS_point_line_texgen Not Supported
GL_SGIS_sharpen_texture Not Supported
GL_SGIS_texture_border_clamp Not Supported
GL_SGIS_texture_color_mask Not Supported
GL_SGIS_texture_edge_clamp Supported
GL_SGIS_texture_filter4 Not Supported
GL_SGIS_texture_lod Supported
GL_SGIS_texture_select Not Supported
GL_SGIS_texture4D Not Supported
GL_SGIX_async Not Supported
GL_SGIX_async_histogram Not Supported
GL_SGIX_async_pixel Not Supported
GL_SGIX_blend_alpha_minmax Not Supported
GL_SGIX_clipmap Not Supported
GL_SGIX_convolution_accuracy Not Supported
GL_SGIX_depth_pass_instrument Not Supported
GL_SGIX_depth_texture Not Supported
GL_SGIX_flush_raster Not Supported
GL_SGIX_fog_offset Not Supported
GL_SGIX_fog_texture Not Supported
GL_SGIX_fragment_specular_lighting Not Supported
GL_SGIX_framezoom Not Supported
GL_SGIX_instruments Not Supported
GL_SGIX_interlace Not Supported
GL_SGIX_ir_instrument1 Not Supported
GL_SGIX_list_priority Not Supported
GL_SGIX_pbuffer Not Supported
GL_SGIX_pixel_texture Not Supported
GL_SGIX_pixel_texture_bits Not Supported
GL_SGIX_reference_plane Not Supported
GL_SGIX_resample Not Supported
GL_SGIX_shadow Not Supported
GL_SGIX_shadow_ambient Not Supported
GL_SGIX_sprite Not Supported
GL_SGIX_subsample Not Supported
GL_SGIX_tag_sample_buffer Not Supported
GL_SGIX_texture_add_env Not Supported
GL_SGIX_texture_coordinate_clamp Not Supported
GL_SGIX_texture_lod_bias Not Supported
GL_SGIX_texture_multi_buffer Not Supported
GL_SGIX_texture_range Not Supported
GL_SGIX_texture_scale_bias Not Supported
GL_SGIX_vertex_preclip Not Supported
GL_SGIX_vertex_preclip_hint Not Supported
GL_SGIX_ycrcb Not Supported
GL_SGIX_ycrcb_subsample Not Supported
GL_SUN_convolution_border_modes Not Supported
GL_SUN_global_alpha Not Supported
GL_SUN_mesh_array Not Supported
GL_SUN_multi_draw_arrays Supported
GL_SUN_read_video_pixels Not Supported
GL_SUN_slice_accum Not Supported
GL_SUN_triangle_list Not Supported
GL_SUN_vertex Not Supported
GL_SUNX_constant_data Not Supported
GL_WGL_ARB_extensions_string Not Supported
GL_WGL_EXT_extensions_string Not Supported
GL_WGL_EXT_swap_control Not Supported
GL_WIN_phong_shading Not Supported
GL_WIN_specular_fog Not Supported
GL_WIN_swap_hint Supported
GLU_EXT_nurbs_tessellator Not Supported
GLU_EXT_object_space_tess Not Supported
GLU_SGI_filter4_parameters Not Supported
GLX_ARB_create_context Not Supported
GLX_ARB_fbconfig_float Not Supported
GLX_ARB_framebuffer_sRGB Not Supported
GLX_ARB_get_proc_address Not Supported
GLX_ARB_multisample Not Supported
GLX_EXT_fbconfig_packed_float Not Supported
GLX_EXT_framebuffer_sRGB Not Supported
GLX_EXT_import_context Not Supported
GLX_EXT_scene_marker Not Supported
GLX_EXT_texture_from_pixmap Not Supported
GLX_EXT_visual_info Not Supported
GLX_EXT_visual_rating Not Supported
GLX_MESA_agp_offset Not Supported
GLX_MESA_copy_sub_buffer Not Supported
GLX_MESA_pixmap_colormap Not Supported
GLX_MESA_release_buffers Not Supported
GLX_MESA_set_3dfx_mode Not Supported
GLX_NV_present_video Not Supported
GLX_NV_swap_group Not Supported
GLX_NV_video_output Not Supported
GLX_OML_swap_method Not Supported
GLX_OML_sync_control Not Supported
GLX_SGI_cushion Not Supported
GLX_SGI_make_current_read Not Supported
GLX_SGI_swap_control Not Supported
GLX_SGI_video_sync Not Supported
GLX_SGIS_blended_overlay Not Supported
GLX_SGIS_color_range Not Supported
GLX_SGIS_multisample Not Supported
GLX_SGIX_dm_buffer Not Supported
GLX_SGIX_fbconfig Not Supported
GLX_SGIX_hyperpipe Not Supported
GLX_SGIX_pbuffer Not Supported
GLX_SGIX_swap_barrier Not Supported
GLX_SGIX_swap_group Not Supported
GLX_SGIX_video_resize Not Supported
GLX_SGIX_video_source Not Supported
GLX_SGIX_visual_select_group Not Supported
GLX_SUN_get_transparent_index Not Supported
GLX_SUN_video_resize Not Supported
WGL_3DFX_gamma_control Not Supported
WGL_3DFX_multisample Not Supported
WGL_3DL_stereo_control Not Supported
WGL_AMD_gpu_association Supported
WGL_AMDX_gpu_association Supported
WGL_ARB_buffer_region Supported
WGL_ARB_create_context Supported
WGL_ARB_create_context_profile Supported
WGL_ARB_create_context_robustness Not Supported
WGL_ARB_extensions_string Supported
WGL_ARB_framebuffer_sRGB Not Supported
WGL_ARB_make_current_read Supported
WGL_ARB_multisample Supported
WGL_ARB_pbuffer Supported
WGL_ARB_pixel_format Supported
WGL_ARB_pixel_format_float Supported
WGL_ARB_render_texture Supported
WGL_ATI_pbuffer_memory_hint Not Supported
WGL_ATI_pixel_format_float Supported
WGL_ATI_render_texture_rectangle Supported
WGL_EXT_buffer_region Not Supported
WGL_EXT_create_context_es2_profile Not Supported
WGL_EXT_depth_float Not Supported
WGL_EXT_display_color_table Not Supported
WGL_EXT_extensions_string Supported
WGL_EXT_framebuffer_sRGB Supported
WGL_EXT_framebuffer_sRGBWGL_ARB_create_context Not Supported
WGL_EXT_gamma_control Not Supported
WGL_EXT_make_current_read Not Supported
WGL_EXT_multisample Not Supported
WGL_EXT_pbuffer Not Supported
WGL_EXT_pixel_format Not Supported
WGL_EXT_pixel_format_packed_float Supported
WGL_EXT_render_texture Not Supported
WGL_EXT_swap_control Supported
WGL_EXT_swap_interval Not Supported
WGL_I3D_digital_video_control Not Supported
WGL_I3D_gamma Not Supported
WGL_I3D_genlock Supported
WGL_I3D_image_buffer Not Supported
WGL_I3D_swap_frame_lock Not Supported
WGL_I3D_swap_frame_usage Not Supported
WGL_MTX_video_preview Not Supported
WGL_NV_copy_image Not Supported
WGL_NV_DX_interop Not Supported
WGL_NV_float_buffer Supported
WGL_NV_gpu_affinity Not Supported
WGL_NV_multisample_coverage Not Supported
WGL_NV_present_video Not Supported
WGL_NV_render_depth_texture Not Supported
WGL_NV_render_texture_rectangle Not Supported
WGL_NV_swap_group Supported
WGL_NV_vertex_array_range Not Supported
WGL_NV_video_output Not Supported
WGL_NVX_DX_interop Not Supported
WGL_OML_sync_control Not Supported
Supported Compressed Texture Formats:
RGB DXT1 Not Supported
RGBA DXT1 Not Supported
RGBA DXT3 Not Supported
RGBA DXT5 Not Supported
RGB FXT1 Not Supported
RGBA FXT1 Not Supported
3Dc Supported
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
GPGPU
[ Stream: Cayman ]
Device Properties:
Device Name Cayman
GPU Clock 810 MHz
SIMDs 24
UAVs 12
Shader Engines 2
Max Resource 1D Width 16384
Max Resource 2D Width / Height 16384 / 16384
Wavefront Size 64
Pitch Alignment 256 elements
Surface Alignment 4096 bytes
CAL Version 1.4.1385
CAL DLL aticalrt.dll (6.14.10.1385)
Memory Properties:
Memory Clock 1302 MHz
Total / Free Local Memory 2048 MB / 2016 MB
Total / Free Uncached Remote Memory 1844 MB / 1827 MB
Total / Free Cached Remote Memory 1844 MB / 1827 MB
Device Features:
Compute Shader Supported
3D ProgramGrid Supported
Double-Precision Floating-Point Supported
Global Data Share Supported
Global GPR Supported
Local Data Share Supported
Memory Export Supported
CAL Extensions:
CAL/D3D9 Interaction Supported
CAL/D3D10 Interaction Supported
CAL/OpenGL Interaction Not Supported
CAL Counters Supported
Compute Shader Supported
Create Resource Supported
Domain Parameters Supported
Sampler Supported
[ Stream: Cayman ]
Device Properties:
Device Name Cayman
GPU Clock 810 MHz
SIMDs 24
UAVs 12
Shader Engines 2
Max Resource 1D Width 16384
Max Resource 2D Width / Height 16384 / 16384
Wavefront Size 64
Pitch Alignment 256 elements
Surface Alignment 4096 bytes
CAL Version 1.4.1385
CAL DLL aticalrt.dll (6.14.10.1385)
Memory Properties:
Memory Clock 1302 MHz
Total / Free Local Memory 2048 MB / 2016 MB
Total / Free Uncached Remote Memory 1844 MB / 1827 MB
Total / Free Cached Remote Memory 1844 MB / 1827 MB
Device Features:
Compute Shader Supported
3D ProgramGrid Supported
Double-Precision Floating-Point Supported
Global Data Share Supported
Global GPR Supported
Local Data Share Supported
Memory Export Supported
CAL Extensions:
CAL/D3D9 Interaction Supported
CAL/D3D10 Interaction Supported
CAL/OpenGL Interaction Not Supported
CAL Counters Supported
Compute Shader Supported
Create Resource Supported
Domain Parameters Supported
Sampler Supported
[ Direct3D: AMD Radeon HD 6900 Series ]
Device Properties:
Device Name AMD Radeon HD 6900 Series
Driver Name aticfx32.dll
Driver Version 8.17.10.1077
Shader Model SM 5.0
Max Threads 1024
Multiple UAV Access 8 UAVs
Thread Dispatch 3D
Thread Local Storage 32 KB
Device Features:
Append/Consume Buffers Supported
Atomic Operations Supported
Double-Precision Floating-Point Supported
Gather4 Supported
Indirect Compute Dispatch Supported
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
Fonts
Font Family Type Style Character Set Char. Size Char. Weight
@Batang Roman Regular Baltic 16 x 32 40 %
@Batang Roman Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Batang Roman Regular Greek 16 x 32 40 %
@Batang Roman Regular Hangul 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Batang Roman Regular Western 16 x 32 40 %
@BatangChe Modern Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@BatangChe Modern Regular Cyrillic 16 x 32 40 %
@BatangChe Modern Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@BatangChe Modern Regular Turkish 16 x 32 40 %
@BatangChe Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@DFKai-SB Script Regular Western 16 x 32 40 %
@Dotum Swiss Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Dotum Swiss Regular Cyrillic 16 x 32 40 %
@Dotum Swiss Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Dotum Swiss Regular Turkish 16 x 32 40 %
@Dotum Swiss Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@DotumChe Modern Regular Central European 16 x 32 40 %
@DotumChe Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@DotumChe Modern Regular Hangul 16 x 32 40 %
@DotumChe Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@FangSong Modern Regular CHINESE_GB2312 16 x 32 40 %
@FangSong Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Gulim Swiss Regular Central European 16 x 32 40 %
@Gulim Swiss Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Gulim Swiss Regular Hangul 16 x 32 40 %
@Gulim Swiss Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GulimChe Modern Regular Baltic 16 x 32 40 %
@GulimChe Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GulimChe Modern Regular Greek 16 x 32 40 %
@GulimChe Modern Regular Hangul 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GulimChe Modern Regular Western 16 x 32 40 %
@Gungsuh Roman Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Gungsuh Roman Regular Cyrillic 16 x 32 40 %
@Gungsuh Roman Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Gungsuh Roman Regular Turkish 16 x 32 40 %
@Gungsuh Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GungsuhChe Modern Regular Central European 16 x 32 40 %
@GungsuhChe Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GungsuhChe Modern Regular Hangul 16 x 32 40 %
@GungsuhChe Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@KaiTi Modern Regular CHINESE_GB2312 16 x 32 40 %
@KaiTi Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 %
@Malgun Gothic Swiss Regular Western 15 x 43 40 %
@Meiryo UI Swiss Regular Baltic 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 %
@Meiryo UI Swiss Regular Cyrillic 17 x 41 40 %
@Meiryo UI Swiss Regular Greek 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 %
@Meiryo UI Swiss Regular Turkish 17 x 41 40 %
@Meiryo UI Swiss Regular Western 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
@Meiryo Swiss Regular Central European 31 x 48 40 %
@Meiryo Swiss Regular Cyrillic 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
@Meiryo Swiss Regular Japanese 31 x 48 40 %
@Meiryo Swiss Regular Turkish 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
@Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 %
@Microsoft JhengHei Swiss Regular Greek 15 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 %
@Microsoft YaHei Swiss Regular Central European 15 x 42 40 %
@Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 %
@Microsoft YaHei Swiss Regular Greek 15 x 42 40 %
@Microsoft YaHei Swiss Regular Turkish 15 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 %
@MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 %
@MingLiU Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MingLiU_HKSCS Roman Regular Western 16 x 32 40 %
@MingLiU_HKSCS-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 %
@MingLiU-ExtB Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Gothic Modern Regular Central European 16 x 32 40 %
@MS Gothic Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Gothic Modern Regular Japanese 16 x 32 40 %
@MS Gothic Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Mincho Modern Regular Baltic 16 x 32 40 %
@MS Mincho Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Mincho Modern Regular Greek 16 x 32 40 %
@MS Mincho Modern Regular Japanese 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Mincho Modern Regular Western 16 x 32 40 %
@MS PGothic Swiss Regular Baltic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS PGothic Swiss Regular Cyrillic 13 x 32 40 %
@MS PGothic Swiss Regular Greek 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS PGothic Swiss Regular Turkish 13 x 32 40 %
@MS PGothic Swiss Regular Western 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS PMincho Roman Regular Central European 13 x 32 40 %
@MS PMincho Roman Regular Cyrillic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS PMincho Roman Regular Japanese 13 x 32 40 %
@MS PMincho Roman Regular Turkish 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS UI Gothic Swiss Regular Baltic 13 x 32 40 %
@MS UI Gothic Swiss Regular Central European 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS UI Gothic Swiss Regular Greek 13 x 32 40 %
@MS UI Gothic Swiss Regular Japanese 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS UI Gothic Swiss Regular Western 13 x 32 40 %
@NSimSun Modern Regular CHINESE_GB2312 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 %
@PMingLiU Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@PMingLiU-ExtB Roman Regular Western 16 x 32 40 %
@SimHei Modern Regular CHINESE_GB2312 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@SimSun Special Regular CHINESE_GB2312 16 x 32 40 %
@SimSun Special Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@SimSun-ExtB Modern Regular Western 16 x 32 40 %
Aharoni Special Bold Hebrew 15 x 32 70 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 49 40 %
Andalus Roman Regular Western 15 x 49 40 %
Angsana New Roman Regular Thai 8 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 43 40 %
AngsanaUPC Roman Regular Thai 8 x 43 40 %
AngsanaUPC Roman Regular Western 8 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 38 40 %
Arabic Typesetting Script Regular Arabic 9 x 36 40 %
Arabic Typesetting Script Regular Baltic 9 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 36 40 %
Arabic Typesetting Script Regular Turkish 9 x 36 40 %
Arabic Typesetting Script Regular Western 9 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 45 90 %
Arial Black Swiss Regular Central European 18 x 45 90 %
Arial Black Swiss Regular Cyrillic 18 x 45 90 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 45 90 %
Arial Black Swiss Regular Turkish 18 x 45 90 %
Arial Black Swiss Regular Western 18 x 45 90 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Arial Swiss Regular Baltic 14 x 36 40 %
Arial Swiss Regular Central European 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Arial Swiss Regular Greek 14 x 36 40 %
Arial Swiss Regular Hebrew 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Arial Swiss Regular Vietnamese 14 x 36 40 %
Arial Swiss Regular Western 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Batang Roman Regular Central European 16 x 32 40 %
Batang Roman Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Batang Roman Regular Hangul 16 x 32 40 %
Batang Roman Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
BatangChe Modern Regular Baltic 16 x 32 40 %
BatangChe Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
BatangChe Modern Regular Greek 16 x 32 40 %
BatangChe Modern Regular Hangul 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
BatangChe Modern Regular Western 16 x 32 40 %
Browallia New Swiss Regular Thai 9 x 40 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 40 40 %
BrowalliaUPC Swiss Regular Thai 9 x 40 40 %
BrowalliaUPC Swiss Regular Western 9 x 40 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Calibri Swiss Regular Central European 17 x 39 40 %
Calibri Swiss Regular Cyrillic 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Calibri Swiss Regular Turkish 17 x 39 40 %
Calibri Swiss Regular Vietnamese 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Cambria Math Roman Regular Baltic 20 x 179 40 %
Cambria Math Roman Regular Central European 20 x 179 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 179 40 %
Cambria Math Roman Regular Greek 20 x 179 40 %
Cambria Math Roman Regular Turkish 20 x 179 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 179 40 %
Cambria Math Roman Regular Western 20 x 179 40 %
Cambria Roman Regular Baltic 20 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 38 40 %
Cambria Roman Regular Cyrillic 20 x 38 40 %
Cambria Roman Regular Greek 20 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 38 40 %
Cambria Roman Regular Vietnamese 20 x 38 40 %
Cambria Roman Regular Western 20 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Candara Swiss Regular Central European 17 x 39 40 %
Candara Swiss Regular Cyrillic 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Candara Swiss Regular Turkish 17 x 39 40 %
Candara Swiss Regular Vietnamese 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Comic Sans MS Script Regular Baltic 15 x 45 40 %
Comic Sans MS Script Regular Central European 15 x 45 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 45 40 %
Comic Sans MS Script Regular Greek 15 x 45 40 %
Comic Sans MS Script Regular Turkish 15 x 45 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 45 40 %
Consolas Modern Regular Baltic 18 x 37 40 %
Consolas Modern Regular Central European 18 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 37 40 %
Consolas Modern Regular Greek 18 x 37 40 %
Consolas Modern Regular Turkish 18 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 37 40 %
Consolas Modern Regular Western 18 x 37 40 %
Constantia Roman Regular Baltic 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Constantia Roman Regular Cyrillic 17 x 39 40 %
Constantia Roman Regular Greek 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Constantia Roman Regular Vietnamese 17 x 39 40 %
Constantia Roman Regular Western 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Corbel Swiss Regular Central European 17 x 39 40 %
Corbel Swiss Regular Cyrillic 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Corbel Swiss Regular Turkish 17 x 39 40 %
Corbel Swiss Regular Vietnamese 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Cordia New Swiss Regular Thai 9 x 44 40 %
Cordia New Swiss Regular Western 9 x 44 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 44 40 %
CordiaUPC Swiss Regular Western 9 x 44 40 %
Courier New Modern Regular Arabic 19 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 %
Courier New Modern Regular Central European 19 x 36 40 %
Courier New Modern Regular Cyrillic 19 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 %
Courier New Modern Regular Hebrew 19 x 36 40 %
Courier New Modern Regular Turkish 19 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 %
Courier New Modern Regular Western 19 x 36 40 %
Courier Modern Western 8 x 13 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 43 40 %
David Swiss Regular Hebrew 13 x 31 40 %
DFKai-SB Script Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
DilleniaUPC Roman Regular Thai 9 x 42 40 %
DilleniaUPC Roman Regular Western 9 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 62 40 %
DokChampa Swiss Regular Western 19 x 62 40 %
Dotum Swiss Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Dotum Swiss Regular Cyrillic 16 x 32 40 %
Dotum Swiss Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Dotum Swiss Regular Turkish 16 x 32 40 %
Dotum Swiss Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
DotumChe Modern Regular Central European 16 x 32 40 %
DotumChe Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
DotumChe Modern Regular Hangul 16 x 32 40 %
DotumChe Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Ebrima Special Regular Baltic 19 x 43 40 %
Ebrima Special Regular Central European 19 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 43 40 %
Ebrima Special Regular Western 19 x 43 40 %
Estrangelo Edessa Script Regular Western 16 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 39 40 %
EucrosiaUPC Roman Regular Western 9 x 39 40 %
Euphemia Swiss Regular Western 22 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
FangSong Modern Regular Western 16 x 32 40 %
Fixedsys Modern Western 8 x 15 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Franklin Gothic Medium Swiss Regular Central European 14 x 36 40 %
Franklin Gothic Medium Swiss Regular Cyrillic 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Franklin Gothic Medium Swiss Regular Turkish 14 x 36 40 %
Franklin Gothic Medium Swiss Regular Western 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 30 40 %
FreesiaUPC Swiss Regular Thai 9 x 38 40 %
FreesiaUPC Swiss Regular Western 9 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 59 40 %
Gabriola Decorative Regular Central European 16 x 59 40 %
Gabriola Decorative Regular Cyrillic 16 x 59 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 59 40 %
Gabriola Decorative Regular Turkish 16 x 59 40 %
Gabriola Decorative Regular Western 16 x 59 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 56 40 %
Georgia Roman Regular Baltic 14 x 36 40 %
Georgia Roman Regular Central European 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Georgia Roman Regular Greek 14 x 36 40 %
Georgia Roman Regular Turkish 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Gisha Swiss Regular Hebrew 16 x 38 40 %
Gisha Swiss Regular Western 16 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Gulim Swiss Regular Central European 16 x 32 40 %
Gulim Swiss Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Gulim Swiss Regular Hangul 16 x 32 40 %
Gulim Swiss Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GulimChe Modern Regular Baltic 16 x 32 40 %
GulimChe Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GulimChe Modern Regular Greek 16 x 32 40 %
GulimChe Modern Regular Hangul 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GulimChe Modern Regular Western 16 x 32 40 %
Gungsuh Roman Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Gungsuh Roman Regular Cyrillic 16 x 32 40 %
Gungsuh Roman Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Gungsuh Roman Regular Turkish 16 x 32 40 %
Gungsuh Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GungsuhChe Modern Regular Central European 16 x 32 40 %
GungsuhChe Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GungsuhChe Modern Regular Hangul 16 x 32 40 %
GungsuhChe Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Impact Swiss Regular Baltic 13 x 39 40 %
Impact Swiss Regular Central European 13 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 39 40 %
Impact Swiss Regular Greek 13 x 39 40 %
Impact Swiss Regular Turkish 13 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 39 40 %
IrisUPC Swiss Regular Thai 9 x 40 40 %
IrisUPC Swiss Regular Western 9 x 40 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 22 x 36 40 %
JasmineUPC Roman Regular Thai 9 x 34 40 %
JasmineUPC Roman Regular Western 9 x 34 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
KaiTi Modern Regular Western 16 x 32 40 %
Kalinga Swiss Regular Western 19 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 27 x 46 40 %
Khmer UI Swiss Regular Western 21 x 36 40 %
KodchiangUPC Roman Regular Thai 9 x 31 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 31 40 %
Kokila Swiss Regular Western 13 x 37 40 %
Lao UI Swiss Regular Western 18 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 23 x 44 40 %
Leelawadee Swiss Regular Thai 17 x 38 40 %
Leelawadee Swiss Regular Western 17 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 42 40 %
LilyUPC Swiss Regular Thai 9 x 30 40 %
LilyUPC Swiss Regular Western 9 x 30 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 32 40 %
Lucida Console Modern Regular Cyrillic 19 x 32 40 %
Lucida Console Modern Regular Greek 19 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 32 40 %
Lucida Console Modern Regular Western 19 x 32 40 %
Lucida Sans Unicode Swiss Regular Baltic 16 x 49 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 49 40 %
Lucida Sans Unicode Swiss Regular Cyrillic 16 x 49 40 %
Lucida Sans Unicode Swiss Regular Greek 16 x 49 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 49 40 %
Lucida Sans Unicode Swiss Regular Turkish 16 x 49 40 %
Lucida Sans Unicode Swiss Regular Western 16 x 49 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 %
Malgun Gothic Swiss Regular Western 15 x 43 40 %
Mangal Roman Regular Western 19 x 54 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 32 50 %
Meiryo UI Swiss Regular Baltic 17 x 41 40 %
Meiryo UI Swiss Regular Central European 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 %
Meiryo UI Swiss Regular Greek 17 x 41 40 %
Meiryo UI Swiss Regular Japanese 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 %
Meiryo UI Swiss Regular Western 17 x 41 40 %
Meiryo Swiss Regular Baltic 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
Meiryo Swiss Regular Cyrillic 31 x 48 40 %
Meiryo Swiss Regular Greek 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
Meiryo Swiss Regular Turkish 31 x 48 40 %
Meiryo Swiss Regular Western 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 %
Microsoft JhengHei Swiss Regular Greek 15 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 %
Microsoft New Tai Lue Swiss Regular Western 19 x 42 40 %
Microsoft PhagsPa Swiss Regular Western 24 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Baltic 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Central European 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Greek 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Hebrew 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Turkish 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Vietnamese 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Microsoft Tai Le Swiss Regular Western 19 x 41 40 %
Microsoft Uighur Special Regular Arabic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
Microsoft YaHei Swiss Regular Central European 15 x 42 40 %
Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 %
Microsoft YaHei Swiss Regular Greek 15 x 42 40 %
Microsoft YaHei Swiss Regular Turkish 15 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 %
Microsoft Yi Baiti Script Regular Western 21 x 32 40 %
MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MingLiU_HKSCS Roman Regular CHINESE_BIG5 16 x 32 40 %
MingLiU_HKSCS Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MingLiU_HKSCS-ExtB Roman Regular Western 16 x 32 40 %
MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Miriam Fixed Modern Regular Hebrew 19 x 32 40 %
Miriam Swiss Regular Hebrew 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 37 40 %
Mongolian Baiti Script Regular Western 14 x 34 40 %
MoolBoran Swiss Regular Western 13 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Gothic Modern Regular Central European 16 x 32 40 %
MS Gothic Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Gothic Modern Regular Japanese 16 x 32 40 %
MS Gothic Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Mincho Modern Regular Baltic 16 x 32 40 %
MS Mincho Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Mincho Modern Regular Greek 16 x 32 40 %
MS Mincho Modern Regular Japanese 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Mincho Modern Regular Western 16 x 32 40 %
MS PGothic Swiss Regular Baltic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS PGothic Swiss Regular Cyrillic 13 x 32 40 %
MS PGothic Swiss Regular Greek 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS PGothic Swiss Regular Turkish 13 x 32 40 %
MS PGothic Swiss Regular Western 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS PMincho Roman Regular Central European 13 x 32 40 %
MS PMincho Roman Regular Cyrillic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS PMincho Roman Regular Japanese 13 x 32 40 %
MS PMincho Roman Regular Turkish 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS Sans Serif Swiss Western 5 x 13 40 %
MS Serif Roman Western 5 x 13 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS UI Gothic Swiss Regular Central European 13 x 32 40 %
MS UI Gothic Swiss Regular Cyrillic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS UI Gothic Swiss Regular Japanese 13 x 32 40 %
MS UI Gothic Swiss Regular Turkish 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MV Boli Special Regular Western 18 x 52 40 %
Narkisim Swiss Regular Hebrew 12 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
NSimSun Modern Regular Western 16 x 32 40 %
Nyala Special Regular Baltic 18 x 33 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 33 40 %
Nyala Special Regular Turkish 18 x 33 40 %
Nyala Special Regular Western 18 x 33 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 %
Palatino Linotype Roman Regular Central European 14 x 43 40 %
Palatino Linotype Roman Regular Cyrillic 14 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 %
Palatino Linotype Roman Regular Turkish 14 x 43 40 %
Palatino Linotype Roman Regular Vietnamese 14 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 %
Plantagenet Cherokee Roman Regular Western 14 x 41 40 %
PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
PMingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 %
PMingLiU-ExtB Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 53 40 %
Rod Modern Regular Hebrew 19 x 31 40 %
Roman Roman OEM/DOS 22 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 45 40 %
Sakkal Majalla Special Regular Baltic 16 x 45 40 %
Sakkal Majalla Special Regular Central European 16 x 45 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 45 40 %
Sakkal Majalla Special Regular Western 16 x 45 40 %
Script Script OEM/DOS 16 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 21 x 56 40 %
Segoe Print Special Regular Central European 21 x 56 40 %
Segoe Print Special Regular Cyrillic 21 x 56 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 21 x 56 40 %
Segoe Print Special Regular Turkish 21 x 56 40 %
Segoe Print Special Regular Western 21 x 56 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 22 x 51 40 %
Segoe Script Swiss Regular Central European 22 x 51 40 %
Segoe Script Swiss Regular Cyrillic 22 x 51 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 22 x 51 40 %
Segoe Script Swiss Regular Turkish 22 x 51 40 %
Segoe Script Swiss Regular Western 22 x 51 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 %
Segoe UI Light Swiss Regular Central European 17 x 43 30 %
Segoe UI Light Swiss Regular Cyrillic 17 x 43 30 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 %
Segoe UI Light Swiss Regular Turkish 17 x 43 30 %
Segoe UI Light Swiss Regular Vietnamese 17 x 43 30 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 %
Segoe UI Semibold Swiss Regular Baltic 18 x 43 60 %
Segoe UI Semibold Swiss Regular Central European 18 x 43 60 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 43 60 %
Segoe UI Semibold Swiss Regular Greek 18 x 43 60 %
Segoe UI Semibold Swiss Regular Turkish 18 x 43 60 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 43 60 %
Segoe UI Semibold Swiss Regular Western 18 x 43 60 %
Segoe UI Symbol Swiss Regular Western 23 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 %
Segoe UI Swiss Regular Baltic 17 x 43 40 %
Segoe UI Swiss Regular Central European 17 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 %
Segoe UI Swiss Regular Greek 17 x 43 40 %
Segoe UI Swiss Regular Turkish 17 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 %
Segoe UI Swiss Regular Western 17 x 43 40 %
Shonar Bangla Swiss Regular Western 16 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 54 40 %
SimHei Modern Regular CHINESE_GB2312 16 x 32 40 %
SimHei Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 35 40 %
Simplified Arabic Fixed Modern Regular Western 19 x 35 40 %
Simplified Arabic Roman Regular Arabic 13 x 53 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 53 40 %
SimSun Special Regular CHINESE_GB2312 16 x 32 40 %
SimSun Special Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
SimSun-ExtB Modern Regular Western 16 x 32 40 %
Small Fonts Swiss Western 1 x 3 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 42 40 %
Sylfaen Roman Regular Central European 13 x 42 40 %
Sylfaen Roman Regular Cyrillic 13 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 42 40 %
Sylfaen Roman Regular Turkish 13 x 42 40 %
Sylfaen Roman Regular Western 13 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 39 40 %
System Swiss Western 7 x 16 70 %
Tahoma Swiss Regular Arabic 14 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 %
Tahoma Swiss Regular Central European 14 x 39 40 %
Tahoma Swiss Regular Cyrillic 14 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 %
Tahoma Swiss Regular Hebrew 14 x 39 40 %
Tahoma Swiss Regular Thai 14 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 %
Tahoma Swiss Regular Vietnamese 14 x 39 40 %
Tahoma Swiss Regular Western 14 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 12 40 %
Times New Roman Roman Regular Arabic 13 x 35 40 %
Times New Roman Roman Regular Baltic 13 x 35 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 %
Times New Roman Roman Regular Cyrillic 13 x 35 40 %
Times New Roman Roman Regular Greek 13 x 35 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 %
Times New Roman Roman Regular Turkish 13 x 35 40 %
Times New Roman Roman Regular Vietnamese 13 x 35 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 %
Traditional Arabic Roman Regular Arabic 15 x 48 40 %
Traditional Arabic Roman Regular Western 15 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 37 40 %
Trebuchet MS Swiss Regular Central European 15 x 37 40 %
Trebuchet MS Swiss Regular Cyrillic 15 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 37 40 %
Trebuchet MS Swiss Regular Turkish 15 x 37 40 %
Trebuchet MS Swiss Regular Western 15 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 53 40 %
Utsaah Swiss Regular Western 13 x 36 40 %
Vani Swiss Regular Western 23 x 54 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 %
Verdana Swiss Regular Central European 16 x 39 40 %
Verdana Swiss Regular Cyrillic 16 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 %
Verdana Swiss Regular Turkish 16 x 39 40 %
Verdana Swiss Regular Vietnamese 16 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 %
Vijaya Swiss Regular Western 19 x 32 40 %
Vrinda Swiss Regular Western 20 x 44 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 32 40 %
Wingdings Special Regular Symbol 28 x 36 40 %
Windows Audio
Device Identifier Device Description
midi-out.0 0001 001B Microsoft GS Wavetable Synth
mixer.0 0001 FFFF Speakers (High Definition Audio
mixer.1 0001 FFFF Digital Audio (S/PDIF) (High De
mixer.2 0001 0068 AMD DP Output (2- AMD High De
mixer.3 0001 FFFF Digital Audio (S/PDIF) (High De
mixer.4 0001 FFFF Microphone (High Definition Aud
wave-in.0 0001 FFFF Microphone (High Definition Aud
wave-out.0 0001 FFFF Speakers (High Definition Audio
wave-out.1 0001 FFFF Digital Audio (S/PDIF) (High De
wave-out.2 0001 0064 AMD DP Output (2- AMD High De
wave-out.3 0001 FFFF Digital Audio (S/PDIF) (High De
PCI / PnP Audio
Device Description Type
ATI Radeon HDMI @ AMD Cayman/Antilles - High Definition Audio Controller PCI
ATI Radeon HDMI @ AMD Cayman/Antilles - High Definition Audio Controller PCI
Realtek ALC889 @ Intel Cougar Point PCH - High Definition Audio Controller [B-3] PCI
HD Audio
[ AMD Cayman/Antilles - High Definition Audio Controller ]
Device Properties:
Device Description AMD Cayman/Antilles - High Definition Audio Controller
Device Description (Windows) High Definition Audio Controller
Bus Type PCI
Bus / Device / Function 1 / 0 / 1
Device ID 1002-AA80
Subsystem ID 1043-AA80
Revision 00
Hardware ID PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us-en/Processors/DevelopWithAMD/0,,30_2252_873,00.html
Driver Download http://www.amd.com/us-en/Processors/TechnicalResources/0,,30_182_871_2336,00.html
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
[ ATI Radeon HDMI ]
Device Properties:
Device Description ATI Radeon HDMI
Device Description (Windows) AMD High Definition Audio Device
Device Type Audio
Bus Type HDAUDIO
Device ID 1002-AA01
Subsystem ID 00AA-0100
Revision 1002
Hardware ID HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://ati.amd.com/products/integrated.html
Driver Download http://ati.amd.com/support/driver.html
Driver Update http://www.aida64.com/driver-updates
[ AMD Cayman/Antilles - High Definition Audio Controller ]
Device Properties:
Device Description AMD Cayman/Antilles - High Definition Audio Controller
Device Description (Windows) High Definition Audio Controller
Bus Type PCI
Bus / Device / Function 2 / 0 / 1
Device ID 1002-AA80
Subsystem ID 1043-AA80
Revision 00
Hardware ID PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us-en/Processors/DevelopWithAMD/0,,30_2252_873,00.html
Driver Download http://www.amd.com/us-en/Processors/TechnicalResources/0,,30_182_871_2336,00.html
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
[ ATI Radeon HDMI ]
Device Properties:
Device Description ATI Radeon HDMI
Device Description (Windows) AMD High Definition Audio Device
Device Type Audio
Bus Type HDAUDIO
Device ID 1002-AA01
Subsystem ID 00AA-0100
Revision 1002
Hardware ID HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://ati.amd.com/products/integrated.html
Driver Download http://ati.amd.com/support/driver.html
Driver Update http://www.aida64.com/driver-updates
[ Intel Cougar Point PCH - High Definition Audio Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Device Description (Windows) High Definition Audio Controller
Bus Type PCI
Bus / Device / Function 0 / 27 / 0
Device ID 8086-1C20
Subsystem ID 1043-840F
Revision 05
Hardware ID PCI\VEN_8086&DEV_1C20&SUBSYS_840F1043&REV_05
Device Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/chipsets
Driver Download http://support.intel.com/support/chipsets
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
[ Realtek ALC889 ]
Device Properties:
Device Description Realtek ALC889
Device Description (Windows) Realtek High Definition Audio
Device Type Audio
Bus Type HDAUDIO
Device ID 10EC-0889
Subsystem ID 1043-840F
Revision 1000
Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_1043840F&REV_1000
Device Manufacturer:
Company Name Realtek Semiconductor Corp.
Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
Driver Download http://www.realtek.com.tw/downloads
Driver Update http://www.aida64.com/driver-updates
OpenAL
OpenAL Properties:
Vendor Creative Labs Inc.
Renderer Software
Version 1.1
Device Name Generic Software
OpenAL DLL 6.14.0357.24
Creative OpenAL DLL Not Present
Wrapper DLL 2.2.0.5
Hardware Sound Buffers 0
X-RAM Not Present
OpenAL Extensions:
AL_EXT_EXPONENT_DISTANCE Supported
AL_EXT_LINEAR_DISTANCE Supported
AL_EXT_OFFSET Supported
ALC_ENUMERATE_ALL_EXT Supported
ALC_ENUMERATION_EXT Supported
ALC_EXT_CAPTURE Supported
ALC_EXT_EFX Supported
EAX Supported
EAX2.0 Supported
EAX3.0 Not Supported
EAX3.0EMULATED Supported
EAX4.0 Not Supported
EAX4.0EMULATED Supported
EAX5.0 Not Supported
EAX-RAM Not Supported
Audio Codecs
[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]
ACM Driver Properties:
Driver Description Fraunhofer IIS MPEG Layer-3 Codec (decode only)
Copyright Notice Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
Driver Features decoder only version
Driver Version 1.09
[ Microsoft ADPCM CODEC ]
ACM Driver Properties:
Driver Description Microsoft ADPCM CODEC
Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation
Driver Features Compresses and decompresses Microsoft ADPCM audio data.
Driver Version 4.00
[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]
ACM Driver Properties:
Driver Description Microsoft CCITT G.711 A-Law and u-Law CODEC
Copyright Notice Copyright (c) 1993-1996 Microsoft Corporation
Driver Features Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
Driver Version 4.00
[ Microsoft GSM 6.10 Audio CODEC ]
ACM Driver Properties:
Driver Description Microsoft GSM 6.10 Audio CODEC
Copyright Notice Copyright (C) 1993-1996 Microsoft Corporation
Driver Features Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
Driver Version 4.00
[ Microsoft IMA ADPCM CODEC ]
ACM Driver Properties:
Driver Description Microsoft IMA ADPCM CODEC
Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation
Driver Features Compresses and decompresses IMA ADPCM audio data.
Driver Version 4.00
[ Microsoft PCM Converter ]
ACM Driver Properties:
Driver Description Microsoft PCM Converter
Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation
Driver Features Converts frequency and bits per sample of PCM audio data.
Driver Version 5.00
Video Codecs
Driver Version Description
frapsvid.dll 3.2.6.12176 Fraps Video Decompressor
iccvid.dll 1.10.0.11 Cinepak® Codec
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
msrle32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft RLE Compressor
msvidc32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Video 1 Compressor
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
rtvcvfw32.dll RivaTuner Video Codec
tsbyuv.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Toshiba Video Codec
MCI
[ AVIVideo ]
MCI Device Properties:
Device AVIVideo
Name Video for Windows
Description Video For Windows MCI driver
Type Digital Video Device
Driver mciavi32.dll
Status Enabled
MCI Device Features:
Compound Device Yes
File Based Device Yes
Can Eject No
Can Play Yes
Can Play In Reverse Yes
Can Record No
Can Save Data No
Can Freeze Data No
Can Lock Data No
Can Stretch Frame Yes
Can Stretch Input No
Can Test Yes
Audio Capable Yes
Video Capable Yes
Still Image Capable No
[ CDAudio ]
MCI Device Properties:
Device CDAudio
Name CD Audio
Description MCI driver for cdaudio devices
Type CD Audio Device
Driver mcicda.dll
Status Enabled
MCI Device Features:
Compound Device No
File Based Device No
Can Eject Yes
Can Play Yes
Can Record No
Can Save Data No
Audio Capable Yes
Video Capable No
[ MPEGVideo ]
MCI Device Properties:
Device MPEGVideo
Name DirectShow
Description DirectShow MCI Driver
Type Digital Video Device
Driver mciqtz32.dll
Status Enabled
MCI Device Features:
Compound Device Yes
File Based Device Yes
Can Eject No
Can Play Yes
Can Play In Reverse No
Can Record No
Can Save Data No
Can Freeze Data No
Can Lock Data No
Can Stretch Frame Yes
Can Stretch Input No
Can Test Yes
Audio Capable Yes
Video Capable Yes
Still Image Capable No
[ Sequencer ]
MCI Device Properties:
Device Sequencer
Name MIDI Sequencer
Description MCI driver for MIDI sequencer
Type Sequencer Device
Driver mciseq.dll
Status Enabled
MCI Device Features:
Compound Device Yes
File Based Device Yes
Can Eject No
Can Play Yes
Can Record No
Can Save Data No
Audio Capable Yes
Video Capable No
[ WaveAudio ]
MCI Device Properties:
Device WaveAudio
Name Sound
Description MCI driver for waveform audio
Type Waveform Audio Device
Driver mciwave.dll
Status Enabled
MCI Device Features:
Compound Device Yes
File Based Device Yes
Can Eject No
Can Play Yes
Can Record Yes
Can Save Data Yes
Audio Capable Yes
Video Capable No
Windows Storage
[ SAMSUNG HD103SJ ATA Device ]
Device Properties:
Driver Description SAMSUNG HD103SJ ATA Device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File disk.inf
Disk Device Physical Info:
Manufacturer Samsung
Hard Disk Family SpinPoint F3
Form Factor 3.5"
Formatted Capacity 1000 GB
Disks 2
Recording Surfaces 4
Physical Dimensions 147.0 x 101.5 x 26.1 mm
Max. Weight 625 g
Average Rotational Latency 4.17 ms
Rotational Speed 7200 RPM
Average Seek 8.9 ms
Interface SATA-II
Buffer-to-Host Data Rate 300 MB/s
Buffer Size 32 MB
Spin-Up Time 11 sec
Device Manufacturer:
Company Name Samsung
Product Information http://www.samsung.com/global/business/hdd
[ SanDisk Cruzer Blade USB Device ]
Device Properties:
Driver Description SanDisk Cruzer Blade USB Device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File disk.inf
Device Manufacturer:
Company Name SanDisk Corporation
Product Information http://www.sandisk.com/business-solutions/ssd/landing
[ PIONEER DVD-RW DVR-216D ATA Device ]
Device Properties:
Driver Description PIONEER DVD-RW DVR-216D ATA Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File cdrom.inf
Optical Drive Properties:
Manufacturer Pioneer
Device Type DVD+RW/DVD-RW
Interface SATA
Writing Speeds:
DVD+R9 Dual Layer 12x
DVD+R 20x
DVD+RW 8x
DVD-R9 Dual Layer 12x
DVD-R 20x
DVD-RW 6x
CD-R 40x
CD-RW 32x
Reading Speeds:
DVD-ROM 16x
CD-ROM 40x
Device Manufacturer:
Company Name Pioneer Corporation
Product Information http://www.pioneer-eur.com/eur/productgroups.jsp
Firmware Download http://www.pioneer.eu/eur/support/
[ ATA Channel 0 ]
Device Properties:
Driver Description ATA Channel 0
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ ATA Channel 0 ]
Device Properties:
Driver Description ATA Channel 0
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ ATA Channel 1 ]
Device Properties:
Driver Description ATA Channel 1
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ ATA Channel 1 ]
Device Properties:
Driver Description ATA Channel 1
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ ATA Channel 4 ]
Device Properties:
Driver Description ATA Channel 4
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Driver Date 26/04/2011
Driver Version 10.5.0.1026
Driver Provider Intel
INF File oem43.inf
Device Resources:
IRQ 20
Memory FBF25000-FBF257FF
Port F020-F03F
Port F060-F063
Port F070-F077
Port F080-F083
Port F090-F097
[ Standard AHCI 1.0 Serial ATA Controller ]
Device Properties:
Driver Description Standard AHCI 1.0 Serial ATA Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Device Resources:
IRQ 16
Memory FB810000-FB8101FF
Port B000-B00F
Port B010-B013
Port B020-B027
Port B030-B033
Port B040-B047
[ Standard Dual Channel PCI IDE Controller ]
Device Properties:
Driver Description Standard Dual Channel PCI IDE Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Device Resources:
IRQ 19
Memory FB910000-FB9101FF
Port C000-C00F
Port C010-C013
Port C020-C027
Port C030-C033
Port C040-C047
Logical Drives
Drive Drive Type File System Total Size Used Space Free Space % Free Volume Serial
[ TRIAL VERSION ] Local Disk NTFS [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
D: Optical Drive
E: Removable Disk FAT32 15251 MB 0 MB 15251 MB 100 % C011-8E7B
F: Optical Drive
Physical Drives
[ Drive #1 - SAMSUNG HD103SJ (931 GB) ]
Partition Partition Type Drive Start Offset Partition Length
#1 (Active) NTFS 1 MB 100 MB
#2 NTFS C: 101 MB 953767 MB
[ Drive #2 - SanDiskCruzer Blade (14 GB) ]
Partition Partition Type Drive Start Offset Partition Length
#1 FAT32 E: 0 MB 15258 MB
Optical Drives
[ D:\ PIONEER DVD-RW DVR-216D ATA Device ]
Optical Drive Properties:
Device Description PIONEER DVD-RW DVR-216D ATA Device
Serial Number HHDP115930WL
Firmware Revision 1.07
Firmware Date 25/07/2008
Buffer Size 2000 KB
Manufacturer Pioneer
Device Type DVD+RW/DVD-RW
Interface SATA
Region Code 2
Remaining User Changes 4
Remaining Vendor Changes 4
Writing Speeds:
DVD+R9 Dual Layer 12x
DVD+R 20x
DVD+RW 8x
DVD-R9 Dual Layer 12x
DVD-R 20x
DVD-RW 6x
CD-R 40x
CD-RW 32x
Reading Speeds:
DVD-ROM 16x
CD-ROM 40x
Supported Disk Types:
BD-ROM Not Supported
BD-R Not Supported
BD-RE Not Supported
HD DVD-ROM Not Supported
HD DVD-R Not Supported
HD DVD-RW Not Supported
DVD-ROM Read
DVD+R9 Dual Layer Read + Write
DVD+R Read + Write
DVD+RW Read + Write
DVD-R9 Dual Layer Read + Write
DVD-R Read + Write
DVD-RW Read + Write
DVD-RAM Read
CD-ROM Read
CD-R Read + Write
CD-RW Read + Write
Optical Drive Features:
Buffer Underrun Protection Supported
C2 Error Pointers Supported
CD+G Not Supported
CD-Text Supported
Hybrid Disc Not Supported
JustLink Not Supported
LabelFlash Not Supported
Layer-Jump Recording Supported
LightScribe Not Supported
Mount Rainier Not Supported
SMART Not Supported
CSS Supported
CPRM Supported
AACS Not Supported
VCPS Not Supported
BD CPS Not Supported
Device Manufacturer:
Company Name Pioneer Corporation
Product Information http://www.pioneer-eur.com/eur/productgroups.jsp
Firmware Download http://www.pioneer.eu/eur/support/
Driver Update http://www.aida64.com/driver-updates
ATA
[ SAMSUNG HD103SJ (S246JR0ZC00154) ]
ATA Device Properties:
Model ID SAMSUNG HD103SJ
Serial Number S246JR0ZC00154
Revision 1AJ10001
World Wide Name 5-0000F0-0C00A5401
Device Type SATA-II
Parameters 1938021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
LBA Sectors 1953525168
Buffer 32767 KB
Multiple Sectors 16
ECC Bytes 4
Unformatted Capacity 953870 MB
ATA Standard ATA8-ACS
ATA Device Features:
48-bit LBA Supported
Advanced Power Management Supported, Disabled
Automatic Acoustic Management Supported, Disabled
Device Configuration Overlay Supported
DMA Setup Auto-Activate Supported, Disabled
General Purpose Logging Supported
Host Protected Area Supported, Enabled
In-Order Data Delivery Not Supported
Native Command Queuing Supported
Phy Event Counters Supported
Power Management Supported, Enabled
Power-Up In Standby Supported, Disabled
Read Look-Ahead Supported, Enabled
Release Interrupt Not Supported
Security Mode Supported, Disabled
SMART Supported, Enabled
SMART Error Logging Supported
SMART Self-Test Supported
Software Settings Preservation Supported, Enabled
Streaming Not Supported
Tagged Command Queuing Not Supported
Write Cache Supported, Enabled
SSD Features:
Data Set Management Not Supported
Deterministic Read After TRIM Not Supported
TRIM Command Not Supported
ATA Device Physical Info:
Manufacturer Samsung
Hard Disk Family SpinPoint F3
Form Factor 3.5"
Formatted Capacity 1000 GB
Disks 2
Recording Surfaces 4
Physical Dimensions 147.0 x 101.5 x 26.1 mm
Max. Weight 625 g
Average Rotational Latency 4.17 ms
Rotational Speed 7200 RPM
Average Seek 8.9 ms
Interface SATA-II
Buffer-to-Host Data Rate 300 MB/s
Buffer Size 32 MB
Spin-Up Time 11 sec
ATA Device Manufacturer:
Company Name Samsung
Product Information http://www.samsung.com/global/business/hdd
Driver Update http://www.aida64.com/driver-updates
SMART
[ SAMSUNG HD103SJ (S246JR0ZC00154) ]
ID Attribute Description Threshold Value Worst Data Status
01 Raw Read Error Rate 51 100 100 1 OK: Value is normal
02 Throughput Performance 0 252 252 0 OK: Always passes
03 Spinup Time 25 73 73 8228 OK: Value is normal
04 Start/Stop Count 0 100 100 107 OK: Always passes
05 Reallocated Sector Count 10 252 252 0 OK: Value is normal
07 Seek Error Rate 51 252 252 0 OK: Value is normal
08 Seek Time Performance 15 252 252 0 OK: Value is normal
09 Power-On Time Count 0 100 100 145 OK: Always passes
0A Spinup Retry Count 51 252 252 0 OK: Value is normal
0B Calibration Retry Count 0 252 252 0 OK: Always passes
0C Power Cycle Count 0 100 100 144 OK: Always passes
BF Mechanical Shock 0 100 100 2 OK: Always passes
C0 Power-Off Retract Count 0 252 252 0 OK: Always passes
C2 Temperature 0 64 64 36, 14, 29 OK: Always passes
C3 Hardware ECC Recovered 0 100 100 0 OK: Always passes
C4 Reallocation Event Count 0 252 252 0 OK: Always passes
C5 Current Pending Sector Count 0 252 252 0 OK: Always passes
C6 Offline Uncorrectable Sector Count 0 252 252 0 OK: Always passes
C7 Ultra ATA CRC Error Rate 0 100 100 1 OK: Always passes
C8 Write Error Rate 0 100 100 98 OK: Always passes
DF Load/Unload Retry Count 0 252 252 0 OK: Always passes
E1 Load/Unload Cycle Count 0 100 100 150 OK: Always passes
Windows Network
[ Intel(R) 82579V Gigabit Network Connection ]
Network Adapter Properties:
Network Adapter Intel(R) 82579V Gigabit Network Connection
Interface Type Gigabit Ethernet
Hardware Address F4-6D-04-11-A0-5E
Connection Name Local Area Connection 3
Connection Speed 1000 Mbps
MTU 1500 bytes
DHCP Lease Obtained 14/06/2011 21:29:13
DHCP Lease Expires 14/06/2011 22:29:13
Bytes Received 582343299 (555.4 MB)
Bytes Sent 26909478 (25.7 MB)
Network Adapter Addresses:
IP / Subnet Mask [ TRIAL VERSION ]
Gateway [ TRIAL VERSION ]
DHCP [ TRIAL VERSION ]
DNS [ TRIAL VERSION ]
DNS [ TRIAL VERSION ]
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Intel(R) 82583V Gigabit Network Connection ]
Network Adapter Properties:
Network Adapter Intel(R) 82583V Gigabit Network Connection
Interface Type Gigabit Ethernet
Hardware Address F4-6D-04-11-9F-A2
Connection Name Local Area Connection 2
MTU 1500 bytes
Bytes Received 0
Bytes Sent 0
Network Adapter Addresses:
DNS [ TRIAL VERSION ]
DNS [ TRIAL VERSION ]
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
PCI / PnP Network
Device Description Type
Intel 82579V Gigabit Network Connection PCI
Intel 82583V Gigabit Network Connection PCI
IAM
[ Microsoft Communities ]
Account Properties:
Account Name Microsoft Communities
Account ID account{8EFE2CA4-8E1B-4DB0-A9E2-42B33335C4A4}.oeaccount
Account Type News (Default)
Connection Name Not Specified (IE Default)
NNTP Server msnews.microsoft.com
Account Features:
NNTP Prompt For Password No
NNTP Secure Authentication No
NNTP Secure Connection No
NNTP Use Group Descriptions No
NNTP Post Using Plain Text Format No
NNTP Post Using HTML Format No
[ Active Directory ]
Account Properties:
Account Name Active Directory
Account ID account{0A6162E2-ED66-422B-9AAC-E4DF4CBFAF92}.oeaccount
Account Type LDAP
Connection Name Not Specified (IE Default)
LDAP Server NULL:3268
LDAP User Name NULL
LDAP Search Base NULL
LDAP Search Timeout 1 min
Account Features:
LDAP Authentication Required Yes
LDAP Secure Authentication Yes
LDAP Secure Connection No
LDAP Simple Search Filter No
[ VeriSign Internet Directory Service ]
Account Properties:
Account Name VeriSign Internet Directory Service
Account ID account{46B4416A-5800-4884-AB52-D9FAB5E64938}.oeaccount
Account Type LDAP
Connection Name Not Specified (IE Default)
LDAP Server directory.verisign.com
LDAP URL http://www.verisign.com
LDAP Search Base NULL
LDAP Search Timeout 1 min
Account Features:
LDAP Authentication Required No
LDAP Secure Authentication No
LDAP Secure Connection No
LDAP Simple Search Filter Yes
Internet
Internet Settings:
Start Page http://go.microsoft.com/fwlink/?LinkId=69157
Search Page http://go.microsoft.com/fwlink/?LinkId=54896
Download Folder C:\Users\muggz\Downloads
Current Proxy:
Proxy Status Disabled
LAN Proxy:
Proxy Status Disabled
Routes
Type Net Destination Netmask Gateway Metric Interface
Active 0.0.0.0 0.0.0.0 192.168.0.1 10 192.168.0.8 (Intel(R) 82579V Gigabit Network Connection #2)
Active 127.0.0.0 255.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1)
Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 306 [ TRIAL VERSION ]
Active 127.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1)
Active 192.168.0.0 255.255.255.0 192.168.0.8 266 192.168.0.8 (Intel(R) 82579V Gigabit Network Connection #2)
Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 266 [ TRIAL VERSION ]
Active 192.168.0.255 255.255.255.255 192.168.0.8 266 192.168.0.8 (Intel(R) 82579V Gigabit Network Connection #2)
Active 224.0.0.0 240.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1)
Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 266 [ TRIAL VERSION ]
Active 255.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1)
Active 255.255.255.255 255.255.255.255 192.168.0.8 266 192.168.0.8 (Intel(R) 82579V Gigabit Network Connection #2)
IE Cookie
Last Access URL
2011-06-10 07:02:02 muggz@onlinestores.metaservices.microsoft.com/serviceswitching/
2011-06-13 18:48:54 muggz@atdmt.com/
2011-06-13 18:48:54 muggz@bing.com/
2011-06-13 18:48:54 muggz@live.com/
2011-06-13 18:48:54 muggz@msn.com/
2011-06-13 18:48:54 muggz@windowsmarketplace.com/
2011-06-13 18:48:54 muggz@workspace.office.live.com/
2011-06-13 18:48:54 muggz@zune.net/
2011-06-14 20:13:43 muggz@amd.com/
Browser History
Last Access URL
2011-06-08 00:42:53 muggz@file:///C:/Users/muggz/Downloads/Realtek_Audio_V51006254_Xp_V6016254_VistaWin7.zip
2011-06-08 17:03:24 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=14
2011-06-08 17:03:24 [ TRIAL VERSION ]
2011-06-09 00:24:01 muggz@file:///C:/Users/muggz/Downloads/The.Apprentice.S11E12.HDTV.XviD-2HD
2011-06-09 00:37:19 muggz@file:///C:/Users/muggz/Downloads/The.Apprentice.UK.S07E04.HDTV.XviD-BARGE/the.apprentice.uk.s0...
2011-06-09 00:37:22 [ TRIAL VERSION ]
2011-06-09 18:12:41 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=40
2011-06-09 18:39:37 muggz@file:///C:/Users/muggz/Downloads/NEC_USB_3_V2040_WindowsXP_Vista_7.zip
2011-06-09 20:53:10 [ TRIAL VERSION ]
2011-06-10 07:08:37 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=26
2011-06-10 07:08:38 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=37
2011-06-10 21:33:53 [ TRIAL VERSION ]
2011-06-10 21:34:10 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Chris%20Cole%20P...
2011-06-10 21:39:47 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Coliseum%20-%20T...
2011-06-10 21:58:30 [ TRIAL VERSION ]
2011-06-10 22:48:08 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=8
2011-06-11 11:32:31 muggz@file:///C:/Users/muggz/AppData/Local/Temp/tmpD690.tmp
2011-06-11 14:54:05 [ TRIAL VERSION ]
2011-06-11 15:00:01 muggz@file:///C:/ProgramData/Futuremark/3DMark%20Vantage/systeminfo/systeminfo.xml
2011-06-11 15:19:30 muggz@file:///C:/Users/muggz/Desktop/local.txt
2011-06-11 16:08:45 [ TRIAL VERSION ]
2011-06-11 16:59:26 muggz@file:///C:/Users/muggz/Downloads/Duke_Nukem_Forever-Razor1911/rzr-dnfr.nfo
2011-06-11 17:00:07 muggz@file:///C:/Users/muggz/Downloads/Duke_Nukem_Forever-Razor1911/rzr-dnfr.001
2011-06-11 17:17:08 [ TRIAL VERSION ]
2011-06-11 17:20:19 muggz@file:///F:/Duke%20Nukem%20Forever_disk1_2.sid
2011-06-11 20:50:47 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Digital%20-%20Ev...
2011-06-11 23:39:59 [ TRIAL VERSION ]
2011-06-12 21:49:13 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=22
2011-06-12 21:49:17 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=13
2011-06-12 22:20:27 [ TRIAL VERSION ]
2011-06-12 22:24:57 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Chomp%20On%20Thi...
2011-06-12 22:25:21 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Digital%20Skateb...
2011-06-12 22:25:23 [ TRIAL VERSION ]
2011-06-12 22:26:37 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/PUZZLE%20-%20Iss...
2011-06-12 22:29:25 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/ZERO%20-%20Dying...
2011-06-13 17:03:59 [ TRIAL VERSION ]
2011-06-13 17:07:43 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=59
2011-06-13 17:26:43 muggz@file:///C:/Users/muggz/Downloads/Game.Call%20of%20Duty%206%20MP.7z
2011-06-13 18:11:52 [ TRIAL VERSION ]
2011-06-13 18:25:33 muggz@file:///C:/Users/muggz/Downloads/p95v266.zip
2011-06-13 18:29:04 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=57
2011-06-13 18:29:25 [ TRIAL VERSION ]
2011-06-13 18:34:52 muggz@file:///C:/Users/muggz/Downloads/Widescreen%20Fixer%20(2011-05-27).7z
2011-06-13 20:35:22 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=2
2011-06-13 21:39:56 [ TRIAL VERSION ]
2011-06-13 21:44:35 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=56
2011-06-13 22:00:19 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=19
2011-06-13 22:00:19 [ TRIAL VERSION ]
2011-06-13 23:03:59 muggz@file:///C:/Users/muggz/Downloads/The.Apprentice.UK.S07E05.HDTV.XviD-BARGE/the.apprentice.uk.s0...
2011-06-14 17:10:52 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=15
2011-06-14 17:10:52 [ TRIAL VERSION ]
2011-06-14 18:24:50 muggz@file:///C:/Users/muggz/Downloads/3d-hentai-03.mpg
2011-06-14 18:25:12 muggz@file:///C:/Users/muggz/Downloads/3d-hentai-04.mpg
2011-06-14 18:25:29 [ TRIAL VERSION ]
2011-06-14 18:25:43 muggz@file:///C:/Users/muggz/Downloads/3d-anime-movie-05.mpg
2011-06-14 18:25:57 muggz@file:///C:/Users/muggz/Downloads/3d-anime-movie-06.mpg
2011-06-14 18:26:10 [ TRIAL VERSION ]
2011-06-14 18:27:36 muggz@file:///C:/Users/muggz/Downloads/3d-hentai-2.mpg
2011-06-14 18:28:41 muggz@file:///C:/Users/muggz/Downloads/3d-porn-movie-01.mpg
2011-06-14 19:17:07 [ TRIAL VERSION ]
2011-06-14 19:17:09 muggz@file:///C:/Users/muggz/Downloads/Shift.2.Unleashed-RELOADED/reloaded.nfo
2011-06-14 20:13:45 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=43
2011-06-14 21:00:03 [ TRIAL VERSION ]
2011-06-14 21:22:51 muggz@file:///C:/Users/muggz/Downloads/Big.Naturals.20.XXX.DVDRip.XviD-Jiggly/Covers/jiggly-bnatural...
2011-06-14 21:23:00 muggz@file:///C:/Users/muggz/Downloads/Big.Naturals.20.XXX.DVDRip.XviD-Jiggly/Sample/jiggly-bnatural...
2011-06-14 21:23:49 [ TRIAL VERSION ]
2011-06-14 21:25:10 muggz@file:///C:/Users/muggz/Downloads/Latin.Girl.Booty.Battle.XXX.NTSC.DVDR-CRYMXXX/Sample/crym-lgb...
DirectX Files
Name Version Type Language Size Date
amstream.dll 6.06.7601.17514 Final Retail English 70656 20/11/2010 13:18:03
bdaplgin.ax 6.01.7600.16385 Final Retail English 74240 14/07/2009 02:14:10
d3d8.dll 6.01.7600.16385 Final Retail English 1036800 14/07/2009 02:15:08
d3d8thk.dll 6.01.7600.16385 Final Retail English 11264 14/07/2009 02:15:08
d3d9.dll 6.01.7601.17514 Final Retail English 1828352 20/11/2010 13:18:25
d3dim.dll 6.01.7600.16385 Final Retail English 386048 14/07/2009 02:15:08
d3dim700.dll 6.01.7600.16385 Final Retail English 817664 14/07/2009 02:15:08
d3dramp.dll 6.01.7600.16385 Final Retail English 593920 14/07/2009 02:15:08
d3dxof.dll 6.01.7600.16385 Final Retail English 53760 14/07/2009 02:15:08
ddraw.dll 6.01.7600.16385 Final Retail English 531968 14/07/2009 02:15:10
ddrawex.dll 6.01.7600.16385 Final Retail English 30208 14/07/2009 02:15:10
devenum.dll 6.06.7600.16385 Final Retail English 66560 14/07/2009 02:15:10
dinput.dll 6.01.7600.16385 Final Retail English 136704 14/07/2009 02:15:11
dinput8.dll 6.01.7600.16385 Final Retail English 145408 14/07/2009 02:15:11
dmband.dll 6.01.7600.16385 Final Retail English 30720 14/07/2009 02:15:12
dmcompos.dll 6.01.7600.16385 Final Retail English 63488 14/07/2009 02:15:12
dmime.dll 6.01.7600.16385 Final Retail English 179712 14/07/2009 02:15:12
dmloader.dll 6.01.7600.16385 Final Retail English 38400 14/07/2009 02:15:12
dmscript.dll 6.01.7600.16385 Final Retail English 86016 14/07/2009 02:15:12
dmstyle.dll 6.01.7600.16385 Final Retail English 105984 14/07/2009 02:15:12
dmsynth.dll 6.01.7600.16385 Final Retail English 105472 14/07/2009 02:15:12
dmusic.dll 6.01.7600.16385 Final Retail English 101376 14/07/2009 02:15:12
dplaysvr.exe 6.01.7600.16385 Final Retail English 29184 14/07/2009 02:14:18
dplayx.dll 6.01.7600.16385 Final Retail English 213504 14/07/2009 02:15:12
dpmodemx.dll 6.01.7600.16385 Final Retail English 23040 14/07/2009 02:15:12
dpnaddr.dll 6.01.7601.17514 Final Retail English 2560 20/11/2010 12:57:57
dpnet.dll 6.01.7600.16385 Final Retail English 376832 14/07/2009 02:15:12
dpnhpast.dll 6.01.7600.16385 Final Retail English 7168 14/07/2009 02:15:12
dpnhupnp.dll 6.01.7600.16385 Final Retail English 7168 14/07/2009 02:15:12
dpnlobby.dll 6.01.7600.16385 Final Retail English 2560 14/07/2009 02:04:52
dpnsvr.exe 6.01.7600.16385 Final Retail English 33280 14/07/2009 02:14:18
dpwsockx.dll 6.01.7600.16385 Final Retail English 44032 14/07/2009 02:15:12
dsdmo.dll 6.01.7600.16385 Final Retail English 173568 14/07/2009 02:15:13
dsound.dll 6.01.7600.16385 Final Retail English 453632 14/07/2009 02:15:13
dswave.dll 6.01.7600.16385 Final Retail English 20992 14/07/2009 02:15:13
dxdiagn.dll 6.01.7601.17514 Final Retail English 210432 20/11/2010 13:18:36
dxmasf.dll 12.00.7601.17514 Final Retail English 4096 20/11/2010 13:21:22
encapi.dll 6.01.7600.16385 Final Retail English 20992 14/07/2009 02:15:14
gcdef.dll 6.01.7600.16385 Final Retail English 120832 14/07/2009 02:15:22
iac25_32.ax 2.00.0005.0053 Final Retail English 197632 14/07/2009 02:14:10
ir41_32.ax 4.51.0016.0003 Final Retail English 839680 14/07/2009 02:14:10
ir41_qc.dll 4.30.0062.0002 Final Retail English 120320 14/07/2009 02:15:34
ir41_qcx.dll 4.30.0062.0002 Final Retail English 120320 14/07/2009 02:15:34
ir50_32.dll 5.2562.0015.0055 Final Retail English 746496 14/07/2009 02:15:34
ir50_qc.dll 5.00.0063.0048 Final Retail English 200192 14/07/2009 02:15:34
ir50_qcx.dll 5.00.0063.0048 Final Retail English 200192 14/07/2009 02:15:34
ivfsrc.ax 5.10.0002.0051 Final Retail English 146944 14/07/2009 02:14:10
joy.cpl 6.01.7600.16385 Final Retail English 138240 14/07/2009 02:14:09
ksproxy.ax 6.01.7601.17514 Final Retail English 193536 20/11/2010 13:16:52
kstvtune.ax 6.01.7601.17514 Final Retail English 84480 20/11/2010 13:16:52
ksuser.dll 6.01.7600.16385 Final Retail English 4608 14/07/2009 02:15:35
kswdmcap.ax 6.01.7601.17514 Final Retail English 107008 20/11/2010 13:16:52
ksxbar.ax 6.01.7601.17514 Final Retail English 48640 20/11/2010 13:16:52
mciqtz32.dll 6.06.7601.17514 Final Retail English 36352 20/11/2010 13:19:32
mfc40.dll 4.01.0000.6151 Beta Retail English 954752 20/11/2010 13:19:33
mfc42.dll 6.06.8064.0000 Beta Retail English 1137664 11/03/2011 06:33:59
Microsoft.DirectX.AudioVideoPlayback.dll 5.04.0000.2904 Final Retail English 53248 14/06/2011 19:18:26
Microsoft.DirectX.Diagnostics.dll 5.04.0000.2904 Final Retail English 12800 14/06/2011 19:18:26
Microsoft.DirectX.Direct3D.dll 9.05.0132.0000 Final Retail English 473600 14/06/2011 19:18:26
Microsoft.DirectX.Direct3DX.dll 5.04.0000.3900 Final Retail English 2676224 14/06/2011 19:18:21
Microsoft.DirectX.Direct3DX.dll 9.04.0091.0000 Final Retail English 2846720 14/06/2011 19:18:22
Microsoft.DirectX.Direct3DX.dll 9.05.0132.0000 Final Retail English 563712 14/06/2011 19:18:23
Microsoft.DirectX.Direct3DX.dll 9.06.0168.0000 Final Retail English 567296 14/06/2011 19:18:23
Microsoft.DirectX.Direct3DX.dll 9.07.0239.0000 Final Retail English 576000 14/06/2011 19:18:23
Microsoft.DirectX.Direct3DX.dll 9.08.0299.0000 Final Retail English 577024 14/06/2011 19:18:23
Microsoft.DirectX.Direct3DX.dll 9.09.0376.0000 Final Retail English 577536 14/06/2011 19:18:24
Microsoft.DirectX.Direct3DX.dll 9.10.0455.0000 Final Retail English 577536 14/06/2011 19:18:24
Microsoft.DirectX.Direct3DX.dll 9.11.0519.0000 Final Retail English 578560 14/06/2011 19:18:24
Microsoft.DirectX.Direct3DX.dll 9.12.0589.0000 Final Retail English 578560 14/06/2011 19:18:26
Microsoft.DirectX.DirectDraw.dll 5.04.0000.2904 Final Retail English 145920 14/06/2011 19:18:26
Microsoft.DirectX.DirectInput.dll 5.04.0000.2904 Final Retail English 159232 14/06/2011 19:18:26
Microsoft.DirectX.DirectPlay.dll 5.04.0000.2904 Final Retail English 364544 14/06/2011 19:18:26
Microsoft.DirectX.DirectSound.dll 5.04.0000.2904 Final Retail English 178176 14/06/2011 19:18:26
Microsoft.DirectX.dll 5.04.0000.2904 Final Retail English 223232 14/06/2011 19:18:25
mpeg2data.ax 6.06.7601.17514 Final Retail English 72704 20/11/2010 13:16:52
mpg2splt.ax 6.06.7601.17528 Final Retail English 199680 23/12/2010 06:50:23
msdmo.dll 6.06.7601.17514 Final Retail English 30720 20/11/2010 13:19:46
msdvbnp.ax 6.06.7601.17514 Final Retail English 59904 20/11/2010 13:16:52
msvidctl.dll 6.05.7601.17514 Final Retail English 2291712 20/11/2010 13:19:55
msyuv.dll 6.01.7601.17514 Final Retail English 22528 20/11/2010 13:19:56
pid.dll 6.01.7600.16385 Final Retail English 36352 14/07/2009 02:16:12
psisdecd.dll 6.06.7600.16385 Final Retail English 465408 14/07/2009 02:16:12
psisrndr.ax 6.06.7601.17514 Final Retail English 75776 20/11/2010 13:16:52
qasf.dll 12.00.7601.17514 Final Retail English 206848 20/11/2010 13:20:57
qcap.dll 6.06.7601.17514 Final Retail English 190976 20/11/2010 13:20:57
qdv.dll 6.06.7601.17514 Final Retail English 283136 20/11/2010 13:20:57
qdvd.dll 6.06.7601.17514 Final Retail English 514560 20/11/2010 13:20:57
qedit.dll 6.06.7601.17514 Final Retail English 509440 20/11/2010 13:20:57
qedwipes.dll 6.06.7600.16385 Final Retail English 733184 14/07/2009 02:09:35
quartz.dll 6.06.7601.17514 Final Retail English 1328128 20/11/2010 13:20:59
vbisurf.ax 6.01.7601.17514 Final Retail English 33792 20/11/2010 13:16:52
vfwwdm32.dll 6.01.7601.17514 Final Retail English 56832 20/11/2010 13:21:34
wsock32.dll 6.01.7600.16385 Final Retail English 15360 14/07/2009 02:16:20
DirectX Video
[ Primary Display Driver ]
DirectDraw Device Properties:
DirectDraw Driver Name display
DirectDraw Driver Description Primary Display Driver
Hardware Driver aticfx32.dll (8.17.10.1077)
Hardware Description AMD Radeon HD 6900 Series
Direct3D Device Properties:
Rendering Bit Depths 16, 32
Z-Buffer Bit Depths 16, 24, 32
Multisample Anti-Aliasing Modes MSAA 2x, MSAA 4x, MSAA 8x
Min Texture Size 1 x 1
Max Texture Size 4096 x 4096
Unified Shader Version 5.0
DirectX Hardware Support DirectX v11.0
Direct3D Device Features:
Additive Texture Blending Supported
AGP Texturing Supported
Anisotropic Filtering Supported
Automatic Mipmap Generation Supported
Bilinear Filtering Supported
Compute Shader Supported
Cubic Environment Mapping Supported
Cubic Filtering Not Supported
Decal-Alpha Texture Blending Supported
Decal Texture Blending Supported
Directional Lights Supported
DirectX Texture Compression Supported
DirectX Volumetric Texture Compression Not Supported
Dithering Supported
Dot3 Texture Blending Supported
Double-Precision Floating-Point Supported
Driver Concurrent Creates Supported
Driver Command Lists Not Supported
Dynamic Textures Supported
Edge Anti-Aliasing Not Supported
Environmental Bump Mapping Supported
Environmental Bump Mapping + Luminance Supported
Factor Alpha Blending Supported
Geometric Hidden-Surface Removal Not Supported
Geometry Shader Supported
Guard Band Supported
Hardware Scene Rasterization Supported
Hardware Transform & Lighting Supported
Legacy Depth Bias Supported
Mipmap LOD Bias Adjustments Supported
Mipmapped Cube Textures Supported
Mipmapped Volume Textures Supported
Modulate-Alpha Texture Blending Supported
Modulate Texture Blending Supported
Non-Square Textures Supported
N-Patches Not Supported
Perspective Texture Correction Supported
Point Lights Supported
Point Sampling Supported
Projective Textures Supported
Quintic Bezier Curves & B-Splines Not Supported
Range-Based Fog Supported
Rectangular & Triangular Patches Not Supported
Rendering In Windowed Mode Supported
Scissor Test Supported
Slope-Scale Based Depth Bias Supported
Specular Flat Shading Supported
Specular Gouraud Shading Supported
Specular Phong Shading Not Supported
Spherical Mapping Supported
Spot Lights Supported
Stencil Buffers Supported
Sub-Pixel Accuracy Supported
Subtractive Texture Blending Supported
Table Fog Supported
Texture Alpha Blending Supported
Texture Clamping Supported
Texture Mirroring Supported
Texture Transparency Supported
Texture Wrapping Supported
Triangle Culling Not Supported
Trilinear Filtering Supported
Two-Sided Stencil Test Supported
Vertex Alpha Blending Supported
Vertex Fog Supported
Vertex Tweening Supported
Volume Textures Supported
W-Based Fog Supported
W-Buffering Not Supported
Z-Based Fog Supported
Z-Bias Supported
Z-Test Supported
Supported FourCC Codes:
ATIC Supported
AYUV Supported
DXT1 Supported
DXT2 Supported
DXT3 Supported
DXT4 Supported
DXT5 Supported
GET4 Supported
INST Supported
M2IA Supported
NULL Supported
NV12 Supported
NV21 Supported
R2VB Supported
RESZ Supported
SYV2 Supported
TES1 Supported
TESS Supported
UYVY Supported
YUY2 Supported
YV12 Supported
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
DirectX Sound
[ Primary Sound Driver ]
DirectSound Device Properties:
Device Description Primary Sound Driver
Driver Module
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
[ Speakers (High Definition Audio Device) ]
DirectSound Device Properties:
Device Description Speakers (High Definition Audio Device)
Driver Module {0.0.0.00000000}.{8982b6c8-e53c-4675-b5a3-8fb794f6133a}
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
[ Digital Audio (S/PDIF) (High Definition Audio Device) ]
DirectSound Device Properties:
Device Description Digital Audio (S/PDIF) (High Definition Audio Device)
Driver Module {0.0.0.00000000}.{0c0c9ebd-e655-4e74-8bd2-88c756ba5a0e}
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
[ AMD DP Output (2- AMD High Definition Audio Device) ]
DirectSound Device Properties:
Device Description AMD DP Output (2- AMD High Definition Audio Device)
Driver Module {0.0.0.00000000}.{95981a80-e37f-4b87-8bc7-b2266038d16c}
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
[ Digital Audio (S/PDIF) (High Definition Audio Device) ]
DirectSound Device Properties:
Device Description Digital Audio (S/PDIF) (High Definition Audio Device)
Driver Module {0.0.0.00000000}.{e4ae6f85-39e8-4de1-a60a-a23a363db3bb}
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
DirectX Input
[ Mouse ]
DirectInput Device Properties:
Device Description Mouse
Device Type Unknown
Device Subtype Unknown
Axes 3
Buttons/Keys 8
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ Keyboard ]
DirectInput Device Properties:
Device Description Keyboard
Device Type Unknown
Device Subtype Unknown
Buttons/Keys 128
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ G9x Laser Mouse ]
DirectInput Device Properties:
Device Description G9x Laser Mouse
Device Type Unknown
Device Subtype Unknown
Buttons/Keys 652
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ G9x Laser Mouse ]
DirectInput Device Properties:
Device Description G9x Laser Mouse
Device Type Unknown
Device Subtype Unknown
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ G9x Laser Mouse ]
DirectInput Device Properties:
Device Description G9x Laser Mouse
Device Type Unknown
Device Subtype Unknown
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ Ideazon Merc Stealth MM USB Human Interface Device ]
DirectInput Device Properties:
Device Description Ideazon Merc Stealth MM USB Human Interface Device
Device Type Unknown
Device Subtype Unknown
Buttons/Keys 18
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ Ideazon Merc Stealth MM USB Human Interface Device ]
DirectInput Device Properties:
Device Description Ideazon Merc Stealth MM USB Human Interface Device
Device Type Unknown
Device Subtype Unknown
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
Windows Devices
[ Devices ]
AsusOtherDevices:
EIO Driver 1.9.7.0
Computer:
ACPI x64-based PC 6.1.7600.16385
Disk drives:
SAMSUNG HD103SJ ATA Device 6.1.7600.16385
SanDisk Cruzer Blade USB Device 6.1.7600.16385
Display adapters:
AMD Radeon HD 6900 Series 8.850.6.0
AMD Radeon HD 6900 Series 8.850.6.0
DVD/CD-ROM drives:
PIONEER DVD-RW DVR-216D ATA Device 6.1.7601.17514
Human Interface Devices:
HID-compliant consumer control device 6.1.7600.16385
HID-compliant consumer control device 6.1.7600.16385
HID-compliant device 6.1.7601.17514
HID-compliant device 6.1.7601.17514
HID-compliant device 6.1.7601.17514
Ideazon Merc Stealth MM USB Human Interface Device 1.0.14.1
Ideazon Merc Stealth USB Human Interface Device 1.0.14.1
USB Input Device 6.1.7601.17514
USB Input Device 6.1.7601.17514
IDE ATA/ATAPI controllers:
ATA Channel 0 6.1.7601.17514
ATA Channel 0 6.1.7601.17514
ATA Channel 1 6.1.7601.17514
ATA Channel 1 6.1.7601.17514
ATA Channel 4 6.1.7601.17514
Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02 10.5.0.1026
Standard AHCI 1.0 Serial ATA Controller 6.1.7601.17514
Standard Dual Channel PCI IDE Controller 6.1.7601.17514
Keyboards:
HID Keyboard Device 6.1.7601.17514
HID Keyboard Device 6.1.7601.17514
Mice and other pointing devices:
HID-compliant mouse 6.1.7600.16385
Microsoft Common Controller For Windows Class:
Xbox 360 Wireless Receiver for Windows 2.1.0.1349
Monitors:
Generic PnP Monitor 6.1.7600.16385
Generic PnP Monitor 6.1.7600.16385
Generic PnP Monitor 6.1.7600.16385
Network adapters:
Intel(R) 82579V Gigabit Network Connection #2 11.8.74.0
Intel(R) 82583V Gigabit Network Connection 11.7.32.0
Microsoft ISATAP Adapter #2 6.1.7600.16385
Microsoft ISATAP Adapter 6.1.7600.16385
Teredo Tunneling Pseudo-Interface 6.1.7600.16385
WAN Miniport (IKEv2) 6.1.7601.17514
WAN Miniport (IP) 6.1.7600.16385
WAN Miniport (IPv6) 6.1.7600.16385
WAN Miniport (L2TP) 6.1.7600.16385
WAN Miniport (Network Monitor) 6.1.7600.16385
WAN Miniport (PPPOE) 6.1.7600.16385
WAN Miniport (PPTP) 6.1.7600.16385
WAN Miniport (SSTP) 6.1.7600.16385
Non-Plug and Play Drivers:
ALSysIO
amdkmdag
Ancillary Function Driver for Winsock
AsIO
AsUpIO
Beep
Bitlocker Drive Encryption Filter Driver
CNG
Common Log (CLFS)
cpuz135
Disk Virtual Machine Bus Acceleration Filter Driver
Dynamic Volume Manager
ENTECH64
Hardware Policy Driver
HTTP
Intel AHCI Controller
Kernel Mode Driver Frameworks service
KSecDD
KSecPkg
LDDM Graphics Subsystem
Link-Layer Topology Discovery Mapper I/O Driver
Link-Layer Topology Discovery Responder
Mount Point Manager
msisadrv
NDIS System Driver
NDProxy
NETBT
NetIO Legacy TDI Support Driver
NSI proxy service driver.
Null
Offline Files Driver
PEAUTH
Performance Counters for Windows Driver
QoS Packet Scheduler
RDP Encoder Mirror Driver
RDPCDD
Reflector Display Driver used to gain access to graphics data
Remote Access IPv6 ARP Driver
Security Driver
Security Processor Loader Driver
Storage volumes
System Attribute Cache
TCP/IP Protocol Driver
TCP/IP Registry Compatibility
User Mode Driver Frameworks Platform Driver
VgaSave
Virtual Machine Bus
WFP Lightweight Filter
Windows Firewall Authorization Driver
Portable Devices:
E:\ 6.1.7600.16385
Processors:
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Sound, video and game controllers:
AMD High Definition Audio Device 7.12.0.7701
AMD High Definition Audio Device 7.12.0.7701
Realtek High Definition Audio 6.0.1.6235
Storage volume shadow copies:
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Storage Volumes:
Generic volume 6.1.7601.17514
Generic volume 6.1.7601.17514
Generic volume 6.1.7601.17514
System devices:
2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0100 9.2.0.1011
2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 9.2.0.1011
2nd generation Intel® Core™ processor family PCI Express Controller - 0105 9.2.0.1011
ACPI Fixed Feature Button 6.1.7601.17514
ACPI Power Button 6.1.7601.17514
Atheros Bluetooth Bus 6.17.624.302
Composite Bus Enumerator 6.1.7601.17514
Direct memory access controller 6.1.7601.17514
File as Volume Driver 6.1.7600.16385
High Definition Audio Controller 6.1.7601.17514
High Definition Audio Controller 6.1.7601.17514
High Definition Audio Controller 6.1.7601.17514
High precision event timer 6.1.7601.17514
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 9.2.0.1011
Intel(R) Management Engine Interface 7.0.0.1118
Intel(R) P67 Express Chipset Family LPC Interface Controller - 1C46 9.2.0.1015
Intel(R) Watchdog Timer Driver (Intel(R) WDT) 7.0.1097.0
Microsoft ACPI-Compliant Embedded Controller 6.1.7601.17514
Microsoft ACPI-Compliant System 6.1.7601.17514
Microsoft System Management BIOS Driver 6.1.7601.17514
Microsoft Virtual Drive Enumerator Driver 6.1.7601.17514
Microsoft Windows Management Interface for ACPI 6.1.7601.17514
Microsoft Windows Management Interface for ACPI 6.1.7601.17514
Motherboard resources 6.1.7601.17514
Motherboard resources 6.1.7601.17514
Motherboard resources 6.1.7601.17514
Numeric data processor 6.1.7601.17514
PCI bus 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
Plug and Play Software Device Enumerator 6.1.7601.17514
Programmable interrupt controller 6.1.7601.17514
Remote Desktop Device Redirector Bus 6.1.7600.16385
System board 6.1.7601.17514
System board 6.1.7601.17514
System board 6.1.7601.17514
System CMOS/real time clock 6.1.7601.17514
System speaker 6.1.7601.17514
System timer 6.1.7601.17514
Terminal Server Keyboard Driver 6.1.7601.17514
Terminal Server Mouse Driver 6.1.7601.17514
UMBus Enumerator 6.1.7601.17514
UMBus Enumerator 6.1.7601.17514
UMBus Root Bus Enumerator 6.1.7601.17514
Volume Manager 6.1.7601.17514
Universal Serial Bus controllers:
Generic USB Hub 6.1.7601.17514
Generic USB Hub 6.1.7601.17514
Generic USB Hub 6.1.7601.17514
Generic USB Hub 6.1.7601.17514
Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 9.2.0.1013
Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D 9.2.0.1013
Renesas Electronics USB 3.0 Host Controller 2.0.32.0
Renesas Electronics USB 3.0 Host Controller 2.0.32.0
Renesas Electronics USB 3.0 Hub 2.0.32.0
Renesas Electronics USB 3.0 Hub 2.0.32.0
Renesas Electronics USB 3.0 Root Hub 2.0.32.0
Renesas Electronics USB 3.0 Root Hub 2.0.32.0
Unknown Device 6.1.7601.17514
USB Composite Device 6.1.7601.17514
USB Composite Device 6.1.7601.17514
USB Mass Storage Device 6.1.7601.17514
USB Root Hub 6.1.7601.17514
USB Root Hub 6.1.7601.17514
[ AsusOtherDevices / EIO Driver ]
Device Properties:
Driver Description EIO Driver
Driver Date 22/07/2009
Driver Version 1.9.7.0
Driver Provider ASUSTek
INF File oem39.inf
Hardware ID SW\{AE15E82B-26EB-4471-AF71-C1893B2168B9}
[ Computer / ACPI x64-based PC ]
Device Properties:
Driver Description ACPI x64-based PC
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File hal.inf
Hardware ID acpiapic
[ Disk drives / SAMSUNG HD103SJ ATA Device ]
Device Properties:
Driver Description SAMSUNG HD103SJ ATA Device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File disk.inf
Hardware ID IDE\DiskSAMSUNG_HD103SJ_________________________1AJ10001
Location Information Channel 1, Target 0, Lun 0
Device Manufacturer:
Company Name Samsung
Product Information http://www.samsung.com/global/business/hdd
Driver Update http://www.aida64.com/driver-updates
[ Disk drives / SanDisk Cruzer Blade USB Device ]
Device Properties:
Driver Description SanDisk Cruzer Blade USB Device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File disk.inf
Hardware ID USBSTOR\DiskSanDisk_Cruzer_Blade____1.00
Device Manufacturer:
Company Name SanDisk Corporation
Product Information http://www.sandisk.com/business-solutions/ssd/landing
Driver Update http://www.aida64.com/driver-updates
[ Display adapters / AMD Radeon HD 6900 Series ]
Device Properties:
Driver Description AMD Radeon HD 6900 Series
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
INF File oem35.inf
Hardware ID PCI\VEN_1002&DEV_6719&SUBSYS_03BA1043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(1,0,0)
PCI Device Asus EAH6950 Video Adapter
Device Resources:
IRQ 65536
Memory 000A0000-000BFFFF
Memory D0000000-DFFFFFFF
Memory FBE20000-FBE3FFFF
Port 03B0-03BB
Port 03C0-03DF
Port E000-E0FF
Video Adapter Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=r3EWBZcGQvxHvrb4
Driver Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
[ Display adapters / AMD Radeon HD 6900 Series ]
Device Properties:
Driver Description AMD Radeon HD 6900 Series
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
INF File oem35.inf
Hardware ID PCI\VEN_1002&DEV_6719&SUBSYS_03BA1043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(2,0,0)
PCI Device Asus EAH6950 Video Adapter
Device Resources:
IRQ 65536
Memory C0000000-CFFFFFFF
Memory FBDE0000-FBDFFFFF
Port DF00-DFFF
Video Adapter Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=r3EWBZcGQvxHvrb4
Driver Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
[ DVD/CD-ROM drives / PIONEER DVD-RW DVR-216D ATA Device ]
Device Properties:
Driver Description PIONEER DVD-RW DVR-216D ATA Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File cdrom.inf
Hardware ID IDE\CdRomPIONEER_DVD-RW__DVR-216D________________1.07____
Location Information Channel 4, Target 0, Lun 0
Device Manufacturer:
Company Name Pioneer Corporation
Product Information http://www.pioneer-eur.com/eur/productgroups.jsp
Firmware Download http://www.pioneer.eu/eur/support/
Driver Update http://www.aida64.com/driver-updates
[ Human Interface Devices / HID-compliant consumer control device ]
Device Properties:
Driver Description HID-compliant consumer control device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File hidserv.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_01&Col02
[ Human Interface Devices / HID-compliant consumer control device ]
Device Properties:
Driver Description HID-compliant consumer control device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File hidserv.inf
Hardware ID HID\VID_1038&PID_0510&REV_0130&MI_01&Col01
[ Human Interface Devices / HID-compliant device ]
Device Properties:
Driver Description HID-compliant device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_01&Col03
[ Human Interface Devices / HID-compliant device ]
Device Properties:
Driver Description HID-compliant device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_01&Col04
[ Human Interface Devices / HID-compliant device ]
Device Properties:
Driver Description HID-compliant device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID HID\VID_1038&PID_0510&REV_0130&MI_01&Col02
[ Human Interface Devices / Ideazon Merc Stealth MM USB Human Interface Device ]
Device Properties:
Driver Description Ideazon Merc Stealth MM USB Human Interface Device
Driver Date 23/07/2007
Driver Version 1.0.14.1
Driver Provider Ideazon
INF File oem40.inf
Hardware ID USB\VID_1038&PID_0510&REV_0130&MI_01
Location Information 0000.001a.0000.001.003.001.003.000.000
[ Human Interface Devices / Ideazon Merc Stealth USB Human Interface Device ]
Device Properties:
Driver Description Ideazon Merc Stealth USB Human Interface Device
Driver Date 23/07/2007
Driver Version 1.0.14.1
Driver Provider Ideazon
INF File oem40.inf
Hardware ID USB\VID_1038&PID_0510&REV_0130&MI_00
Location Information 0000.001a.0000.001.003.001.003.000.000
[ Human Interface Devices / USB Input Device ]
Device Properties:
Driver Description USB Input Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID USB\VID_046D&PID_C066&REV_5802&MI_00
Location Information 0000.001a.0000.001.003.002.000.000.000
[ Human Interface Devices / USB Input Device ]
Device Properties:
Driver Description USB Input Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID USB\VID_046D&PID_C066&REV_5802&MI_01
Location Information 0000.001a.0000.001.003.002.000.000.000
[ IDE ATA/ATAPI controllers / ATA Channel 0 ]
Device Properties:
Driver Description ATA Channel 0
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID 197b-2362
Location Information Channel 0
[ IDE ATA/ATAPI controllers / ATA Channel 0 ]
Device Properties:
Driver Description ATA Channel 0
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID 1b4b-9182
Location Information Channel 0
[ IDE ATA/ATAPI controllers / ATA Channel 1 ]
Device Properties:
Driver Description ATA Channel 1
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID 197b-2362
Location Information Channel 1
[ IDE ATA/ATAPI controllers / ATA Channel 1 ]
Device Properties:
Driver Description ATA Channel 1
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID 1b4b-9182
Location Information Channel 1
[ IDE ATA/ATAPI controllers / ATA Channel 4 ]
Device Properties:
Driver Description ATA Channel 4
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID Intel-1c02
Location Information Channel 4
[ IDE ATA/ATAPI controllers / Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Driver Date 26/04/2011
Driver Version 10.5.0.1026
Driver Provider Intel
INF File oem43.inf
Hardware ID PCI\VEN_8086&DEV_1C02&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,2)
PCI Device Intel Cougar Point PCH - SATA AHCI 6-Port Controller [B-3]
Device Resources:
IRQ 20
Memory FBF25000-FBF257FF
Port F020-F03F
Port F060-F063
Port F070-F077
Port F080-F083
Port F090-F097
[ IDE ATA/ATAPI controllers / Standard AHCI 1.0 Serial ATA Controller ]
Device Properties:
Driver Description Standard AHCI 1.0 Serial ATA Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID PCI\VEN_1B4B&DEV_9182&SUBSYS_84931043&REV_10
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(12,0,0)
PCI Device Marvell 88SE9182 SATA 6Gb/s Controller
Device Resources:
IRQ 16
Memory FB810000-FB8101FF
Port B000-B00F
Port B010-B013
Port B020-B027
Port B030-B033
Port B040-B047
[ IDE ATA/ATAPI controllers / Standard Dual Channel PCI IDE Controller ]
Device Properties:
Driver Description Standard Dual Channel PCI IDE Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID PCI\VEN_197B&DEV_2362&SUBSYS_84601043&REV_10
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(11,0,0)
PCI Device JMicron JMB362 SATA-II AHCI Controller
Device Resources:
IRQ 19
Memory FB910000-FB9101FF
Port C000-C00F
Port C010-C013
Port C020-C027
Port C030-C033
Port C040-C047
[ Keyboards / HID Keyboard Device ]
Device Properties:
Driver Description HID Keyboard Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File keyboard.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_01&Col01
[ Keyboards / HID Keyboard Device ]
Device Properties:
Driver Description HID Keyboard Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File keyboard.inf
Hardware ID HID\VID_1038&PID_0510&REV_0130&MI_00
[ Mice and other pointing devices / HID-compliant mouse ]
Device Properties:
Driver Description HID-compliant mouse
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File msmouse.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_00
[ Microsoft Common Controller For Windows Class / Xbox 360 Wireless Receiver for Windows ]
Device Properties:
Driver Description Xbox 360 Wireless Receiver for Windows
Driver Date 13/08/2009
Driver Version 2.1.0.1349
Driver Provider Microsoft
INF File oem38.inf
Hardware ID USB\VID_045E&PID_0719&REV_0100
Location Information Port_#0003.Hub_#0005
[ Monitors / Generic PnP Monitor ]
Device Properties:
Driver Description Generic PnP Monitor
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File monitor.inf
Hardware ID MONITOR\HSD6735
[ Monitors / Generic PnP Monitor ]
Device Properties:
Driver Description Generic PnP Monitor
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File monitor.inf
Hardware ID MONITOR\HSD6735
[ Monitors / Generic PnP Monitor ]
Device Properties:
Driver Description Generic PnP Monitor
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File monitor.inf
Hardware ID MONITOR\HSD6735
[ Network adapters / Intel(R) 82579V Gigabit Network Connection #2 ]
Device Properties:
Driver Description Intel(R) 82579V Gigabit Network Connection #2
Driver Date 21/09/2010
Driver Version 11.8.74.0
Driver Provider Intel
INF File oem17.inf
Hardware ID PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,25,0)
PCI Device Intel 82579V Gigabit Network Connection
Device Resources:
IRQ 65536
Memory FBF00000-FBF1FFFF
Memory FBF28000-FBF28FFF
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Network adapters / Intel(R) 82583V Gigabit Network Connection ]
Device Properties:
Driver Description Intel(R) 82583V Gigabit Network Connection
Driver Date 05/08/2010
Driver Version 11.7.32.0
Driver Provider Intel
INF File oem20.inf
Hardware ID PCI\VEN_8086&DEV_150C&SUBSYS_84571043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(13,0,0)
PCI Device Intel 82583V Gigabit Network Connection
Device Resources:
IRQ 65536
Memory FB700000-FB71FFFF
Memory FB720000-FB723FFF
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Network adapters / Microsoft ISATAP Adapter #2 ]
Device Properties:
Driver Description Microsoft ISATAP Adapter #2
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File nettun.inf
Hardware ID *ISATAP
[ Network adapters / Microsoft ISATAP Adapter ]
Device Properties:
Driver Description Microsoft ISATAP Adapter
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File nettun.inf
Hardware ID *ISATAP
[ Network adapters / Teredo Tunneling Pseudo-Interface ]
Device Properties:
Driver Description Teredo Tunneling Pseudo-Interface
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File nettun.inf
Hardware ID *TEREDO
[ Network adapters / WAN Miniport (IKEv2) ]
Device Properties:
Driver Description WAN Miniport (IKEv2)
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File netavpna.inf
Hardware ID ms_agilevpnminiport
[ Network adapters / WAN Miniport (IP) ]
Device Properties:
Driver Description WAN Miniport (IP)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_ndiswanip
[ Network adapters / WAN Miniport (IPv6) ]
Device Properties:
Driver Description WAN Miniport (IPv6)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_ndiswanipv6
[ Network adapters / WAN Miniport (L2TP) ]
Device Properties:
Driver Description WAN Miniport (L2TP)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_l2tpminiport
[ Network adapters / WAN Miniport (Network Monitor) ]
Device Properties:
Driver Description WAN Miniport (Network Monitor)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_ndiswanbh
[ Network adapters / WAN Miniport (PPPOE) ]
Device Properties:
Driver Description WAN Miniport (PPPOE)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_pppoeminiport
[ Network adapters / WAN Miniport (PPTP) ]
Device Properties:
Driver Description WAN Miniport (PPTP)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_pptpminiport
[ Network adapters / WAN Miniport (SSTP) ]
Device Properties:
Driver Description WAN Miniport (SSTP)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netsstpa.inf
Hardware ID ms_sstpminiport
[ Non-Plug and Play Drivers / ALSysIO ]
Device Properties:
Driver Description ALSysIO
[ Non-Plug and Play Drivers / amdkmdag ]
Device Properties:
Driver Description amdkmdag
[ Non-Plug and Play Drivers / Ancillary Function Driver for Winsock ]
Device Properties:
Driver Description Ancillary Function Driver for Winsock
[ Non-Plug and Play Drivers / AsIO ]
Device Properties:
Driver Description AsIO
[ Non-Plug and Play Drivers / AsUpIO ]
Device Properties:
Driver Description AsUpIO
[ Non-Plug and Play Drivers / Beep ]
Device Properties:
Driver Description Beep
[ Non-Plug and Play Drivers / Bitlocker Drive Encryption Filter Driver ]
Device Properties:
Driver Description Bitlocker Drive Encryption Filter Driver
[ Non-Plug and Play Drivers / CNG ]
Device Properties:
Driver Description CNG
[ Non-Plug and Play Drivers / Common Log (CLFS) ]
Device Properties:
Driver Description Common Log (CLFS)
[ Non-Plug and Play Drivers / cpuz135 ]
Device Properties:
Driver Description cpuz135
[ Non-Plug and Play Drivers / Disk Virtual Machine Bus Acceleration Filter Driver ]
Device Properties:
Driver Description Disk Virtual Machine Bus Acceleration Filter Driver
[ Non-Plug and Play Drivers / Dynamic Volume Manager ]
Device Properties:
Driver Description Dynamic Volume Manager
[ Non-Plug and Play Drivers / ENTECH64 ]
Device Properties:
Driver Description ENTECH64
[ Non-Plug and Play Drivers / Hardware Policy Driver ]
Device Properties:
Driver Description Hardware Policy Driver
[ Non-Plug and Play Drivers / HTTP ]
Device Properties:
Driver Description HTTP
[ Non-Plug and Play Drivers / Intel AHCI Controller ]
Device Properties:
Driver Description Intel AHCI Controller
[ Non-Plug and Play Drivers / Kernel Mode Driver Frameworks service ]
Device Properties:
Driver Description Kernel Mode Driver Frameworks service
[ Non-Plug and Play Drivers / KSecDD ]
Device Properties:
Driver Description KSecDD
[ Non-Plug and Play Drivers / KSecPkg ]
Device Properties:
Driver Description KSecPkg
[ Non-Plug and Play Drivers / LDDM Graphics Subsystem ]
Device Properties:
Driver Description LDDM Graphics Subsystem
[ Non-Plug and Play Drivers / Link-Layer Topology Discovery Mapper I/O Driver ]
Device Properties:
Driver Description Link-Layer Topology Discovery Mapper I/O Driver
[ Non-Plug and Play Drivers / Link-Layer Topology Discovery Responder ]
Device Properties:
Driver Description Link-Layer Topology Discovery Responder
[ Non-Plug and Play Drivers / Mount Point Manager ]
Device Properties:
Driver Description Mount Point Manager
[ Non-Plug and Play Drivers / msisadrv ]
Device Properties:
Driver Description msisadrv
[ Non-Plug and Play Drivers / NDIS System Driver ]
Device Properties:
Driver Description NDIS System Driver
[ Non-Plug and Play Drivers / NDProxy ]
Device Properties:
Driver Description NDProxy
[ Non-Plug and Play Drivers / NETBT ]
Device Properties:
Driver Description NETBT
[ Non-Plug and Play Drivers / NetIO Legacy TDI Support Driver ]
Device Properties:
Driver Description NetIO Legacy TDI Support Driver
[ Non-Plug and Play Drivers / NSI proxy service driver. ]
Device Properties:
Driver Description NSI proxy service driver.
[ Non-Plug and Play Drivers / Null ]
Device Properties:
Driver Description Null
[ Non-Plug and Play Drivers / Offline Files Driver ]
Device Properties:
Driver Description Offline Files Driver
[ Non-Plug and Play Drivers / PEAUTH ]
Device Properties:
Driver Description PEAUTH
[ Non-Plug and Play Drivers / Performance Counters for Windows Driver ]
Device Properties:
Driver Description Performance Counters for Windows Driver
[ Non-Plug and Play Drivers / QoS Packet Scheduler ]
Device Properties:
Driver Description QoS Packet Scheduler
[ Non-Plug and Play Drivers / RDP Encoder Mirror Driver ]
Device Properties:
Driver Description RDP Encoder Mirror Driver
[ Non-Plug and Play Drivers / RDPCDD ]
Device Properties:
Driver Description RDPCDD
[ Non-Plug and Play Drivers / Reflector Display Driver used to gain access to graphics data ]
Device Properties:
Driver Description Reflector Display Driver used to gain access to graphics data
[ Non-Plug and Play Drivers / Remote Access IPv6 ARP Driver ]
Device Properties:
Driver Description Remote Access IPv6 ARP Driver
[ Non-Plug and Play Drivers / Security Driver ]
Device Properties:
Driver Description Security Driver
[ Non-Plug and Play Drivers / Security Processor Loader Driver ]
Device Properties:
Driver Description Security Processor Loader Driver
[ Non-Plug and Play Drivers / Storage volumes ]
Device Properties:
Driver Description Storage volumes
[ Non-Plug and Play Drivers / System Attribute Cache ]
Device Properties:
Driver Description System Attribute Cache
[ Non-Plug and Play Drivers / TCP/IP Protocol Driver ]
Device Properties:
Driver Description TCP/IP Protocol Driver
[ Non-Plug and Play Drivers / TCP/IP Registry Compatibility ]
Device Properties:
Driver Description TCP/IP Registry Compatibility
[ Non-Plug and Play Drivers / User Mode Driver Frameworks Platform Driver ]
Device Properties:
Driver Description User Mode Driver Frameworks Platform Driver
[ Non-Plug and Play Drivers / VgaSave ]
Device Properties:
Driver Description VgaSave
[ Non-Plug and Play Drivers / Virtual Machine Bus ]
Device Properties:
Driver Description Virtual Machine Bus
[ Non-Plug and Play Drivers / WFP Lightweight Filter ]
Device Properties:
Driver Description WFP Lightweight Filter
[ Non-Plug and Play Drivers / Windows Firewall Authorization Driver ]
Device Properties:
Driver Description Windows Firewall Authorization Driver
[ Portable Devices / E:\ ]
Device Properties:
Driver Description E:\
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File wpdfs.inf
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Sound, video and game controllers / AMD High Definition Audio Device ]
Device Properties:
Driver Description AMD High Definition Audio Device
Driver Date 29/03/2011
Driver Version 7.12.0.7701
Driver Provider Advanced Micro Devices
INF File oem36.inf
Hardware ID HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002
Location Information Internal High Definition Audio Bus
[ Sound, video and game controllers / AMD High Definition Audio Device ]
Device Properties:
Driver Description AMD High Definition Audio Device
Driver Date 29/03/2011
Driver Version 7.12.0.7701
Driver Provider Advanced Micro Devices
INF File oem36.inf
Hardware ID HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002
Location Information Internal High Definition Audio Bus
[ Sound, video and game controllers / Realtek High Definition Audio ]
Device Properties:
Driver Description Realtek High Definition Audio
Driver Date 02/11/2010
Driver Version 6.0.1.6235
Driver Provider Realtek Semiconductor Corp.
INF File oem101.inf
Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_1043840F&REV_1000
Location Information Internal High Definition Audio Bus
Device Manufacturer:
Company Name Realtek Semiconductor Corp.
Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
Driver Download http://www.realtek.com.tw/downloads
Driver Update http://www.aida64.com/driver-updates
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage Volumes / Generic volume ]
Device Properties:
Driver Description Generic volume
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File volume.inf
Hardware ID STORAGE\Volume
[ Storage Volumes / Generic volume ]
Device Properties:
Driver Description Generic volume
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File volume.inf
Hardware ID STORAGE\Volume
[ Storage Volumes / Generic volume ]
Device Properties:
Driver Description Generic volume
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File volume.inf
Hardware ID STORAGE\Volume
[ System devices / 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0100 ]
Device Properties:
Driver Description 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0100
Driver Date 10/09/2010
Driver Version 9.2.0.1011
Driver Provider Intel
INF File oem42.inf
Hardware ID PCI\VEN_8086&DEV_0100&SUBSYS_844D1043&REV_09
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,0,0)
PCI Device Intel Sandy Bridge-DT - Host Bridge/DRAM Controller
[ System devices / 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 ]
Device Properties:
Driver Description 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Driver Date 10/09/2010
Driver Version 9.2.0.1011
Driver Provider Intel
INF File oem42.inf
Hardware ID PCI\VEN_8086&DEV_0101&SUBSYS_844D1043&REV_09
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,1,0)
PCI Device Intel Sandy Bridge-DT - PCI Express Graphics Root Port
Device Resources:
IRQ 16
Memory 000A0000-000BFFFF
Memory D0000000-DFFFFFFF
Memory FBE00000-FBEFFFFF
Port 03B0-03BB
Port 03C0-03DF
Port E000-EFFF
[ System devices / 2nd generation Intel® Core™ processor family PCI Express Controller - 0105 ]
Device Properties:
Driver Description 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
Driver Date 10/09/2010
Driver Version 9.2.0.1011
Driver Provider Intel
INF File oem1.inf
Hardware ID PCI\VEN_8086&DEV_0105&SUBSYS_844D1043&REV_09
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,1,1)
PCI Device Intel Sandy Bridge-MB - PCI Express Graphics Root Port
Device Resources:
IRQ 16
Memory C0000000-CFFFFFFF
Memory FBD00000-FBDFFFFF
Port D000-DFFF
[ System devices / ACPI Fixed Feature Button ]
Device Properties:
Driver Description ACPI Fixed Feature Button
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\FixedButton
[ System devices / ACPI Power Button ]
Device Properties:
Driver Description ACPI Power Button
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C0C
PnP Device Power Button
[ System devices / Atheros Bluetooth Bus ]
Device Properties:
Driver Description Atheros Bluetooth Bus
Driver Date 24/06/2010
Driver Version 6.17.624.302
Driver Provider Atheros Communications
INF File oem7.inf
Hardware ID root\BTATH_BUS
[ System devices / Composite Bus Enumerator ]
Device Properties:
Driver Description Composite Bus Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File compositebus.inf
Hardware ID ROOT\CompositeBus
[ System devices / Direct memory access controller ]
Device Properties:
Driver Description Direct memory access controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0200
PnP Device DMA Controller
Device Resources:
DMA 04
Port 0000-000F
Port 0081-0083
Port 0087-0087
Port 0089-008B
Port 008F-008F
Port 00C0-00DF
[ System devices / File as Volume Driver ]
Device Properties:
Driver Description File as Volume Driver
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File blbdrive.inf
Hardware ID ROOT\BLBDRIVE
[ System devices / High Definition Audio Controller ]
Device Properties:
Driver Description High Definition Audio Controller
Driver Date 19/11/2010
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File hdaudbus.inf
Hardware ID PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(1,0,1)
PCI Device AMD Cayman/Antilles - High Definition Audio Controller
Device Resources:
IRQ 17
Memory FBE40000-FBE43FFF
[ System devices / High Definition Audio Controller ]
Device Properties:
Driver Description High Definition Audio Controller
Driver Date 19/11/2010
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File hdaudbus.inf
Hardware ID PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(2,0,1)
PCI Device AMD Cayman/Antilles - High Definition Audio Controller
Device Resources:
IRQ 18
Memory FBD40000-FBD43FFF
[ System devices / High Definition Audio Controller ]
Device Properties:
Driver Description High Definition Audio Controller
Driver Date 19/11/2010
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File hdaudbus.inf
Hardware ID PCI\VEN_8086&DEV_1C20&SUBSYS_840F1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,27,0)
PCI Device Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Device Resources:
IRQ 22
Memory FBF20000-FBF23FFF
[ System devices / High precision event timer ]
Device Properties:
Driver Description High precision event timer
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0103
PnP Device High Precision Event Timer
Device Resources:
Memory FED00000-FED003FF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C10&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,0)
PCI Device Intel Cougar Point PCH - PCI Express Port 1 [B-3]
Device Resources:
IRQ 17
Memory FBC00000-FBCFFFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C12&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,1)
PCI Device Intel Cougar Point PCH - PCI Express Port 2 [B-3]
Device Resources:
IRQ 16
Memory FBB00000-FBBFFFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C14&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,2)
PCI Device Intel Cougar Point PCH - PCI Express Port 3 [B-3]
Device Resources:
IRQ 18
Memory FBA00000-FBAFFFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C16&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,3)
PCI Device Intel Cougar Point PCH - PCI Express Port 4 [B-3]
Device Resources:
IRQ 19
Memory FB900000-FB9FFFFF
Port C000-CFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C18&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,4)
PCI Device Intel Cougar Point PCH - PCI Express Port 5 [B-3]
Device Resources:
IRQ 17
Memory FB800000-FB8FFFFF
Port B000-BFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C1C&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,6)
PCI Device Intel Cougar Point PCH - PCI Express Port 7 [B-3]
Device Resources:
IRQ 18
Memory FB700000-FB7FFFFF
Port A000-AFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Driver Date 10/09/2010
Driver Version 9.2.0.1011
Driver Provider Intel
INF File oem4.inf
Hardware ID PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,3)
PCI Device Intel Cougar Point PCH - SMBus Controller [B-3]
Device Resources:
IRQ 05
Memory FBF24000-FBF240FF
Port 1180-119F
[ System devices / Intel(R) Management Engine Interface ]
Device Properties:
Driver Description Intel(R) Management Engine Interface
Driver Date 21/09/2010
Driver Version 7.0.0.1118
Driver Provider Intel
INF File oem6.inf
Hardware ID PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,22,0)
PCI Device Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]
Device Resources:
IRQ 21
Memory FBF29000-FBF2900F
[ System devices / Intel(R) P67 Express Chipset Family LPC Interface Controller - 1C46 ]
Device Properties:
Driver Description Intel(R) P67 Express Chipset Family LPC Interface Controller - 1C46
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C46&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,0)
PCI Device Intel P67 PCH - LPC Interface Controller [B-3]
[ System devices / Intel(R) Watchdog Timer Driver (Intel(R) WDT) ]
Device Properties:
Driver Description Intel(R) Watchdog Timer Driver (Intel(R) WDT)
Driver Date 18/08/2010
Driver Version 7.0.1097.0
Driver Provider Intel
INF File oem34.inf
Hardware ID ACPI\INT3F0D
PnP Device Intel Watchdog Timer
Device Resources:
Port 0454-0457
[ System devices / Microsoft ACPI-Compliant Embedded Controller ]
Device Properties:
Driver Description Microsoft ACPI-Compliant Embedded Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C09
PnP Device Embedded Controller Device
Device Resources:
Port 0062-0062
Port 0066-0066
[ System devices / Microsoft ACPI-Compliant System ]
Device Properties:
Driver Description Microsoft ACPI-Compliant System
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File acpi.inf
Hardware ID ACPI_HAL\PNP0C08
PnP Device ACPI Driver/BIOS
Device Resources:
IRQ 100
IRQ 101
IRQ 102
IRQ 103
IRQ 104
IRQ 105
IRQ 106
IRQ 107
IRQ 108
IRQ 109
IRQ 110
IRQ 111
IRQ 112
IRQ 113
IRQ 114
IRQ 115
IRQ 116
IRQ 117
IRQ 118
IRQ 119
IRQ 120
IRQ 121
IRQ 122
IRQ 123
IRQ 124
IRQ 125
IRQ 126
IRQ 127
IRQ 128
IRQ 129
IRQ 130
IRQ 131
IRQ 132
IRQ 133
IRQ 134
IRQ 135
IRQ 136
IRQ 137
IRQ 138
IRQ 139
IRQ 140
IRQ 141
IRQ 142
IRQ 143
IRQ 144
IRQ 145
IRQ 146
IRQ 147
IRQ 148
IRQ 149
IRQ 150
IRQ 151
IRQ 152
IRQ 153
IRQ 154
IRQ 155
IRQ 156
IRQ 157
IRQ 158
IRQ 159
IRQ 160
IRQ 161
IRQ 162
IRQ 163
IRQ 164
IRQ 165
IRQ 166
IRQ 167
IRQ 168
IRQ 169
IRQ 170
IRQ 171
IRQ 172
IRQ 173
IRQ 174
IRQ 175
IRQ 176
IRQ 177
IRQ 178
IRQ 179
IRQ 180
IRQ 181
IRQ 182
IRQ 183
IRQ 184
IRQ 185
IRQ 186
IRQ 187
IRQ 188
IRQ 189
IRQ 190
IRQ 81
IRQ 82
IRQ 83
IRQ 84
IRQ 85
IRQ 86
IRQ 87
IRQ 88
IRQ 89
IRQ 90
IRQ 91
IRQ 92
IRQ 93
IRQ 94
IRQ 95
IRQ 96
IRQ 97
IRQ 98
IRQ 99
[ System devices / Microsoft System Management BIOS Driver ]
Device Properties:
Driver Description Microsoft System Management BIOS Driver
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\mssmbios
[ System devices / Microsoft Virtual Drive Enumerator Driver ]
Device Properties:
Driver Description Microsoft Virtual Drive Enumerator Driver
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\vdrvroot
[ System devices / Microsoft Windows Management Interface for ACPI ]
Device Properties:
Driver Description Microsoft Windows Management Interface for ACPI
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File acpi.inf
Hardware ID ACPI\PNP0C14
PnP Device ACPI Management Interface
[ System devices / Microsoft Windows Management Interface for ACPI ]
Device Properties:
Driver Description Microsoft Windows Management Interface for ACPI
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File acpi.inf
Hardware ID ACPI\pnp0c14
PnP Device ACPI Management Interface
[ System devices / Motherboard resources ]
Device Properties:
Driver Description Motherboard resources
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C02
PnP Device Thermal Monitoring ACPI Device
[ System devices / Motherboard resources ]
Device Properties:
Driver Description Motherboard resources
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C02
PnP Device Thermal Monitoring ACPI Device
Device Resources:
Port 0010-001F
Port 0022-003F
Port 0044-005F
Port 0063-0063
Port 0065-0065
Port 0067-006F
Port 0072-007F
Port 0080-0080
Port 0084-0086
Port 0088-0088
Port 008C-008E
Port 0090-009F
Port 00A2-00BF
Port 00E0-00EF
Port 04D0-04D1
[ System devices / Motherboard resources ]
Device Properties:
Driver Description Motherboard resources
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C02
PnP Device Thermal Monitoring ACPI Device
Device Resources:
Port 0290-029F
[ System devices / Numeric data processor ]
Device Properties:
Driver Description Numeric data processor
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C04
PnP Device Numeric Data Processor
Device Resources:
IRQ 13
Port 00F0-00FF
[ System devices / PCI bus ]
Device Properties:
Driver Description PCI bus
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0A08
PnP Device ACPI Three-wire Device Bus
Device Resources:
Memory 000A0000-000BFFFF
Memory 000C8000-000DFFFF
Memory C0000000-FFFFFFFF
Port 0000-0CF7
Port 0D00-FFFF
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(3,0,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 16
Memory FBC00000-FBC1FFFF
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(4,0,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 16
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(4,5,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 17
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(4,7,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 19
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(4,9,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 17
[ System devices / Plug and Play Software Device Enumerator ]
Device Properties:
Driver Description Plug and Play Software Device Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID root\swenum
[ System devices / Programmable interrupt controller ]
Device Properties:
Driver Description Programmable interrupt controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0000
PnP Device Programmable Interrupt Controller
Device Resources:
Port 0020-0021
Port 00A0-00A1
[ System devices / Remote Desktop Device Redirector Bus ]
Device Properties:
Driver Description Remote Desktop Device Redirector Bus
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File rdpbus.inf
Hardware ID ROOT\RDPBUS
[ System devices / System board ]
Device Properties:
Driver Description System board
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C01
PnP Device System Board Extension
[ System devices / System board ]
Device Properties:
Driver Description System board
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C01
PnP Device System Board Extension
Device Resources:
Memory FEC00000-FECFFFFF
Memory FED08000-FED08FFF
Memory FED1C000-FED1FFFF
Memory FF000000-FFFFFFFF
Port 0400-0453
Port 0458-047F
Port 0500-057F
Port 1180-119F
[ System devices / System board ]
Device Properties:
Driver Description System board
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C01
PnP Device System Board Extension
Device Resources:
Memory E0000000-E3FFFFFF
Memory FED10000-FED19FFF
Memory FED20000-FED3FFFF
Memory FED90000-FED93FFF
Memory FEE00000-FEE0FFFF
[ System devices / System CMOS/real time clock ]
Device Properties:
Driver Description System CMOS/real time clock
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0B00
PnP Device Real-Time Clock
Device Resources:
IRQ 08
Port 0070-0071
[ System devices / System speaker ]
Device Properties:
Driver Description System speaker
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0800
PnP Device PC Speaker
Device Resources:
Port 0061-0061
[ System devices / System timer ]
Device Properties:
Driver Description System timer
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0100
PnP Device System Timer
Device Resources:
IRQ 00
Port 0040-0043
[ System devices / Terminal Server Keyboard Driver ]
Device Properties:
Driver Description Terminal Server Keyboard Driver
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\RDP_KBD
[ System devices / Terminal Server Mouse Driver ]
Device Properties:
Driver Description Terminal Server Mouse Driver
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\RDP_MOU
[ System devices / UMBus Enumerator ]
Device Properties:
Driver Description UMBus Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File umbus.inf
Hardware ID UMB\UMBUS
[ System devices / UMBus Enumerator ]
Device Properties:
Driver Description UMBus Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File umbus.inf
Hardware ID UMB\UMBUS
[ System devices / UMBus Root Bus Enumerator ]
Device Properties:
Driver Description UMBus Root Bus Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File umbus.inf
Hardware ID root\umbus
[ System devices / Volume Manager ]
Device Properties:
Driver Description Volume Manager
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\VOLMGR
[ Universal Serial Bus controllers / Generic USB Hub ]
Device Properties:
Driver Description Generic USB Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_8087&PID_0024&REV_0000
Location Information Port_#0001.Hub_#0002
[ Universal Serial Bus controllers / Generic USB Hub ]
Device Properties:
Driver Description Generic USB Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_8087&PID_0024&REV_0000
Location Information Port_#0001.Hub_#0001
[ Universal Serial Bus controllers / Generic USB Hub ]
Device Properties:
Driver Description Generic USB Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_2109&PID_3431&REV_0275
Location Information Port_#0003.Hub_#0003
[ Universal Serial Bus controllers / Generic USB Hub ]
Device Properties:
Driver Description Generic USB Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_0409&PID_005A&REV_0100
Location Information Port_#0001.Hub_#0005
[ Universal Serial Bus controllers / Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Driver Date 16/09/2010
Driver Version 9.2.0.1013
Driver Provider Intel
INF File oem5.inf
Hardware ID PCI\VEN_8086&DEV_1C26&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,29,0)
PCI Device Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
Device Resources:
IRQ 23
Memory FBF26000-FBF263FF
[ Universal Serial Bus controllers / Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Driver Date 16/09/2010
Driver Version 9.2.0.1013
Driver Provider Intel
INF File oem5.inf
Hardware ID PCI\VEN_8086&DEV_1C2D&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,26,0)
PCI Device Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
Device Resources:
IRQ 23
Memory FBF27000-FBF273FF
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Host Controller ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Host Controller
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem32.inf
Hardware ID PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(10,0,0)
PCI Device NEC uPD720200 USB 3.0 Host Controller
Device Resources:
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
Memory FBA00000-FBA01FFF
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Host Controller ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Host Controller
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem32.inf
Hardware ID PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(9,0,0)
PCI Device NEC uPD720200 USB 3.0 Host Controller
Device Resources:
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
Memory FBB00000-FBB01FFF
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Hub ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Hub
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem33.inf
Hardware ID USB\VID_2109&PID_0810&REV_0375
Location Information Port_#0001.Hub_#0002
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Hub ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Hub
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem33.inf
Hardware ID USB\VID_2109&PID_0810&REV_0375
Location Information Port_#0001.Hub_#0001
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Root Hub ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Root Hub
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem33.inf
Hardware ID NUSB3\ROOT_HUB30
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Root Hub ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Root Hub
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem33.inf
Hardware ID NUSB3\ROOT_HUB30
[ Universal Serial Bus controllers / Unknown Device ]
Device Properties:
Driver Description Unknown Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\UNKNOWN
Location Information Port_#0004.Hub_#0003
[ Universal Serial Bus controllers / USB Composite Device ]
Device Properties:
Driver Description USB Composite Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_046D&PID_C066&REV_5802
Location Information Port_#0002.Hub_#0005
[ Universal Serial Bus controllers / USB Composite Device ]
Device Properties:
Driver Description USB Composite Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_1038&PID_0510&REV_0130
Location Information Port_#0003.Hub_#0006
[ Universal Serial Bus controllers / USB Mass Storage Device ]
Device Properties:
Driver Description USB Mass Storage Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usbstor.inf
Hardware ID USB\VID_0781&PID_5567&REV_0100
Location Information Port_#0004.Hub_#0005
[ Universal Serial Bus controllers / USB Root Hub ]
Device Properties:
Driver Description USB Root Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usbport.inf
Hardware ID USB\ROOT_HUB20&VID8086&PID1C2D&REV0005
[ Universal Serial Bus controllers / USB Root Hub ]
Device Properties:
Driver Description USB Root Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usbport.inf
Hardware ID USB\ROOT_HUB20&VID8086&PID1C26&REV0005
Physical Devices
PCI Devices:
Bus 1, Device 0, Function 1 AMD Cayman/Antilles - High Definition Audio Controller
Bus 2, Device 0, Function 1 AMD Cayman/Antilles - High Definition Audio Controller
Bus 1, Device 0, Function 0 Asus EAH6950 Video Adapter
Bus 2, Device 0, Function 0 Asus EAH6950 Video Adapter
Bus 0, Device 25, Function 0 Intel 82579V Gigabit Network Connection
Bus 13, Device 0, Function 0 Intel 82583V Gigabit Network Connection
Bus 0, Device 27, Function 0 Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Bus 0, Device 22, Function 0 Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]
Bus 0, Device 28, Function 0 Intel Cougar Point PCH - PCI Express Port 1 [B-3]
Bus 0, Device 28, Function 1 Intel Cougar Point PCH - PCI Express Port 2 [B-3]
Bus 0, Device 28, Function 2 Intel Cougar Point PCH - PCI Express Port 3 [B-3]
Bus 0, Device 28, Function 3 Intel Cougar Point PCH - PCI Express Port 4 [B-3]
Bus 0, Device 28, Function 4 Intel Cougar Point PCH - PCI Express Port 5 [B-3]
Bus 0, Device 28, Function 6 Intel Cougar Point PCH - PCI Express Port 7 [B-3]
Bus 0, Device 31, Function 2 Intel Cougar Point PCH - SATA AHCI 6-Port Controller [B-3]
Bus 0, Device 31, Function 3 Intel Cougar Point PCH - SMBus Controller [B-3]
Bus 0, Device 31, Function 6 Intel Cougar Point PCH - Thermal Management Controller [B-3]
Bus 0, Device 29, Function 0 Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
Bus 0, Device 26, Function 0 Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
Bus 0, Device 31, Function 0 Intel P67 PCH - LPC Interface Controller [B-3]
Bus 0, Device 0, Function 0 Intel Sandy Bridge-DT - Host Bridge/DRAM Controller
Bus 0, Device 1, Function 0 Intel Sandy Bridge-DT - PCI Express Graphics Root Port
Bus 0, Device 1, Function 1 Intel Sandy Bridge-MB - PCI Express Graphics Root Port
Bus 11, Device 0, Function 0 JMicron JMB362 SATA-II AHCI Controller
Bus 12, Device 0, Function 0 Marvell 88SE9182 SATA 6Gb/s Controller
Bus 9, Device 0, Function 0 NEC uPD720200 USB 3.0 Host Controller
Bus 10, Device 0, Function 0 NEC uPD720200 USB 3.0 Host Controller
Bus 3, Device 0, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus 4, Device 0, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus 4, Device 5, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus 4, Device 7, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus 4, Device 9, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
PnP Devices:
PNP0C08 ACPI Driver/BIOS
FIXEDBUTTON ACPI Fixed Feature Button
PNP0C14 ACPI Management Interface
PNP0C14 ACPI Management Interface
PNP0A08 ACPI Three-wire Device Bus
PNP0200 DMA Controller
PNP0C09 Embedded Controller Device
PNP0103 High Precision Event Timer
INT3F0D Intel Watchdog Timer
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
ISATAP Microsoft ISATAP Adapter #2
ISATAP Microsoft ISATAP Adapter
PNP0C04 Numeric Data Processor
PNP0800 PC Speaker
PNP0C0C Power Button
PNP0000 Programmable Interrupt Controller
PNP0B00 Real-Time Clock
PNP0C01 System Board Extension
PNP0C01 System Board Extension
PNP0C01 System Board Extension
PNP0100 System Timer
TEREDO Teredo Tunneling Pseudo-Interface
PNP0C02 Thermal Monitoring ACPI Device
PNP0C02 Thermal Monitoring ACPI Device
PNP0C02 Thermal Monitoring ACPI Device
USB Devices:
0409 005A Generic USB Hub
2109 3431 Generic USB Hub
8087 0024 Generic USB Hub
8087 0024 Generic USB Hub
1038 0510 Ideazon Merc Stealth MM USB Human Interface Device
1038 0510 Ideazon Merc Stealth USB Human Interface Device
2109 0810 Renesas Electronics USB 3.0 Hub
2109 0810 Renesas Electronics USB 3.0 Hub
0000 0000 Unknown Device
046D C066 USB Composite Device
1038 0510 USB Composite Device
046D C066 USB Input Device
046D C066 USB Input Device
0781 5567 USB Mass Storage Device
045E 0719 Xbox 360 Wireless Receiver for Windows
PCI Devices
[ AMD Cayman/Antilles - High Definition Audio Controller ]
Device Properties:
Device Description AMD Cayman/Antilles - High Definition Audio Controller
Bus Type PCI Express 2.0 x16
Bus / Device / Function 1 / 0 / 1
Device ID 1002-AA80
Subsystem ID 1043-AA80
Device Class 0403 (High Definition Audio)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ AMD Cayman/Antilles - High Definition Audio Controller ]
Device Properties:
Device Description AMD Cayman/Antilles - High Definition Audio Controller
Bus Type PCI Express 2.0 x16
Bus / Device / Function 2 / 0 / 1
Device ID 1002-AA80
Subsystem ID 1043-AA80
Device Class 0403 (High Definition Audio)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Asus EAH6950 Video Adapter ]
Device Properties:
Device Description Asus EAH6950 Video Adapter
Bus Type PCI Express 2.0 x16
Bus / Device / Function 1 / 0 / 0
Device ID 1002-6719
Subsystem ID 1043-03BA
Device Class 0300 (VGA Display Controller)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
Video Adapter Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=r3EWBZcGQvxHvrb4
Driver Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
[ Asus EAH6950 Video Adapter ]
Device Properties:
Device Description Asus EAH6950 Video Adapter
Bus Type PCI Express 2.0 x16
Bus / Device / Function 2 / 0 / 0
Device ID 1002-6719
Subsystem ID 1043-03BA
Device Class 0300 (VGA Display Controller)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
Video Adapter Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=r3EWBZcGQvxHvrb4
Driver Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
[ Intel 82579V Gigabit Network Connection ]
Device Properties:
Device Description Intel 82579V Gigabit Network Connection
Bus Type PCI
Bus / Device / Function 0 / 25 / 0
Device ID 8086-1503
Subsystem ID 1043-849C
Device Class 0200 (Ethernet Controller)
Revision 05
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Intel 82583V Gigabit Network Connection ]
Device Properties:
Device Description Intel 82583V Gigabit Network Connection
Bus Type PCI Express 1.0 x1
Bus / Device / Function 13 / 0 / 0
Device ID 8086-150C
Subsystem ID 1043-8457
Device Class 0200 (Ethernet Controller)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Intel Cougar Point PCH - High Definition Audio Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Bus Type PCI Express 1.0
Bus / Device / Function 0 / 27 / 0
Device ID 8086-1C20
Subsystem ID 1043-840F
Device Class 0403 (High Definition Audio)
Revision 05
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] ]
Device Properties:
Device Description Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]
Bus Type PCI
Bus / Device / Function 0 / 22 / 0
Device ID 8086-1C3A
Subsystem ID 1043-844D
Device Class 0780 (Communications Controller)
Revision 04
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 1 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 1 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 0
Device ID 8086-1C10
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 2 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 2 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 1
Device ID 8086-1C12
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 3 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 3 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 2
Device ID 8086-1C14
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 4 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 4 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 3
Device ID 8086-1C16
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 5 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 5 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 4
Device ID 8086-1C18
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 7 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 7 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 6
Device ID 8086-1C1C
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - SATA AHCI 6-Port Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - SATA AHCI 6-Port Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 31 / 2
Device ID 8086-1C02
Subsystem ID 1043-844D
Device Class 0106 (SATA Controller)
Revision 05
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - SMBus Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - SMBus Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 31 / 3
Device ID 8086-1C22
Subsystem ID 1043-844D
Device Class 0C05 (SMBus Controller)
Revision 05
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Not Supported
Bus Mastering Disabled
[ Intel Cougar Point PCH - Thermal Management Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - Thermal Management Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 31 / 6
Device ID 8086-1C24
Subsystem ID 0000-0000
Device Class 1180 (Data Acquisition / Signal Processing Controller)
Revision 05
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Disabled
[ Intel Cougar Point PCH - USB EHCI #1 Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 29 / 0
Device ID 8086-1C26
Subsystem ID 1043-844D
Device Class 0C03 (USB Controller)
Revision 05
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - USB EHCI #2 Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 26 / 0
Device ID 8086-1C2D
Subsystem ID 1043-844D
Device Class 0C03 (USB Controller)
Revision 05
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel P67 PCH - LPC Interface Controller [B-3] ]
Device Properties:
Device Description Intel P67 PCH - LPC Interface Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 31 / 0
Device ID 8086-1C46
Subsystem ID 1043-844D
Device Class 0601 (PCI/ISA Bridge)
Revision 05
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Sandy Bridge-DT - Host Bridge/DRAM Controller ]
Device Properties:
Device Description Intel Sandy Bridge-DT - Host Bridge/DRAM Controller
Bus Type PCI
Bus / Device / Function 0 / 0 / 0
Device ID 8086-0100
Subsystem ID 1043-844D
Device Class 0600 (Host/PCI Bridge)
Revision 09
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Sandy Bridge-DT - PCI Express Graphics Root Port ]
Device Properties:
Device Description Intel Sandy Bridge-DT - PCI Express Graphics Root Port
Bus Type PCI
Bus / Device / Function 0 / 1 / 0
Device ID 8086-0101
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision 09
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Sandy Bridge-MB - PCI Express Graphics Root Port ]
Device Properties:
Device Description Intel Sandy Bridge-MB - PCI Express Graphics Root Port
Bus Type PCI
Bus / Device / Function 0 / 1 / 1
Device ID 8086-0105
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision 09
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ JMicron JMB362 SATA-II AHCI Controller ]
Device Properties:
Device Description JMicron JMB362 SATA-II AHCI Controller
Bus Type PCI Express 1.0 x1
Bus / Device / Function 11 / 0 / 0
Device ID 197B-2362
Subsystem ID 1043-8460
Device Class 0101 (IDE Controller)
Revision 10
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Marvell 88SE9182 SATA 6Gb/s Controller ]
Device Properties:
Device Description Marvell 88SE9182 SATA 6Gb/s Controller
Bus Type PCI Express 2.0 x2
Bus / Device / Function 12 / 0 / 0
Device ID 1B4B-9182
Subsystem ID 1043-8493
Device Class 0106 (SATA Controller)
Revision 10
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ NEC uPD720200 USB 3.0 Host Controller ]
Device Properties:
Device Description NEC uPD720200 USB 3.0 Host Controller
Bus Type PCI Express 2.0 x1
Bus / Device / Function 9 / 0 / 0
Device ID 1033-0194
Subsystem ID 1043-8413
Device Class 0C03 (USB Controller)
Revision 04
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ NEC uPD720200 USB 3.0 Host Controller ]
Device Properties:
Device Description NEC uPD720200 USB 3.0 Host Controller
Bus Type PCI Express 2.0 x1
Bus / Device / Function 10 / 0 / 0
Device ID 1033-0194
Subsystem ID 1043-8413
Device Class 0C03 (USB Controller)
Revision 04
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 3 / 0 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 4 / 0 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 4 / 5 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 4 / 7 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 4 / 9 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
USB Devices
[ Generic USB Hub ]
Device Properties:
Device Description Generic USB Hub
Device ID 8087-0024
Device Class 09 / 00 (Hi-Speed Hub with single TT)
Device Protocol 01
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ Renesas Electronics USB 3.0 Hub (4-Port USB 3.0 Hub) ]
Device Properties:
Device Description Renesas Electronics USB 3.0 Hub
Device ID 2109-0810
Device Class 09 / 00 (Hub)
Device Protocol 03
Manufacturer VIA Labs, Inc.
Product 4-Port USB 3.0 Hub
Supported USB Version 3.00
Current Speed Super (USB 3.0)
[ Generic USB Hub ]
Device Properties:
Device Description Generic USB Hub
Device ID 8087-0024
Device Class 09 / 00 (Hi-Speed Hub with single TT)
Device Protocol 01
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ Generic USB Hub (USB2.0 Hub) ]
Device Properties:
Device Description Generic USB Hub
Device ID 2109-3431
Device Class 09 / 00 (Hi-Speed Hub with single TT)
Device Protocol 01
Product USB2.0 Hub
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ Generic USB Hub ]
Device Properties:
Device Description Generic USB Hub
Device ID 0409-005A
Device Class 09 / 00 (Hi-Speed Hub with single TT)
Device Protocol 01
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ USB Composite Device (Merc Stealth) ]
Device Properties:
Device Description USB Composite Device
Device ID 1038-0510
Device Class 03 / 01 (Human Interface Device)
Device Protocol 01
Manufacturer Ideazon
Product Merc Stealth
Supported USB Version 2.00
Current Speed Low (USB 1.1)
[ USB Composite Device (G9x Laser Mouse) ]
Device Properties:
Device Description USB Composite Device
Device ID 046D-C066
Device Class 03 / 01 (Human Interface Device)
Device Protocol 02
Manufacturer Logitech
Product G9x Laser Mouse
Serial Number A4970EE7470018
Supported USB Version 2.00
Current Speed Full (USB 1.1)
[ Xbox 360 Wireless Receiver for Windows (Xbox 360 Wireless Receiver for Windows) ]
Device Properties:
Device Description Xbox 360 Wireless Receiver for Windows
Device ID 045E-0719
Device Class FF / FF
Device Protocol FF
Manufacturer ©Microsoft
Product Xbox 360 Wireless Receiver for Windows
Serial Number FD8B8BD0
Supported USB Version 2.00
Current Speed Full (USB 1.1)
[ USB Mass Storage Device (Cruzer Blade) ]
Device Properties:
Device Description USB Mass Storage Device
Device ID 0781-5567
Device Class 08 / 06 (Mass Storage)
Device Protocol 50
Manufacturer SanDisk
Product Cruzer Blade
Serial Number 200608766016A263207F
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ Unknown Device ]
Device Properties:
Device Description Unknown Device
Device ID 0000-0000
Device Class 00 / 00
Device Protocol 00
Supported USB Version 0.00
Current Speed Low (USB 1.1)
[ Renesas Electronics USB 3.0 Hub (4-Port USB 3.0 Hub) ]
Device Properties:
Device Description Renesas Electronics USB 3.0 Hub
Device ID 2109-0810
Device Class 09 / 00 (Hub)
Device Protocol 03
Manufacturer VIA Labs, Inc.
Product 4-Port USB 3.0 Hub
Supported USB Version 3.00
Current Speed Super (USB 3.0)
Device Resources
Resource Share Device Description
DMA 04 Exclusive Direct memory access controller
IRQ 00 Exclusive System timer
IRQ 05 Shared Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
IRQ 08 Exclusive System CMOS/real time clock
IRQ 100 Exclusive Microsoft ACPI-Compliant System
IRQ 101 Exclusive Microsoft ACPI-Compliant System
IRQ 102 Exclusive Microsoft ACPI-Compliant System
IRQ 103 Exclusive Microsoft ACPI-Compliant System
IRQ 104 Exclusive Microsoft ACPI-Compliant System
IRQ 105 Exclusive Microsoft ACPI-Compliant System
IRQ 106 Exclusive Microsoft ACPI-Compliant System
IRQ 107 Exclusive Microsoft ACPI-Compliant System
IRQ 108 Exclusive Microsoft ACPI-Compliant System
IRQ 109 Exclusive Microsoft ACPI-Compliant System
IRQ 110 Exclusive Microsoft ACPI-Compliant System
IRQ 111 Exclusive Microsoft ACPI-Compliant System
IRQ 112 Exclusive Microsoft ACPI-Compliant System
IRQ 113 Exclusive Microsoft ACPI-Compliant System
IRQ 114 Exclusive Microsoft ACPI-Compliant System
IRQ 115 Exclusive Microsoft ACPI-Compliant System
IRQ 116 Exclusive Microsoft ACPI-Compliant System
IRQ 117 Exclusive Microsoft ACPI-Compliant System
IRQ 118 Exclusive Microsoft ACPI-Compliant System
IRQ 119 Exclusive Microsoft ACPI-Compliant System
IRQ 120 Exclusive Microsoft ACPI-Compliant System
IRQ 121 Exclusive Microsoft ACPI-Compliant System
IRQ 122 Exclusive Microsoft ACPI-Compliant System
IRQ 123 Exclusive Microsoft ACPI-Compliant System
IRQ 124 Exclusive Microsoft ACPI-Compliant System
IRQ 125 Exclusive Microsoft ACPI-Compliant System
IRQ 126 Exclusive Microsoft ACPI-Compliant System
IRQ 127 Exclusive Microsoft ACPI-Compliant System
IRQ 128 Exclusive Microsoft ACPI-Compliant System
IRQ 129 Exclusive Microsoft ACPI-Compliant System
IRQ 13 Exclusive Numeric data processor
IRQ 130 Exclusive Microsoft ACPI-Compliant System
IRQ 131 Exclusive Microsoft ACPI-Compliant System
IRQ 132 Exclusive Microsoft ACPI-Compliant System
IRQ 133 Exclusive Microsoft ACPI-Compliant System
IRQ 134 Exclusive Microsoft ACPI-Compliant System
IRQ 135 Exclusive Microsoft ACPI-Compliant System
IRQ 136 Exclusive Microsoft ACPI-Compliant System
IRQ 137 Exclusive Microsoft ACPI-Compliant System
IRQ 138 Exclusive Microsoft ACPI-Compliant System
IRQ 139 Exclusive Microsoft ACPI-Compliant System
IRQ 140 Exclusive Microsoft ACPI-Compliant System
IRQ 141 Exclusive Microsoft ACPI-Compliant System
IRQ 142 Exclusive Microsoft ACPI-Compliant System
IRQ 143 Exclusive Microsoft ACPI-Compliant System
IRQ 144 Exclusive Microsoft ACPI-Compliant System
IRQ 145 Exclusive Microsoft ACPI-Compliant System
IRQ 146 Exclusive Microsoft ACPI-Compliant System
IRQ 147 Exclusive Microsoft ACPI-Compliant System
IRQ 148 Exclusive Microsoft ACPI-Compliant System
IRQ 149 Exclusive Microsoft ACPI-Compliant System
IRQ 150 Exclusive Microsoft ACPI-Compliant System
IRQ 151 Exclusive Microsoft ACPI-Compliant System
IRQ 152 Exclusive Microsoft ACPI-Compliant System
IRQ 153 Exclusive Microsoft ACPI-Compliant System
IRQ 154 Exclusive Microsoft ACPI-Compliant System
IRQ 155 Exclusive Microsoft ACPI-Compliant System
IRQ 156 Exclusive Microsoft ACPI-Compliant System
IRQ 157 Exclusive Microsoft ACPI-Compliant System
IRQ 158 Exclusive Microsoft ACPI-Compliant System
IRQ 159 Exclusive Microsoft ACPI-Compliant System
IRQ 16 Shared 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
IRQ 16 Shared 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
IRQ 16 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
IRQ 16 Shared PCI standard PCI-to-PCI bridge
IRQ 16 Shared PCI standard PCI-to-PCI bridge
IRQ 16 Shared Standard AHCI 1.0 Serial ATA Controller
IRQ 160 Exclusive Microsoft ACPI-Compliant System
IRQ 161 Exclusive Microsoft ACPI-Compliant System
IRQ 162 Exclusive Microsoft ACPI-Compliant System
IRQ 163 Exclusive Microsoft ACPI-Compliant System
IRQ 164 Exclusive Microsoft ACPI-Compliant System
IRQ 165 Exclusive Microsoft ACPI-Compliant System
IRQ 166 Exclusive Microsoft ACPI-Compliant System
IRQ 167 Exclusive Microsoft ACPI-Compliant System
IRQ 168 Exclusive Microsoft ACPI-Compliant System
IRQ 169 Exclusive Microsoft ACPI-Compliant System
IRQ 17 Shared High Definition Audio Controller
IRQ 17 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
IRQ 17 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
IRQ 17 Shared PCI standard PCI-to-PCI bridge
IRQ 17 Shared PCI standard PCI-to-PCI bridge
IRQ 170 Exclusive Microsoft ACPI-Compliant System
IRQ 171 Exclusive Microsoft ACPI-Compliant System
IRQ 172 Exclusive Microsoft ACPI-Compliant System
IRQ 173 Exclusive Microsoft ACPI-Compliant System
IRQ 174 Exclusive Microsoft ACPI-Compliant System
IRQ 175 Exclusive Microsoft ACPI-Compliant System
IRQ 176 Exclusive Microsoft ACPI-Compliant System
IRQ 177 Exclusive Microsoft ACPI-Compliant System
IRQ 178 Exclusive Microsoft ACPI-Compliant System
IRQ 179 Exclusive Microsoft ACPI-Compliant System
IRQ 18 Shared High Definition Audio Controller
IRQ 18 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
IRQ 18 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
IRQ 180 Exclusive Microsoft ACPI-Compliant System
IRQ 181 Exclusive Microsoft ACPI-Compliant System
IRQ 182 Exclusive Microsoft ACPI-Compliant System
IRQ 183 Exclusive Microsoft ACPI-Compliant System
IRQ 184 Exclusive Microsoft ACPI-Compliant System
IRQ 185 Exclusive Microsoft ACPI-Compliant System
IRQ 186 Exclusive Microsoft ACPI-Compliant System
IRQ 187 Exclusive Microsoft ACPI-Compliant System
IRQ 188 Exclusive Microsoft ACPI-Compliant System
IRQ 189 Exclusive Microsoft ACPI-Compliant System
IRQ 19 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
IRQ 19 Shared PCI standard PCI-to-PCI bridge
IRQ 19 Shared Standard Dual Channel PCI IDE Controller
IRQ 190 Exclusive Microsoft ACPI-Compliant System
IRQ 20 Shared Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
IRQ 21 Shared Intel(R) Management Engine Interface
IRQ 22 Shared High Definition Audio Controller
IRQ 23 Shared Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
IRQ 23 Shared Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
IRQ 65536 Exclusive Intel(R) 82579V Gigabit Network Connection #2
IRQ 65536 Exclusive Intel(R) 82583V Gigabit Network Connection
IRQ 65536 Exclusive AMD Radeon HD 6900 Series
IRQ 65536 Exclusive AMD Radeon HD 6900 Series
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 81 Exclusive Microsoft ACPI-Compliant System
IRQ 82 Exclusive Microsoft ACPI-Compliant System
IRQ 83 Exclusive Microsoft ACPI-Compliant System
IRQ 84 Exclusive Microsoft ACPI-Compliant System
IRQ 85 Exclusive Microsoft ACPI-Compliant System
IRQ 86 Exclusive Microsoft ACPI-Compliant System
IRQ 87 Exclusive Microsoft ACPI-Compliant System
IRQ 88 Exclusive Microsoft ACPI-Compliant System
IRQ 89 Exclusive Microsoft ACPI-Compliant System
IRQ 90 Exclusive Microsoft ACPI-Compliant System
IRQ 91 Exclusive Microsoft ACPI-Compliant System
IRQ 92 Exclusive Microsoft ACPI-Compliant System
IRQ 93 Exclusive Microsoft ACPI-Compliant System
IRQ 94 Exclusive Microsoft ACPI-Compliant System
IRQ 95 Exclusive Microsoft ACPI-Compliant System
IRQ 96 Exclusive Microsoft ACPI-Compliant System
IRQ 97 Exclusive Microsoft ACPI-Compliant System
IRQ 98 Exclusive Microsoft ACPI-Compliant System
IRQ 99 Exclusive Microsoft ACPI-Compliant System
Memory 000A0000-000BFFFF Shared AMD Radeon HD 6900 Series
Memory 000A0000-000BFFFF Shared PCI bus
Memory 000A0000-000BFFFF Undetermined 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Memory 000C8000-000DFFFF Shared PCI bus
Memory C0000000-CFFFFFFF Exclusive AMD Radeon HD 6900 Series
Memory C0000000-CFFFFFFF Exclusive 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
Memory C0000000-FFFFFFFF Shared PCI bus
Memory D0000000-DFFFFFFF Exclusive AMD Radeon HD 6900 Series
Memory D0000000-DFFFFFFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Memory E0000000-E3FFFFFF Exclusive System board
Memory FB700000-FB71FFFF Exclusive Intel(R) 82583V Gigabit Network Connection
Memory FB700000-FB7FFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
Memory FB720000-FB723FFF Exclusive Intel(R) 82583V Gigabit Network Connection
Memory FB800000-FB8FFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
Memory FB810000-FB8101FF Exclusive Standard AHCI 1.0 Serial ATA Controller
Memory FB900000-FB9FFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Memory FB910000-FB9101FF Exclusive Standard Dual Channel PCI IDE Controller
Memory FBA00000-FBA01FFF Exclusive Renesas Electronics USB 3.0 Host Controller
Memory FBA00000-FBAFFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
Memory FBB00000-FBB01FFF Exclusive Renesas Electronics USB 3.0 Host Controller
Memory FBB00000-FBBFFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Memory FBC00000-FBC1FFFF Exclusive PCI standard PCI-to-PCI bridge
Memory FBC00000-FBCFFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Memory FBD00000-FBDFFFFF Exclusive 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
Memory FBD40000-FBD43FFF Exclusive High Definition Audio Controller
Memory FBDE0000-FBDFFFFF Exclusive AMD Radeon HD 6900 Series
Memory FBE00000-FBEFFFFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Memory FBE20000-FBE3FFFF Exclusive AMD Radeon HD 6900 Series
Memory FBE40000-FBE43FFF Exclusive High Definition Audio Controller
Memory FBF00000-FBF1FFFF Exclusive Intel(R) 82579V Gigabit Network Connection #2
Memory FBF20000-FBF23FFF Exclusive High Definition Audio Controller
Memory FBF24000-FBF240FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Memory FBF25000-FBF257FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Memory FBF26000-FBF263FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Memory FBF27000-FBF273FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Memory FBF28000-FBF28FFF Exclusive Intel(R) 82579V Gigabit Network Connection #2
Memory FBF29000-FBF2900F Exclusive Intel(R) Management Engine Interface
Memory FEC00000-FECFFFFF Exclusive System board
Memory FED00000-FED003FF Exclusive High precision event timer
Memory FED08000-FED08FFF Exclusive System board
Memory FED10000-FED19FFF Exclusive System board
Memory FED1C000-FED1FFFF Exclusive System board
Memory FED20000-FED3FFFF Exclusive System board
Memory FED90000-FED93FFF Exclusive System board
Memory FEE00000-FEE0FFFF Exclusive System board
Memory FF000000-FFFFFFFF Exclusive System board
Port 0000-000F Exclusive Direct memory access controller
Port 0000-0CF7 Shared PCI bus
Port 0010-001F Exclusive Motherboard resources
Port 0020-0021 Exclusive Programmable interrupt controller
Port 0022-003F Exclusive Motherboard resources
Port 0040-0043 Exclusive System timer
Port 0044-005F Exclusive Motherboard resources
Port 0061-0061 Exclusive System speaker
Port 0062-0062 Exclusive Microsoft ACPI-Compliant Embedded Controller
Port 0063-0063 Exclusive Motherboard resources
Port 0065-0065 Exclusive Motherboard resources
Port 0066-0066 Exclusive Microsoft ACPI-Compliant Embedded Controller
Port 0067-006F Exclusive Motherboard resources
Port 0070-0071 Exclusive System CMOS/real time clock
Port 0072-007F Exclusive Motherboard resources
Port 0080-0080 Exclusive Motherboard resources
Port 0081-0083 Exclusive Direct memory access controller
Port 0084-0086 Exclusive Motherboard resources
Port 0087-0087 Exclusive Direct memory access controller
Port 0088-0088 Exclusive Motherboard resources
Port 0089-008B Exclusive Direct memory access controller
Port 008C-008E Exclusive Motherboard resources
Port 008F-008F Exclusive Direct memory access controller
Port 0090-009F Exclusive Motherboard resources
Port 00A0-00A1 Exclusive Programmable interrupt controller
Port 00A2-00BF Exclusive Motherboard resources
Port 00C0-00DF Exclusive Direct memory access controller
Port 00E0-00EF Exclusive Motherboard resources
Port 00F0-00FF Exclusive Numeric data processor
Port 0290-029F Exclusive Motherboard resources
Port 03B0-03BB Shared AMD Radeon HD 6900 Series
Port 03B0-03BB Undetermined 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Port 03C0-03DF Shared AMD Radeon HD 6900 Series
Port 03C0-03DF Undetermined 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Port 0400-0453 Exclusive System board
Port 0454-0457 Exclusive Intel(R) Watchdog Timer Driver (Intel(R) WDT)
Port 0458-047F Exclusive System board
Port 04D0-04D1 Exclusive Motherboard resources
Port 0500-057F Exclusive System board
Port 0D00-FFFF Shared PCI bus
Port 1180-119F Exclusive Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Port 1180-119F Exclusive System board
Port A000-AFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
Port B000-B00F Exclusive Standard AHCI 1.0 Serial ATA Controller
Port B000-BFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
Port B010-B013 Exclusive Standard AHCI 1.0 Serial ATA Controller
Port B020-B027 Exclusive Standard AHCI 1.0 Serial ATA Controller
Port B030-B033 Exclusive Standard AHCI 1.0 Serial ATA Controller
Port B040-B047 Exclusive Standard AHCI 1.0 Serial ATA Controller
Port C000-C00F Exclusive Standard Dual Channel PCI IDE Controller
Port C000-CFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Port C010-C013 Exclusive Standard Dual Channel PCI IDE Controller
Port C020-C027 Exclusive Standard Dual Channel PCI IDE Controller
Port C030-C033 Exclusive Standard Dual Channel PCI IDE Controller
Port C040-C047 Exclusive Standard Dual Channel PCI IDE Controller
Port D000-DFFF Exclusive 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
Port DF00-DFFF Exclusive AMD Radeon HD 6900 Series
Port E000-E0FF Exclusive AMD Radeon HD 6900 Series
Port E000-EFFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Port F020-F03F Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Port F060-F063 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Port F070-F077 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Port F080-F083 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Port F090-F097 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Input
[ HID Keyboard Device ]
Keyboard Properties:
Keyboard Name HID Keyboard Device
Keyboard Type IBM enhanced (101- or 102-key) keyboard
Keyboard Layout United Kingdom
ANSI Code Page 1252 - @%SystemRoot%\system32\mlang.dll,-4612
OEM Code Page 850
Repeat Delay 1
Repeat Rate 31
[ HID-compliant mouse ]
Mouse Properties:
Mouse Name HID-compliant mouse
Mouse Buttons 16
Mouse Hand Right
Pointer Speed 1
Double-Click Time 500 msec
X/Y Threshold 6 / 10
Wheel Scroll Lines 3
Mouse Features:
Active Window Tracking Disabled
ClickLock Disabled
Hide Pointer While Typing Enabled
Mouse Wheel Present
Move Pointer To Default Button Disabled
Pointer Trails Disabled
Sonar Disabled
Printers
[ Fax ]
Printer Properties:
Printer Name Fax
Default Printer No
Share Point Not shared
Printer Port SHRFAX:
Printer Driver Microsoft Shared Fax Driver (v4.00)
Device Name Fax
Print Processor winprint
Separator Page None
Availability Always
Priority 1
Print Jobs Queued 0
Status Unknown
Paper Properties:
Paper Size Letter, 8.5 x 11 in
Orientation Portrait
Print Quality 200 x 200 dpi Mono
[ Microsoft XPS Document Writer (Default) ]
Printer Properties:
Printer Name Microsoft XPS Document Writer
Default Printer Yes
Share Point Not shared
Printer Port XPSPort:
Printer Driver Microsoft XPS Document Writer (v6.00)
Device Name Microsoft XPS Document Writer
Print Processor winprint
Separator Page None
Availability Always
Priority 1
Print Jobs Queued 0
Status Unknown
Paper Properties:
Paper Size A4, 210 x 297 mm
Orientation Portrait
Print Quality 600 x 600 dpi Color
Auto Start
Application Description Start From Application Command
ASUS Ai Charger Registry\Common\Run C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
ASUS ShellProcess Execute Registry\Common\Run C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
AthBtTray Registry\Common\Run C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
AtherosBtStack Registry\Common\Run C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
KiesHelper Registry\User\Run C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
KiesPDLR Registry\User\Run C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
KiesTrayAgent Registry\User\Run C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
NUSB3MON Registry\Common\Run C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
RtHDVCpl Registry\Common\Run C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
StartCCC Registry\Common\Run C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
Steam Registry\User\Run C:\Program Files (x86)\Steam\Steam.exe -silent
Installed Programs
Program Version Inst. Size
µTorrent 2.2.1 Unknown
3DMark Vantage [english] 1.0.3.1 Unknown
Adobe [ TRIAL VERSION ] 10.0.42.34 Unknown
Adobe [ TRIAL VERSION ] 10.3.181.14 Unknown
AI Sui [ TRIAL VERSION ] 1.01.13 Unknown
AIDA64 [ TRIAL VERSION ] 1.70 Unknown
AMD Dr [ TRIAL VERSION ] 2.00.0000 Unknown
Applic [ TRIAL VERSION ] 2.0.4177.33916 Unknown
ASUS A [ TRIAL VERSION ] 1.00.09 Unknown
ASUS P [ TRIAL VERSION ] 1.1.2 Unknown
ASUS S [ TRIAL VERSION ] 5.74 Unknown
ATI AV [ TRIAL VERSION ] 11.6.0.10525 Unknown
ATI Ca [ TRIAL VERSION ] 3.0.825.0 Unknown
Battle [ TRIAL VERSION ] Unknown
Blueto [ TRIAL VERSION ] 7.2.0.40 Unknown
BS.Pla [ TRIAL VERSION ] 2.58.1053 Unknown
Burnou [ TRIAL VERSION ] Unknown
Call o [ TRIAL VERSION ] Unknown
Cataly [ TRIAL VERSION ] 1.00.0000 Unknown
Cataly [ TRIAL VERSION ] 2011.0525.11.41627 Unknown
Cataly [ TRIAL VERSION ] 2011.0525.11.41627 Unknown
Cataly [ TRIAL VERSION ] 2011.0525.11.41627 Unknown
Cataly [ TRIAL VERSION ] 2011.0525.11.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
ccc-utility64 2011.0525.11.41627 Unknown
CPUID [ TRIAL VERSION ] Unknown
Crysis [ TRIAL VERSION ] 1.0.0.0 Unknown
DiRT 3 Unknown
Far Cry 2 Unknown
Fraps (remove only) Unknown
Futuremark SystemInfo [english] 3.21.2.1 Unknown
HydraVision 4.2.200.0 Unknown
Intel(R) Control Center 1.2.1.1007 Unknown
Intel(R) Management Engine Components 7.0.0.1118 Unknown
Intel(R) Network Connections 15.6.25.0 15.6.25.0 Unknown
Intel(R) Network Connections 15.6.25.0 15.6.25.0 Unknown
Intel® Watchdog Timer Driver (Intel® WDT) Unknown
Just Cause 2 Unknown
Left 4 Dead 2 Unknown
Left 4 Dead Unknown
Microsoft .NET Framework 4 Client Profile 4.0.30319 Unknown
Microsoft .NET Framework 4 Client Profile 4.0.30319 Unknown
Microsoft Games for Windows - LIVE Redistributable 3.5.88.0 Unknown
Microsoft Games for Windows Marketplace 3.5.50.0 Unknown
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 8.0.50727.4053 Unknown
Microsoft Visual C++ 2005 Redistributable 8.0.56336 Unknown
Microsoft Visual C++ 2005 Redistributable 8.0.59193 Unknown
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 9.0.30729.4148 Unknown
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 9.0.30729.5570 Unknown
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 Unknown
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 10.0.30319 Unknown
Mozilla Firefox 4.0.1 (x86 en-GB) 4.0.1 Unknown
MSI Afterburner 2.2.0 Beta 3 2.2.0 Beta 3 Unknown
MyFreeCodec Unknown
MyFreeCodec Unknown
Nightsky Unknown
NVIDIA PhysX 9.10.0513 Unknown
OpenAL Unknown
PunkBuster Services Unknown
RadeonPro 1.0 (Build 1.1.0.6) Unknown
Rapture3D 2.4.8 Game Unknown
Realtek High Definition Audio Driver [english] 6.0.1.6235 Unknown
Renesas Electronics USB 3.0 Host Controller Driver 2.0.32.0 Unknown
S.T.A.L.K.E.R.: Shadow of Chernobyl Unknown
Samsung Kies 2.0.0.11044_11 Unknown
SAMSUNG USB Driver for Mobile Phones 1.3.2300.0 Unknown
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) 1 Unknown
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 1 Unknown
SHIFT 2 UNLEASHED™ 1.0.1.0 Unknown
Steam 1.0.0.0 Unknown
Test Drive Unlimited 2 Unknown
UltraI [ TRIAL VERSION ] Unknown
Update [ TRIAL VERSION ] 1 Unknown
Window [ TRIAL VERSION ] 6.500.3165.0 Unknown
WinRAR [ TRIAL VERSION ] 4.01.0 Unknown
WMV9/V [ TRIAL VERSION ] 1.0.60525.0013 Unknown
Licenses
Software Product Key
Futuremark 3DMark Vantage 1.0.3.1 3DMVA-25DTB-F4ZZ4-PAHMN-NJ7FZ-J3KXP-KFALJ-C25QP
Microsoft Internet Explorer 8.0.7601.17514 342DG- [ TRIAL VERSION ]
Microsoft Windows 7 Ultimate 342DG- [ TRIAL VERSION ]
File Types
Extension File Type Description Content Type
386 Virtual Device Driver
3G2 3GPP2 Audio/Video video/3gpp2
3GP 3GPP Audio/Video video/3gpp
3GP2 3GPP2 Audio/Video video/3gpp2
3GPP 3GPP Audio/Video video/3gpp
7Z WinRAR archive
AAC ADTS Audio audio/vnd.dlna.adts
ACE WinRAR archive
ADT ADTS Audio audio/vnd.dlna.adts
ADTS ADTS Audio audio/vnd.dlna.adts
AIF AIFF Format Sound audio/aiff
AIFC AIFF Format Sound audio/aiff
AIFF AIFF Format Sound audio/aiff
ANI Animated Cursor
APPLICATION Application Manifest application/x-ms-application
APPREF-MS Application Reference
ARJ WinRAR archive
ASA ASA File
ASF Windows Media Audio/Video file video/x-ms-asf
ASP ASP File
ASX Windows Media Audio/Video playlist video/x-ms-asf
AU AU Format Sound audio/basic
AVI Video Clip video/avi
BAT Windows Batch File
BIN BIN File
BLG Performance Monitor File
BMP Bitmap Image image/bmp
BSP BSP File
BZ WinRAR archive
BZ2 WinRAR archive
C2R C2R File
CAB WinRAR archive
CAMP WCS Viewing Condition Profile
CAT Security Catalog application/vnd.ms-pki.seccat
CDA CD Audio Track
CDMP WCS Device Profile
CDX CDX File
CER Security Certificate application/x-x509-ca-cert
CHESSTITANSSAVE-MS .ChessTitansSave-ms
CHK Recovered File Fragments
CHM Compiled HTML Help file
CMD Windows Command Script
COM MS-DOS Application
COMFYCAKESSAVE-MS .ComfyCakesSave-ms
COMPOSITEFONT Composite Font File
CONTACT Contact File text/x-ms-contact
CPL Control Panel Item
CRD Information Card
CRDS Information Card Store
CRL Certificate Revocation List application/pkix-crl
CRT Security Certificate application/x-x509-ca-cert
CSS Cascading Style Sheet Document text/css
CUR Cursor
DB Data Base File
DEM DEM File
DER Security Certificate application/x-x509-ca-cert
DESKLINK Desktop Shortcut
DIAGCAB Diagnostic Cabinet
DIAGCFG Diagnostic Configuration
DIAGPKG Diagnostic Document
DIB Bitmap Image image/bmp
DLL Application Extension application/x-msdownload
DOCX OOXML Text Document
DRV Device Driver
DSN Microsoft OLE DB Provider for ODBC Drivers
DVR Microsoft Recorded TV Show
DVR-MS Microsoft Recorded TV Show
DWFX XPS Document model/vnd.dwfx+xps
EASMX XPS Document model/vnd.easmx+xps
EDRWX XPS Document model/vnd.edrwx+xps
EMF EMF File
EPRTX XPS Document model/vnd.eprtx+xps
EVT EVT File
EVTX EVTX File
EXE Application application/x-msdownload
FON Font file
FREECELLSAVE-MS .FreeCellSave-ms
GADGET Windows Gadget
GIF GIF Image image/gif
GMMP WCS Gamut Mapping Profile
GROUP Contact Group File text/x-ms-group
GRP Microsoft Program Group
GZ WinRAR archive
H1C Windows Help Collection Definition File
H1D Windows Help Validator File
H1F Windows Help Include File
H1H Windows Help Merged Hierarchy
H1K Windows Help Index File
H1Q Windows Help Merged Query Index
H1S Compiled Windows Help file
H1T Windows Help Table of Contents File
H1V Windows Help Virtual Topic Definition File
H1W Windows Help Merged Keyword Index
HEARTSSAVE-MS .HeartsSave-ms
HLP Help File
HTA HTML Application application/hta
HTM HTML Document text/html
HTML HTML Document text/html
ICC ICC Profile
ICL Icon Library
ICM ICC Profile
ICO Icon image/x-icon
IMG Disc Image File
INF Setup Information
INI Configuration Settings
ISO UltraISO File
ISZ UltraISO File
JAR WinRAR archive
JFIF JPEG Image image/jpeg
JNT Journal Document
JOB Task Scheduler Task Object
JOD Microsoft.Jet.OLEDB.4.0
JPE JPEG Image image/jpeg
JPEG JPEG Image image/jpeg
JPG JPEG Image image/jpeg
JS JScript Script File
JSE JScript Encoded File
JTP Journal Template
JTX XPS Document application/x-jtx+xps
LABEL Property List
LHA WinRAR archive
LIBRARY-MS Library Folder application/windows-library+xml
LNK Shortcut
LOG Text Document
LZH WinRAR archive
M1V Movie Clip video/mpeg
M2T AVCHD Video video/vnd.dlna.mpeg-tts
M2TS AVCHD Video video/vnd.dlna.mpeg-tts
M2V Movie Clip video/mpeg
M3U M3U file audio/x-mpegurl
M4A MPEG-4 Audio audio/mp4
M4V MP4 Video video/mp4
MAHJONGTITANSSAVE-MS .MahjongTitansSave-ms
MAPIMAIL Mail Service
MCL MCL File
MFP Macromedia Flash Paper application/x-shockwave-flash
MHT MHTML Document message/rfc822
MHTML MHTML Document message/rfc822
MID MIDI Sequence audio/mid
MIDI MIDI Sequence audio/mid
MIG Migration Store
MINESWEEPERSAVE-MS .MinesweeperSave-ms
MLC Language Pack File_
MOD Movie Clip video/mpeg
MOV QuickTime Movie video/quicktime
MP2 MP3 Format Sound audio/mpeg
MP2V Movie Clip video/mpeg
MP3 MP3 Format Sound audio/mpeg
MP4 MP4 Video video/mp4
MP4V MP4 Video video/mp4
MPA Movie Clip video/mpeg
MPE Movie Clip video/mpeg
MPEG Movie Clip video/mpeg
MPG Movie Clip video/mpeg
MPV2 Movie Clip video/mpeg
MSC Microsoft Common Console Document
MSDVD MSDVD File
MSI Windows Installer Package
MSP Windows Installer Patch
MSRCINCIDENT Windows Remote Assistance Invitation
MSSTYLES Windows Visual Style File
MSU Microsoft Update Standalone Package
MTS AVCHD Video video/vnd.dlna.mpeg-tts
MYDOCS MyDocs Drop Target
NFO MSInfo Configuration File
OCX ActiveX control
ODT ODT File
OSDX OpenSearch Description File application/opensearchdescription+xml
OTF OpenType Font file
P10 Certificate Request application/pkcs10
P12 Personal Information Exchange application/x-pkcs12
P7B PKCS #7 Certificates application/x-pkcs7-certificates
P7C Digital ID File application/pkcs7-mime
P7M PKCS #7 MIME Message application/pkcs7-mime
P7R Certificate Request Response application/x-pkcs7-certreqresp
P7S PKCS #7 Signature application/pkcs7-signature
PBK Dial-Up Phonebook
PERFMONCFG Performance Monitor Configuration
PFM Type 1 Font file
PFX Personal Information Exchange application/x-pkcs12
PIF Shortcut to MS-DOS Program
PKO Public Key Security Object application/vnd.ms-pki.pko
PNF Precompiled Setup Information
PNG PNG Image image/png
PRF PICS Rules File application/pics-rules
PRINTEREXPORT Printer Migration File
PS1 PS1 File
PS1XML PS1XML File
PSC1 PSC1 File application/PowerShell
PSD1 PSD1 File
PSM1 PSM1 File
PURBLEPAIRSSAVE-MS .PurblePairsSave-ms
PURBLESHOPSAVE-MS .PurbleShopSave-ms
QDS Directory Query
R00 WinRAR archive
R01 WinRAR archive
R02 WinRAR archive
R03 WinRAR archive
R04 WinRAR archive
R05 WinRAR archive
R06 WinRAR archive
R07 WinRAR archive
R08 WinRAR archive
R09 WinRAR archive
R10 WinRAR archive
R11 WinRAR archive
R12 WinRAR archive
R13 WinRAR archive
R14 WinRAR archive
R15 WinRAR archive
R16 WinRAR archive
R17 WinRAR archive
R18 WinRAR archive
R19 WinRAR archive
R20 WinRAR archive
R21 WinRAR archive
R22 WinRAR archive
R23 WinRAR archive
R24 WinRAR archive
R25 WinRAR archive
R26 WinRAR archive
R27 WinRAR archive
R28 WinRAR archive
R29 WinRAR archive
RAR WinRAR archive
RAT Rating System File application/rat-file
RDP Remote Desktop Connection
REG Registration Entries
RESMONCFG Resource Monitor Configuration
REV RAR recovery volume
RLE RLE File
RLL Application Extension
RMI MIDI Sequence audio/mid
RTF Rich Text Document
SAV SAV File
SCF Windows Explorer Command
SCP Text Document
SCR Screen saver
SCT Windows Script Component text/scriptlet
SEARCHCONNECTOR-MS Search Connector Folder application/windows-search-connector+xml
SEARCH-MS Saved Search
SFCACHE ReadyBoost Cache File
SHTML SHTML File text/html
SLUPKG-MS XrML Digital License Package application/x-ms-license
SND AU Format Sound audio/basic
SOLITAIRESAVE-MS .SolitaireSave-ms
SPC PKCS #7 Certificates application/x-pkcs7-certificates
SPIDERSOLITAIRESAVE-MS .SpiderSolitaireSave-ms
SPL Shockwave Flash Object application/futuresplash
SST Microsoft Serialized Certificate Store application/vnd.ms-pki.certstore
STL Certificate Trust List application/vnd.ms-pki.stl
SWF Shockwave Flash Object application/x-shockwave-flash
SYS System file
TAR WinRAR archive
TAZ WinRAR archive
TBZ WinRAR archive
TBZ2 WinRAR archive
TGZ WinRAR archive
THEME Windows Theme File
THEMEPACK Windows Theme Pack
TIF TIF File image/tiff
TIFF TIFF File image/tiff
TS MPEG-2 TS Video video/vnd.dlna.mpeg-tts
TTC TrueType Collection Font file
TTF TrueType Font file
TTS MPEG-2 TS Video video/vnd.dlna.mpeg-tts
TXT Text Document text/plain
UDL Microsoft Data Link
UI UltraISO File
URL URL File
UU WinRAR archive
UUE WinRAR archive
VBE VBScript Encoded File
VBS VBScript Script File
VCF vCard File text/x-vcard
VPK Source Game Add-on
VXD Virtual Device Driver
WAB Address Book File
WAV Wave Sound audio/wav
WAX Windows Media Audio shortcut audio/x-ms-wax
WBCAT Windows Backup Catalog File
WCX Workspace Configuration File
WDP Windows Media Photo image/vnd.ms-photo
WEBPNP Web Point And Print File
WM Windows Media Audio/Video file video/x-ms-wm
WMA Windows Media Audio file audio/x-ms-wma
WMD Windows Media Player Download Package application/x-ms-wmd
WMDB Windows Media Library
WMF WMF File
WMS Windows Media Player Skin File
WMV Windows Media Audio/Video file video/x-ms-wmv
WMX Windows Media Audio/Video playlist video/x-ms-wmx
WMZ Windows Media Player Skin Package application/x-ms-wmz
WPL Windows Media playlist application/vnd.ms-wpl
WSC Windows Script Component text/scriptlet
WSF Windows Script File
WSH Windows Script Host Settings File
WTV Windows Recorded TV Show
WTX Text Document
WVX Windows Media Audio/Video playlist video/x-ms-wvx
XAML Windows Markup File application/xaml+xml
XBAP XAML Browser Application application/x-ms-xbap
XHT XHT File application/xhtml+xml
XHTML XHTML File application/xhtml+xml
XML XML Document text/xml
XPS XPS Document application/vnd.ms-xpsdocument
XRM-MS XrML Digital License text/xml
XSL XSL Stylesheet text/xml
XXE WinRAR archive
Z WinRAR archive
ZFSENDTOTARGET Compressed (zipped) Folder SendTo Target
ZIP WinRAR ZIP archive
Sidebar Gadgets
[ Calendar ]
Gadget Properties:
Name Calendar
Description Browse the days of the calendar.
Version 1.1.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML Calendar.Gadget\en-US\gadget.xml
[ Clock ]
Gadget Properties:
Name Clock
Description Watch the clock in your own time zone or any city in the world.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML Clock.Gadget\en-US\gadget.xml
[ CPU Meter ]
Gadget Properties:
Name CPU Meter
Description See the current computer CPU and system memory (RAM).
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML CPU.Gadget\en-US\gadget.xml
[ Currency ]
Gadget Properties:
Name Currency
Description Convert from one currency to another.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML Currency.Gadget\en-US\gadget.xml
[ Feed Headlines ]
Gadget Properties:
Name Feed Headlines
Description Track the latest news, sports, and entertainment headlines.
Version 1.1.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML RSSFeeds.Gadget\en-US\gadget.xml
[ Picture Puzzle ]
Gadget Properties:
Name Picture Puzzle
Description Move the pieces of the puzzle and try to put them in order.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML PicturePuzzle.Gadget\en-US\gadget.xml
[ Slide Show ]
Gadget Properties:
Name Slide Show
Description Show a continuous slide show of your pictures.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML SlideShow.Gadget\en-US\gadget.xml
[ Weather ]
Gadget Properties:
Name Weather
Description See what the weather looks like around the world.
Version 1.1.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML Weather.Gadget\en-US\gadget.xml
[ Windows Media Center ]
Gadget Properties:
Name Windows Media Center
Description Play your latest TV recordings, new Internet TV clips, and favorite music and pictures.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML MediaCenter.Gadget\en-US\gadget.xml
Windows Security
Operating System Properties:
OS Name Microsoft Windows 7 Ultimate
OS Service Pack [ TRIAL VERSION ]
Winlogon Shell explorer.exe
User Account Control (UAC) Disabled
System Restore Enabled
Data Execution Prevention (DEP, NX, EDB):
Supported by Operating System Yes
Supported by CPU Yes
Active (To Protect Applications) Yes
Active (To Protect Drivers) Yes
Windows Update
Update Description Update Type Inst. Date
(Automatic Update) Download:Automatic, Install:Scheduled Every Day 3:00
Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2508272) Update 25/05/2011
Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB980195) Update 12/03/2011
Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2482017) Update 12/03/2011
Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2497640) Update 25/05/2011
Cumulative Update for Media Center for Windows 7 x64-based Systems (KB2284742) Update 12/03/2011
Definition Update for Windows Defender - KB915597 (Definition 1.105.1913.0) Update 14/06/2011
Microsoft .NET Framework 3.5 SP1 Security Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB979916) Update 12/03/2011
Microsoft .NET Framework 3.5 SP1 Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB982526) Update 12/03/2011
Microsoft .NET Framework 4 Client Profile for Windows 7 x64-based Systems (KB982670) Update 12/03/2011
Microsoft Browser Choice Screen Update for EEA Users of Windows 7 for x64-based Systems (KB976002) Update 12/03/2011
Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2446709) Update 25/05/2011
Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB983590) Update 12/03/2011
Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2446710) Update 04/06/2011
Security Update for Microsoft .NET Framework 3.5.1, Windows 7, and Windows Server 2008 R2 for x64-based Systems (KB2416471) Update 12/03/2011
Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841) Update 02/04/2011
Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2446708) Update 25/05/2011
Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923) Update 28/05/2011
Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924) Update 28/05/2011
Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2467174) Update 11/06/2011
Security Update for Windows 7 for x64-based Systems (KB2032276) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2079403) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2207566) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2281679) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2286198) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2296011) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2305420) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2347290) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2378111) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2385678) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2387149) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2393802) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2419640) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2423089) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2425227) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2442962) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2475792) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2479628) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2479943) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2483614) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2485376) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2491683) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2503658) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2506212) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2506223) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2507618) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2508429) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2509553) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2510531) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2511455) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB972270) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB974571) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB975467) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB975560) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB978542) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB978601) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB978886) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB979309) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB979482) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB979687) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB979688) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB980232) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB982132) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB982214) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB982665) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB982799) Update 12/03/2011
Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2447568) Update 12/03/2011
Update for Rights Management Services Client for Windows 7 for x64-based Systems (KB979099) Update 12/03/2011
Update for Windows (KB971033) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2249857) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2345886) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2387530) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2388210) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2443685) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2454826) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2467023) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2484033) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2487426) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2492386) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2505438) Update 11/06/2011
Update for Windows 7 for x64-based Systems (KB2506014) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2506928) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2511250) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2515325) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2522422) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2524375) Update 02/04/2011
Update for Windows 7 for x64-based Systems (KB2533552) Update 26/05/2011
Update for Windows 7 for x64-based Systems (KB2534366) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2541014) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB974332) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB974431) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB975496) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB976902) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB977074) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB978637) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB979538) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB980408) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB980846) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB982110) Update 12/03/2011
Windows 7 Service Pack 1 for x64-based Systems (KB976932) Update 03/06/2011
Windows Malicious Software Removal Tool x64 - March 2011 (KB890830) Update 12/03/2011
Firewall
Software Description Software Version Status
Windows Firewall 6.1.7600.16385 Enabled
Anti-Spyware
Software Description Software Version
Microsoft Windows Defender 6.1.7600.16385(win7_rtm.090713-1255)
Regional
Time Zone:
Current Time Zone GMT Daylight Time
Current Time Zone Description (UTC) Dublin, Edinburgh, Lisbon, London
Change To Standard Time Last Sunday of October 02:00:00
Change To Daylight Saving Time Last Sunday of March 01:00:00
Language:
Language Name (Native) English
Language Name (English) English
Language Name (ISO 639) en
Country/Region:
Country Name (Native) United Kingdom
Country Name (English) United Kingdom
Country Name (ISO 3166) GB
Country Code 44
Currency:
Currency Name (Native) Pound Sterling
Currency Name (English) UK Pound Sterling
Currency Symbol (Native) £
Currency Symbol (ISO 4217) GBP
Currency Format £123,456,789.00
Negative Currency Format -£123,456,789.00
Formatting:
Time Format HH:mm:ss
Short Date Format dd/MM/yyyy
Long Date Format dd MMMM yyyy
Number Format 123,456,789.00
Negative Number Format -123,456,789.00
List Format first, second, third
Native Digits 0123456789
Days of Week:
Native Name for Monday Monday / Mon
Native Name for Tuesday Tuesday / Tue
Native Name for Wednesday Wednesday / Wed
Native Name for Thursday Thursday / Thu
Native Name for Friday Friday / Fri
Native Name for Saturday Saturday / Sat
Native Name for Sunday Sunday / Sun
Months:
Native Name for January January / Jan
Native Name for February February / Feb
Native Name for March March / Mar
Native Name for April April / Apr
Native Name for May May / May
Native Name for June June / Jun
Native Name for July July / Jul
Native Name for August August / Aug
Native Name for September September / Sep
Native Name for October October / Oct
Native Name for November November / Nov
Native Name for December December / Dec
Miscellaneous:
Calendar Type Gregorian (localized)
Default Paper Size A4
Measurement System Metric
Display Languages:
LCID 0409h (Active) English (United States)
Environment
Variable Value
ALLUSERSPROFILE C:\ProgramData
APPDATA C:\Users\muggz\AppData\Roaming
CommonProgramFiles(x86) C:\Program Files (x86)\Common Files
CommonProgramFiles C:\Program Files (x86)\Common Files
CommonProgramW6432 C:\Program Files\Common Files
COMPUTERNAME MUGGZ-PC
ComSpec C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
HOMEDRIVE C:
HOMEPATH \Users\muggz
LOCALAPPDATA C:\Users\muggz\AppData\Local
LOGONSERVER \\MUGGZ-PC
MOZ_CRASHREPORTER_DATA_DIRECTORY C:\Users\muggz\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE C:\Program Files (x86)\Mozilla Firefox\crashreporter-override.ini
MpConfig_ProductAppDataPath C:\ProgramData\Microsoft\Windows Defender
MpConfig_ProductCodeName AntiSpyware
MpConfig_ProductPath C:\Program Files (x86)\Windows Defender
MpConfig_ProductUserAppDataPath C:\Users\muggz\AppData\Local\Microsoft\Windows Defender
MpConfig_ReportingGUID 99318FA3-8500-4E36-8BDB-EEF4909CDFBD
NUMBER_OF_PROCESSORS 8
OS Windows_NT
Path C:\Program Files (x86)\Mozilla Firefox;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\DMIX;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE x86
PROCESSOR_ARCHITEW6432 AMD64
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
PROCESSOR_LEVEL 6
PROCESSOR_REVISION 2a07
ProgramData C:\ProgramData
ProgramFiles(x86) C:\Program Files (x86)
ProgramFiles C:\Program Files (x86)
ProgramW6432 C:\Program Files
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC C:\Users\Public
SESSIONNAME Console
SystemDrive C:
SystemRoot C:\Windows
TEMP C:\Users\muggz\AppData\Local\Temp
TMP C:\Users\muggz\AppData\Local\Temp
USERDOMAIN muggz-PC
USERNAME muggz
USERPROFILE C:\Users\muggz
windir C:\Windows
Control Panel
Name Comment
Flash Player Manage Flash Player Settings
Recycle Bin
Drive Items Size Items Count Space % Recycle Bin
C: 0 0 ? ?
System Files
[ system.ini ]
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[ win.ini ]
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
3g2=MPEGVideo
3gp=MPEGVideo
3gp2=MPEGVideo
3gpp=MPEGVideo
aac=MPEGVideo
adt=MPEGVideo
adts=MPEGVideo
m2t=MPEGVideo
m2ts=MPEGVideo
m2v=MPEGVideo
m4a=MPEGVideo
m4v=MPEGVideo
mod=MPEGVideo
mov=MPEGVideo
mp4=MPEGVideo
mp4v=MPEGVideo
mts=MPEGVideo
ts=MPEGVideo
tts=MPEGVideo
[ hosts ]
[ lmhosts.sam ]
System Folders
System Folder Path
Administrative Tools C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
AppData C:\Users\muggz\AppData\Roaming
Cache C:\Users\muggz\AppData\Local\Microsoft\Windows\Temporary Internet Files
CD Burning C:\Users\muggz\AppData\Local\Microsoft\Windows\Burn\Burn
Common Administrative Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Common AppData C:\ProgramData
Common Desktop C:\Users\Public\Desktop
Common Documents C:\Users\Public\Documents
Common Favorites C:\Users\muggz\Favorites
Common Files (x86) C:\Program Files (x86)\Common Files
Common Files C:\Program Files (x86)\Common Files
Common Music C:\Users\Public\Music
Common Pictures C:\Users\Public\Pictures
Common Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Common Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Common Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Common Templates C:\ProgramData\Microsoft\Windows\Templates
Common Video C:\Users\Public\Videos
Cookies C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\muggz\Desktop
Device C:\Windows\inf
Favorites C:\Users\muggz\Favorites
Fonts C:\Windows\Fonts
History C:\Users\muggz\AppData\Local\Microsoft\Windows\History
Local AppData C:\Users\muggz\AppData\Local
My Documents C:\Users\muggz\Documents
My Music C:\Users\muggz\Music
My Pictures C:\Users\muggz\Pictures
My Video C:\Users\muggz\Videos
NetHood C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Network Shortcuts
PrintHood C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Profile C:\Users\muggz
Program Files (x86) C:\Program Files (x86)
Program Files C:\Program Files (x86)
Programs C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Recent C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Recent
Resources C:\Windows\resources
SendTo C:\Users\muggz\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Start Menu
Startup C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
System (x86) C:\Windows\SysWOW64
System C:\Windows\system32
Temp C:\Users\muggz\AppData\Local\Temp\
Templates C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Templates
Windows C:\Windows
Event Logs
Log Name Event Type Category Generated On User Source Description
Application Warning None 2011-06-08 21:40:20 LOCAL SERVICE Microsoft-Windows-RPC-Events 11: An attempt was made to load a program with an incorrect format.
Application Warning 3 2011-06-10 20:45:44 Windows Search Service 3036: The content source <> cannot be accessed. Context: Application, SystemIndex Catalog Details: The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)
Application Warning 3 2011-06-10 20:49:41 Windows Search Service 3036: The content source <> cannot be accessed. Context: Application, SystemIndex Catalog Details: The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)
Application Warning 3 2011-06-11 11:38:07 MSDTC Client 2
Application Error 101 2011-06-11 13:16:53 Application Hang 1002: C:\Windows\System32\wersvc.dll
Application Error None 2011-06-11 14:20:40 muggz MsiInstaller 1013: Product: AGEIA PhysX v7.09.13 -- Installation terminated
Application Warning None 2011-06-13 18:46:58 XLive 2: Title dirt3_game.exe (1, 1, 0, 0) XLive 3.5.0088.0 (WGX_XLIVE_V3.05_RTM(panblder).110409-1835) C:\Windows\system32\xlive.dll 0x8000000a LiveId Logon Failed 00:C2:2A:9C:16:81 192.168.0.8 0xfb00000000a7dff0 LogonHR == 0x80150002 Games for Windows - LIVE DLL
Application Warning None 2011-06-13 18:46:58 XLive 2: Title dirt3_game.exe (1, 1, 0, 0) XLive 3.5.0088.0 (WGX_XLIVE_V3.05_RTM(panblder).110409-1835) C:\Windows\system32\xlive.dll 0x80151103 XLive Logon Failed 00:C2:2A:9C:16:81 192.168.0.8 0xfb00000000a7dff0 LogonHR == 0x80150002 Games for Windows - LIVE DLL
Security Audit Success 12288 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa243
Security Audit Success 12292 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x2540f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x2540f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-07 21:41:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x54c19 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:41:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 21:42:11 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:42:11 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:42:24 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:42:25 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:42:25 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:43:25 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:43:25 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 21:43:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:43:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-07 21:51:45 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-07 21:51:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 13568 2011-06-07 21:51:45 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa4b0
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x304 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x24dbb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x304 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x24dbb Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-07 21:51:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:51:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-07 21:51:52 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-07 21:51:53 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-07 21:52:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5b9d5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:52:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:52:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 21:52:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:52:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:52:37 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:52:37 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:52:37 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:53:37 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:53:37 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 21:54:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:54:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-07 22:04:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-07 22:04:02 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x24dbb This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 12548 2011-06-07 22:04:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 103 2011-06-07 22:04:03 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa6a2
Security Audit Success 12544 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x253cf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x253cf Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-07 22:06:19 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-07 22:06:19 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-07 22:06:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x36ab3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:06:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-07 22:06:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:06:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 22:07:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:07:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:07:18 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:07:19 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:07:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:08:19 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:08:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 22:08:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:08:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa0f7
Security Audit Success 101 2011-06-07 22:26:56 Microsoft-Windows-Eventlog 1101: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12544 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x25457 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x25457 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-07 22:26:57 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-07 22:26:57 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-07 22:27:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x66f09 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:27:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:27:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 22:27:30 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:27:30 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 22:27:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:27:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 22:27:42 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:27:43 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:27:43 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:28:44 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:28:44 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 22:29:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:29:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12545 2011-06-08 00:46:48 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x25457 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 12544 2011-06-08 00:46:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:46:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 103 2011-06-08 00:46:50 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1821d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1821d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9113
Security Audit Success 12544 2011-06-08 00:52:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:52:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 00:52:47 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 00:52:47 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 00:52:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3768a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:52:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 00:53:15 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 00:53:15 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 00:53:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:53:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 00:53:30 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 00:53:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 00:53:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 00:54:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 00:54:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 00:54:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:54:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12545 2011-06-08 01:02:11 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1821d This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 103 2011-06-08 01:02:12 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x91fa
Security Audit Success 12544 2011-06-08 05:44:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:44:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:44:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:44:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1fed1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1fed1 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 05:45:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2f7e1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:45:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:45:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 05:45:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:45:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 05:45:27 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:45:27 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:45:38 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:45:38 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:45:38 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12288 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9651
Security Audit Success 12544 2011-06-08 05:51:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:51:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:51:35 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12544 2011-06-08 05:51:35 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 05:51:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x211b5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:51:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x211b5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:51:36 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 05:51:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x518f5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:51:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 05:52:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:52:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:52:31 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:52:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:52:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:53:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:53:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12545 2011-06-08 05:53:52 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x211b5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 103 2011-06-08 05:53:53 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x99d3
Security Audit Success 12544 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1da30 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1da30 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:55:52 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 05:55:53 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 05:55:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x37eef Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:56:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:56:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 05:56:18 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:56:18 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:56:30 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:56:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:56:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12288 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9c5f
Security Audit Success 12544 2011-06-08 05:59:35 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 05:59:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1f369 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:59:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1f369 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:59:36 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12544 2011-06-08 05:59:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:59:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:59:41 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 05:59:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3e221 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:59:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 06:00:05 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:00:05 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:00:15 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:00:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:00:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 06:00:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:00:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 06:01:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:01:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 06:01:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:01:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9402
Security Audit Success 12544 2011-06-08 06:24:30 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 06:24:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1d169 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:24:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1d169 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 101 2011-06-08 06:24:31 Microsoft-Windows-Eventlog 1101: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12292 2011-06-08 06:24:33 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 06:24:33 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 06:24:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:24:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 06:24:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x44593 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:24:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 06:25:23 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:25:23 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:25:34 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:25:35 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:25:35 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:26:35 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:26:35 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 06:26:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:26:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 07:43:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 07:43:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 07:50:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 07:50:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 07:50:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 07:50:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 08:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 08:15:00 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1d169 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 12548 2011-06-08 08:15:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 103 2011-06-08 08:15:01 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x99a4
Security Audit Success 12544 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2b0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1f0bd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1f0bd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 16:32:13 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 16:32:14 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 16:32:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x50dcd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:32:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 16:32:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:32:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 16:32:57 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 16:32:57 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 16:33:08 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 16:33:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 16:33:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 16:34:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 16:34:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 16:34:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:34:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 17:14:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 17:14:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 17:55:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 17:55:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 18:02:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 18:02:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 18:02:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 18:02:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 18:02:30 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xca8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x9401b4
Security Audit Success 13568 2011-06-08 18:02:30 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xca8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x9401b4
Security Audit Success 12544 2011-06-08 18:03:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 18:03:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x95db
Security Audit Success 12544 2011-06-08 21:39:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x203fb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x203fb Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 21:39:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x39ed9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 21:39:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 21:40:00 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:00 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 21:40:19 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 21:40:19 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2457 Return Code: 0x0
Security Audit Success 12290 2011-06-08 21:40:20 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:20 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\180a87cdb2fc534ee24519424a187884_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2459 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:20 Microsoft-Windows-Security-Auditing 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Additional Information: Operation: %%2464 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:20 Microsoft-Windows-Security-Auditing 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Additional Information: Operation: %%2464 Return Code: 0x0
Security Audit Success 12290 2011-06-08 21:40:21 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:21 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\180a87cdb2fc534ee24519424a187884_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 21:41:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:41:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9f95
Security Audit Success 101 2011-06-08 22:35:44 Microsoft-Windows-Eventlog 1101: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12292 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12544 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x23401 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x23401 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 22:35:46 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 22:35:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4c3ca Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 22:35:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 22:36:13 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 22:36:13 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 22:36:24 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 22:36:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 22:36:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\180a87cdb2fc534ee24519424a187884_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 22:37:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 22:37:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\180a87cdb2fc534ee24519424a187884_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 22:37:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 22:37:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 22:43:13 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x23401 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggs Account Domain: MUGGZ-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: muggs-PC Additional Information: muggs-PC Process Information: Process ID: 0x4 Process Name: Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 22:51:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3215da Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49168 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:51:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3215f2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49169 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 22:52:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3215da Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 22:52:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3215f2 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b4523 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49174 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b453a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49175 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:04:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b4523 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:04:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b453a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:15:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4310f1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49180 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:15:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x431109 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49181 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:16:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4310f1 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:16:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x431109 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:16:27 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x23401 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggs Account Domain: MUGGZ-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: muggs-PC Additional Information: muggs-PC Process Information: Process ID: 0x4 Process Name: Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 23:27:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4d04e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49186 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:27:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4d04f8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49187 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:28:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4d04e4 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:28:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4d04f8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:39:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53c413 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49188 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:39:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53c428 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49189 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:40:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53c413 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:40:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53c428 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:51:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c2f21 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49194 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:51:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c2f39 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49195 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:52:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c2f21 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:52:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c2f39 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-09 00:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x645f3a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49542 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-09 00:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x645f4f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49543 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-09 00:04:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x645f3a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-09 00:04:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x645f4f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-09 00:15:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6c9cf2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49657 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request.
aida report... its not letting me upload, i will email it you...what is your address?
AIDA64 Extreme Edition
Version AIDA64 v1.70.1400
Benchmark Module 2.7.345-x64
Homepage http://www.aida64.com/
Report Type Report Wizard [ TRIAL VERSION ]
Computer MUGGZ-PC
Generator muggz
Operating System Microsoft Windows 7 Ultimate 6.1.7601 (Win7 RTM)
Date 2011-06-14
Time 21:35
Summary
Computer:
Computer Type ACPI x64-based PC
Operating System Microsoft Windows 7 Ultimate
OS Service Pack [ TRIAL VERSION ]
Internet Explorer 8.0.7601.17514
DirectX DirectX 11.0
Computer Name MUGGZ-PC
User Name muggz
Logon Domain [ TRIAL VERSION ]
Date / Time 2011-06-14 / 21:35
Motherboard:
CPU Type QuadCore Intel Core i7-2600K, 4415 MHz (44 x 100)
Motherboard Name Asus Maximus IV Extreme (1 PCI-E x1, 1 PCI-E x4, 4 PCI-E x16, 4 DDR3 DIMM, Audio, Dual Gigabit LAN)
Motherboard Chipset Intel Cougar Point P67, Intel Sandy Bridge
System Memory [ TRIAL VERSION ]
DIMM2: G Skill F3-12800CL6-2GBXH [ TRIAL VERSION ]
DIMM4: G Skill F3-12800CL6-2GBXH [ TRIAL VERSION ]
BIOS Type AMI (02/05/10)
Display:
Video Adapter AMD Radeon HD 6900 Series (2048 MB)
Video Adapter AMD Radeon HD 6900 Series (2048 MB)
Video Adapter AMD Radeon HD 6900 Series (2048 MB)
Video Adapter AMD Radeon HD 6900 Series (2048 MB)
3D Accelerator AMD Radeon HD 6950 (Cayman)
Monitor Hannstar HZ281H [28" LCD] (026LM3AY00332)
Monitor Hannstar HZ281H [28" LCD] (026LM3AY00347)
Monitor Hannstar HZ281H [28" LCD] (026LM3AY00359)
Multimedia:
Audio Adapter ATI Radeon HDMI @ AMD Cayman/Antilles - High Definition Audio Controller
Audio Adapter ATI Radeon HDMI @ AMD Cayman/Antilles - High Definition Audio Controller
Audio Adapter Realtek ALC889 @ Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Storage:
IDE Controller Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
IDE Controller Standard AHCI 1.0 Serial ATA Controller
IDE Controller Standard Dual Channel PCI IDE Controller
Disk Drive SAMSUNG HD103SJ ATA Device (1000 GB, 7200 RPM, SATA-II)
Disk Drive SanDisk Cruzer Blade USB Device (14 GB, USB)
Optical Drive PIONEER DVD-RW DVR-216D ATA Device (DVD+R9:12x, DVD-R9:12x, DVD+RW:20x/8x, DVD-RW:20x/6x, DVD-ROM:16x, CD:40x/32x/40x DVD+RW/DVD-RW)
SMART Hard Disks Status OK
Partitions:
C: (NTFS) [ TRIAL VERSION ]
Total Size [ TRIAL VERSION ]
Input:
Keyboard HID Keyboard Device
Keyboard HID Keyboard Device
Mouse HID-compliant mouse
Network:
Primary IP Address [ TRIAL VERSION ]
Primary MAC Address F4-6D-04-11-A0-5E
Network Adapter Intel(R) 82579V Gigabit Network Connection (192. [ TRIAL VERSION ])
Network Adapter Intel(R) 82583V Gigabit Network Connection
Peripherals:
Printer Fax
Printer Microsoft XPS Document Writer
USB2 Controller Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
USB2 Controller Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
USB3 Controller NEC uPD720200 USB 3.0 Host Controller
USB3 Controller NEC uPD720200 USB 3.0 Host Controller
USB Device Generic USB Hub
USB Device Generic USB Hub
USB Device Generic USB Hub
USB Device Generic USB Hub
USB Device Ideazon Merc Stealth MM USB Human Interface Device
USB Device Ideazon Merc Stealth USB Human Interface Device
USB Device Renesas Electronics USB 3.0 Hub
USB Device Renesas Electronics USB 3.0 Hub
USB Device Unknown Device
USB Device USB Composite Device
USB Device USB Composite Device
USB Device USB Input Device
USB Device USB Input Device
USB Device USB Mass Storage Device
USB Device Xbox 360 Wireless Receiver for Windows
DMI:
DMI BIOS Vendor American Megatrends Inc.
DMI BIOS Version 1204
DMI System Manufacturer System manufacturer
DMI System Product System Product Name
DMI System Version System Version
DMI System Serial Number [ TRIAL VERSION ]
DMI System UUID [ TRIAL VERSION ]
DMI Motherboard Manufacturer ASUSTeK Computer INC.
DMI Motherboard Product Maximus IV Extreme
DMI Motherboard Version Rev 1.xx
DMI Motherboard Serial Number [ TRIAL VERSION ]
DMI Chassis Manufacturer Chassis Manufacture
DMI Chassis Version Chassis Version
DMI Chassis Serial Number [ TRIAL VERSION ]
DMI Chassis Asset Tag [ TRIAL VERSION ]
DMI Chassis Type Desktop Case
Computer Name
Type Class Computer Name
Computer Comment Logical
NetBIOS Name Logical MUGGZ-PC
DNS Host Name Logical muggz-PC
DNS Domain Name Logical
Fully Qualified DNS Name Logical muggz-PC
NetBIOS Name Physical MUGGZ-PC
DNS Host Name Physical muggz-PC
DNS Domain Name Physical
Fully Qualified DNS Name Physical muggz-PC
DMI
[ BIOS ]
BIOS Properties:
Vendor American Megatrends Inc.
Version 1204
Release Date 03/02/2011
Size 4096 KB
Boot Devices Floppy Disk, Hard Disk, CD-ROM
Capabilities Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS
Supported Standards DMI, ACPI
Expansion Capabilities PCI, USB
BIOS Manufacturer:
Company Name American Megatrends Inc.
Product Information http://www.ami.com/amibios
BIOS Upgrades http://www.aida64.com/bios-updates
[ System ]
System Properties:
Manufacturer System manufacturer
Product System Product Name
Version System Version
Serial Number [ TRIAL VERSION ]
SKU# To be filled by O.E.M.
Family To be filled by O.E.M.
Universal Unique ID [ TRIAL VERSION ]
Wake-Up Type Power Switch
[ Motherboard ]
Motherboard Properties:
Manufacturer ASUSTeK Computer INC.
Product Maximus IV Extreme
Version Rev 1.xx
Serial Number [ TRIAL VERSION ]
Motherboard Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=mKyCKlQ4oSEtSu5m
BIOS Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
BIOS Upgrades http://www.aida64.com/bios-updates
[ Chassis ]
Chassis Properties:
Manufacturer Chassis Manufacture
Version Chassis Version
Serial Number [ TRIAL VERSION ]
Asset Tag [ TRIAL VERSION ]
Chassis Type Desktop Case
Boot-Up State Safe
Power Supply State Safe
Thermal State Safe
Security Status None
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Processor Properties:
Manufacturer Intel
Version Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Serial Number To Be Filled By O.E.M.
Asset Tag To Be Filled By O.E.M.
Part Number To Be Filled By O.E.M.
External Clock 100 MHz
Maximum Clock 3800 MHz
Current Clock 3441 MHz
Type Central Processor
Voltage 1.0 V
Status Enabled
Socket Designation LGA1155
HTT / CMP Units 0 / 4
CPU Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/processor
Driver Update http://www.aida64.com/driver-updates
[ Caches / L1-Cache ]
Cache Properties:
Type Internal
Status Enabled
Operational Mode Write-Back
Associativity 8-way Set-Associative
Maximum Size 256 KB
Installed Size 256 KB
Error Correction None
Socket Designation L1-Cache
[ Caches / L2-Cache ]
Cache Properties:
Type Internal
Status Enabled
Operational Mode Varies with Memory Address
Associativity 8-way Set-Associative
Maximum Size 1024 KB
Installed Size 1024 KB
Error Correction None
Socket Designation L2-Cache
[ Caches / L3-Cache ]
Cache Properties:
Type Internal
Status Disabled
Associativity 16-way Set-Associative
Maximum Size 8192 KB
Installed Size 8192 KB
Error Correction None
Socket Designation L3-Cache
[ Memory Devices / DIMM0 ]
Memory Device Properties:
Form Factor DIMM
Type Detail Synchronous
Total Width 64-bit
Data Width 64-bit
Device Locator DIMM0
Bank Locator BANK0
Manufacturer Manufacturer0
Serial Number SerNum0
Asset Tag AssetTagNum0
Part Number Array1_PartNumber0
[ Memory Devices / DIMM1 ]
Memory Device Properties:
Form Factor DIMM
Type Detail Synchronous
Size 2048 MB
Speed 1600 MHz
Total Width 64-bit
Data Width 64-bit
Device Locator DIMM1
Bank Locator BANK1
Manufacturer Undefined
Serial Number 0000000
Asset Tag AssetTagNum1
Part Number F3-12800CL6-2GBXH
[ Memory Devices / DIMM2 ]
Memory Device Properties:
Form Factor DIMM
Type Detail Synchronous
Total Width 64-bit
Data Width 64-bit
Device Locator DIMM2
Bank Locator BANK2
Manufacturer Manufacturer2
Serial Number SerNum2
Asset Tag AssetTagNum2
Part Number Array1_PartNumber2
[ Memory Devices / DIMM3 ]
Memory Device Properties:
Form Factor DIMM
Type Detail Synchronous
Size 2048 MB
Speed 1600 MHz
Total Width 64-bit
Data Width 64-bit
Device Locator DIMM3
Bank Locator BANK3
Manufacturer Undefined
Serial Number 0000000
Asset Tag AssetTagNum3
Part Number F3-12800CL6-2GBXH
[ System Slots / PCIEX16_1 ]
System Slot Properties:
Slot Designation PCIEX16_1
Type PCI-E x1
Usage In Use
Data Bus Width 32-bit
Length Short
[ System Slots / PCIEX1_1 ]
System Slot Properties:
Slot Designation PCIEX1_1
Type PCI-E x1
Usage In Use
Data Bus Width 32-bit
Length Short
[ System Slots / PCIEX1_2 ]
System Slot Properties:
Slot Designation PCIEX1_2
Type PCI-E x1
Usage In Use
Data Bus Width 32-bit
Length Short
[ System Slots / PCI1 ]
System Slot Properties:
Slot Designation PCI1
Type PCI
Usage In Use
Data Bus Width 32-bit
Length Short
[ Port Connectors / PS/2 Keyboard ]
Port Connector Properties:
Port Type Keyboard Port
Internal Reference Designator PS/2 Keyboard
Internal Connector Type None
External Reference Designator PS/2 Keyboard
External Connector Type PS/2
[ Port Connectors / USB9_10 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB9_10
Internal Connector Type None
External Reference Designator USB9_10
External Connector Type USB
[ Port Connectors / USB11_12 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB11_12
Internal Connector Type None
External Reference Designator USB11_12
External Connector Type USB
[ Port Connectors / GbE LAN ]
Port Connector Properties:
Port Type Network Port
Internal Reference Designator GbE LAN
Internal Connector Type None
External Reference Designator GbE LAN
External Connector Type RJ-45
[ Port Connectors / AUDIO ]
Port Connector Properties:
Port Type Audio Port
Internal Reference Designator AUDIO
Internal Connector Type None
External Reference Designator AUDIO
[ Port Connectors / SATA1 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA1
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA2 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA2
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA3 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA3
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA4 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA4
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA5 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA5
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / SATA6 ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator SATA6
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ Port Connectors / USB1_2 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB1_2
Internal Connector Type USB
External Connector Type None
[ Port Connectors / USB3_4 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB3_4
Internal Connector Type USB
External Connector Type None
[ Port Connectors / USB5_6 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB5_6
Internal Connector Type USB
External Connector Type None
[ Port Connectors / USB7_8 ]
Port Connector Properties:
Port Type USB
Internal Reference Designator USB7_8
Internal Connector Type USB
External Connector Type None
[ Port Connectors / AAFP ]
Port Connector Properties:
Port Type Audio Port
Internal Reference Designator AAFP
Internal Connector Type Mini-jack (headphones)
External Connector Type None
[ Port Connectors / CPU_FAN ]
Port Connector Properties:
Internal Reference Designator CPU_FAN
External Connector Type None
[ Port Connectors / CHA_FAN1 ]
Port Connector Properties:
Internal Reference Designator CHA_FAN1
External Connector Type None
[ Port Connectors / PWR_FAN ]
Port Connector Properties:
Internal Reference Designator PWR_FAN
External Connector Type None
[ Port Connectors / PATA_IDE ]
Port Connector Properties:
Internal Reference Designator PATA_IDE
Internal Connector Type On-Board IDE
External Connector Type None
[ Port Connectors / F_ESATA ]
Port Connector Properties:
Port Type SATA
Internal Reference Designator F_ESATA
Internal Connector Type SATA/SAS Plug Receptacle
External Connector Type None
[ On-Board Devices / Onboard Ethernet ]
On-Board Device Properties:
Description Onboard Ethernet
Type Ethernet
Status Enabled
[ Power Supplies / To Be Filled By O.E.M. ]
Power Supply Properties:
Device Name To Be Filled By O.E.M.
Manufacturer To Be Filled By O.E.M.
Serial Number To Be Filled By O.E.M.
Asset Tag To Be Filled By O.E.M.
Part Number To Be Filled By O.E.M.
Hot Replaceable No
[ Power Supplies / To Be Filled By O.E.M. ]
Power Supply Properties:
Device Name To Be Filled By O.E.M.
Manufacturer To Be Filled By O.E.M.
Serial Number To Be Filled By O.E.M.
Asset Tag To Be Filled By O.E.M.
Part Number To Be Filled By O.E.M.
Hot Replaceable No
[ Management Devices / LM78-1 ]
Management Device Properties:
Description LM78-1
[ Management Devices / 2 ]
Management Device Properties:
Description 2
[ Miscellaneous ]
Miscellaneous:
OEM String To Be Filled By O.E.M.
System Configuration Option To Be Filled By O.E.M.
Overclock
CPU Properties:
CPU Type QuadCore Intel Core i7-2600K
CPU Alias Sandy Bridge-DT
CPU Stepping D2
Engineering Sample No
CPUID CPU Name Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
CPUID Revision 000206A7h
CPU Speed:
CPU Clock 1605.3 MHz (original: [ TRIAL VERSION ] MHz)
CPU Multiplier 16x
CPU FSB 100.3 MHz (original: 100 MHz)
Memory Bus 802.6 MHz
DRAM:FSB Ratio 24:3
CPU Cache:
L1 Code Cache 32 KB per core
L1 Data Cache [ TRIAL VERSION ]
L2 Cache 256 KB per core (On-Die, ECC, Full-Speed)
L3 Cache 8 MB (On-Die, ECC, Full-Speed)
Motherboard Properties:
Motherboard ID 63-0100-000001-00101111-020510-Chipset$0AAAA000_BIOS DATE: 02/05/10 19:13:52 VER: 08.00.10
Motherboard Name Asus Maximus IV Extreme (1 PCI-E x1, 1 PCI-E x4, 4 PCI-E x16, 4 DDR3 DIMM, Audio, Dual Gigabit LAN)
Chipset Properties:
Motherboard Chipset Intel Cougar Point P67, Intel Sandy Bridge
Memory Timings 6-8-6-24 (CL-RCD-RP-RAS)
Command Rate (CR) [ TRIAL VERSION ]
DIMM2: G Skill F3-12800CL6-2GBXH [ TRIAL VERSION ]
DIMM4: G Skill F3-12800CL6-2GBXH [ TRIAL VERSION ]
BIOS Properties:
System BIOS Date 02/05/10
Video BIOS Date 12/06/10
DMI BIOS Version 1204
Graphics Processor Properties:
Video Adapter Asus EAH6950
GPU Code Name Cayman Pro (PCI Express 2.0 x16 1002 / 6719, Rev 00)
GPU Clock 450 MHz (original: [ TRIAL VERSION ] MHz)
Memory Clock 1300 MHz (original: 1250 MHz, overclock: 4%)
Power Management
Power Management Properties:
Current Power Source AC Line
Battery Status No Battery
Full Battery Lifetime Unknown
Remaining Battery Lifetime Unknown
Portable Computer
Centrino (Carmel) Platform Compliancy:
CPU: Intel Pentium M (Banias/Dothan) No (QuadCore Intel Core i7-2600K)
Chipset: Intel i855GM/PM No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel PRO/Wireless No
System: Centrino Compliant No
Centrino (Sonoma) Platform Compliancy:
CPU: Intel Pentium M (Dothan) No (QuadCore Intel Core i7-2600K)
Chipset: Intel i915GM/PM No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel PRO/Wireless No
System: Centrino Compliant No
Centrino (Napa) Platform Compliancy:
CPU: Intel Core (Yonah) / Core 2 (Merom) No (QuadCore Intel Core i7-2600K)
Chipset: Intel i945GM/PM No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel PRO/Wireless 3945 No
System: Centrino Compliant No
Centrino (Santa Rosa) Platform Compliancy:
CPU: Intel Core 2 (Merom/Penryn) No (QuadCore Intel Core i7-2600K)
Chipset: Intel GM965/PM965 No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel Wireless WiFi Link 4965 No
System: Centrino Compliant No
Centrino 2 (Montevina) Platform Compliancy:
CPU: Intel Core 2 (Penryn) No (QuadCore Intel Core i7-2600K)
Chipset: Intel GM45/GM47/GS45/PM45 No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel WiFi Link 5000 Series No
System: Centrino 2 Compliant No
Centrino (Calpella) Platform Compliancy:
CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield) No (QuadCore Intel Core i7-2600K)
Chipset: Intel HM55/HM57/PM55 No (Intel Cougar Point P67, Intel Sandy Bridge)
WLAN: Intel WiFi Link 1000/WiMAX 6000 Series No
System: Centrino Compliant No
Sensor
Sensor Properties:
Sensor Type Nuvoton NCT6776F (ISA 290h)
GPU Sensor Type Diode, Volterra VT1556 (ATI-Diode, 70h, 70h)
Motherboard Name Asus Maximus IV Extreme
Chassis Intrusion Detected No
Temperatures:
Motherboard 24 °C (75 °F)
CPU 30 °C (86 °F)
CPU Package 35 °C (95 °F)
CPU IA Cores 35 °C (95 °F)
CPU GT Cores 29 °C (84 °F)
CPU #1 / Core #1 35 °C (95 °F)
CPU #1 / Core #2 34 °C (93 °F)
CPU #1 / Core #3 35 °C (95 °F)
CPU #1 / Core #4 35 °C (95 °F)
GPU1: GPU Diode (DispIO) 58 °C (136 °F)
GPU1: GPU Diode (MemIO) 61 °C (142 °F)
GPU1: GPU Diode (Shader) 67 °C (153 °F)
GPU1: GPU VRM 39 °C (102 °F)
GPU2: GPU Diode (DispIO) 31 °C (88 °F)
GPU2: GPU Diode (MemIO) 30 °C (86 °F)
GPU2: GPU Diode (Shader) 32 °C (90 °F)
GPU2: GPU VRM 28 °C (82 °F)
SAMSUNG HD103SJ [ TRIAL VERSION ]
Cooling Fans:
CPU 2014 RPM
Chassis #1 1062 RPM
GPU1 1432 RPM (28%)
GPU2 1116 RPM (24%)
Voltage Values:
CPU Core 0.920 V
+3.3 V 3.344 V
+5 V 5.040 V
+12 V [ TRIAL VERSION ]
+5 V Standby 5.164 V
CPU PLL 1.799 V
VCCIO 1.058 V
VCCSA 0.939 V
South Bridge Core 1.065 V
South Bridge PLL 1.058 V
DIMM 1.501 V
GPU1: GPU VRM 1.100 V
GPU2: GPU VRM 0.900 V
Power Values:
CPU Package 9.78 W
CPU IA Cores 3.67 W
Debug Info F 1062 2014 164 164 164
Debug Info T 24 196 30 / 255 35
Debug Info V 73 7D D1 D1 7E FF 73 (03)
Debug Info I C1 C333
CPU
CPU Properties:
CPU Type QuadCore Intel Core i7-2600K, 4415 MHz (44 x 100)
CPU Alias Sandy Bridge-DT
CPU Stepping D2
Instruction Set x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES, AVX
Original Clock [ TRIAL VERSION ]
Min / Max CPU Multiplier 16x / 63x
Engineering Sample No
L1 Code Cache 32 KB per core
L1 Data Cache [ TRIAL VERSION ]
L2 Cache 256 KB per core (On-Die, ECC, Full-Speed)
L3 Cache 8 MB (On-Die, ECC, Full-Speed)
Multi CPU:
Motherboard ID A M I ALASKA
CPU #1 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #2 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #3 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #4 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #5 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #6 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #7 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU #8 Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3411 MHz
CPU Physical Info:
Package Type 1155 Contact FC-LGA
Package Size 3.75 cm x 3.75 cm
Transistors [ TRIAL VERSION ] million
Process Technology 32 nm, CMOS, Cu, High-K + Metal Gate
Die Size [ TRIAL VERSION ] mm2
CPU Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/processor
Driver Update http://www.aida64.com/driver-updates
CPU Utilization:
CPU #1 / Core #1 / HTT Unit #1 0 %
CPU #1 / Core #1 / HTT Unit #2 0 %
CPU #1 / Core #2 / HTT Unit #1 0 %
CPU #1 / Core #2 / HTT Unit #2 0 %
CPU #1 / Core #3 / HTT Unit #1 0 %
CPU #1 / Core #3 / HTT Unit #2 0 %
CPU #1 / Core #4 / HTT Unit #1 0 %
CPU #1 / Core #4 / HTT Unit #2 0 %
CPUID
CPUID Properties:
CPUID Manufacturer GenuineIntel
CPUID CPU Name Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
CPUID Revision 000206A7h
IA Brand ID 00h (Unknown)
Platform ID 2Dh / MC 02h (LGA1155)
Microcode Update Revision 14
HTT / CMP Units 2 / 4
Tjmax Temperature 98 °C (208 °F)
Max Turbo Boost Multipliers 1C: 44x, 2C: 44x, 3C: 44x, 4C: 44x
Instruction Set:
64-bit x86 Extension (AMD64, Intel64) Supported
AMD 3DNow! Not Supported
AMD 3DNow! Professional Not Supported
AMD 3DNowPrefetch Not Supported
AMD Enhanced 3DNow! Not Supported
AMD Extended MMX Not Supported
AMD FMA4 Not Supported
AMD MisAligned SSE Not Supported
AMD SSE4A Not Supported
AMD XOP Not Supported
Bit Manipulation Instructions Not Supported
Cyrix Extended MMX Not Supported
Float-16 Conversion Instructions Not Supported
IA-64 Not Supported
IA MMX Supported
IA SSE Supported
IA SSE 2 Supported
IA SSE 3 Supported
IA Supplemental SSE 3 Supported
IA SSE 4.1 Supported
IA SSE 4.2 Supported
IA AVX Supported, Enabled
IA FMA Not Supported
IA AES Extensions Supported
VIA Alternate Instruction Set Not Supported
CLFLUSH Instruction Supported
CMPXCHG8B Instruction Supported
CMPXCHG16B Instruction Supported
Conditional Move Instruction Supported
LZCNT Instruction Not Supported
MONITOR / MWAIT Instruction Supported
MOVBE Instruction Not Supported
PCLMULQDQ Instruction Supported
POPCNT Instruction Supported
RDRAND Instruction Not Supported
RDTSCP Instruction Supported
SKINIT / STGI Instruction Not Supported
SYSCALL / SYSRET Instruction Not Supported
SYSENTER / SYSEXIT Instruction Supported
Trailing Bit Manipulation Instructions Not Supported
VIA FEMMS Instruction Not Supported
Security Features:
Advanced Cryptography Engine (ACE) Not Supported
Advanced Cryptography Engine 2 (ACE2) Not Supported
Data Execution Prevention (DEP, NX, EDB) Supported
Hardware Random Number Generator (RNG) Not Supported
PadLock Hash Engine (PHE) Not Supported
PadLock Montgomery Multiplier (PMM) Not Supported
Processor Serial Number (PSN) Not Supported
Power Management Features:
Automatic Clock Control Supported
Digital Thermometer Supported
Dynamic FSB Frequency Switching Not Supported
Enhanced Halt State (C1E) Supported, Enabled
Enhanced SpeedStep Technology (EIST, ESS) Supported, Enabled
Frequency ID Control Not Supported
Hardware P-State Control Not Supported
LongRun Not Supported
LongRun Table Interface Not Supported
PowerSaver 1.0 Not Supported
PowerSaver 2.0 Not Supported
PowerSaver 3.0 Not Supported
Processor Duty Cycle Control Supported
Software Thermal Control Not Supported
Temperature Sensing Diode Not Supported
Thermal Monitor 1 Supported
Thermal Monitor 2 Supported
Thermal Monitoring Not Supported
Thermal Trip Not Supported
Voltage ID Control Not Supported
CPUID Features:
1 GB Page Size Not Supported
36-bit Page Size Extension Supported
Address Region Registers (ARR) Not Supported
Core Power Boost Not Supported
CPL Qualified Debug Store Supported
Debug Trace Store Supported
Debugging Extension Supported
Direct Cache Access Not Supported
Dynamic Acceleration Technology (IDA) Not Supported
Fast Save & Restore Supported
Hyper-Threading Technology (HTT) Supported, Enabled
Instruction Based Sampling Not Supported
Invariant Time Stamp Counter Supported
L1 Context ID Not Supported
Lightweight Profiling Not Supported
Local APIC On Chip Supported
Machine Check Architecture (MCA) Supported
Machine Check Exception (MCE) Supported
Memory Configuration Registers (MCR) Not Supported
Memory Type Range Registers (MTRR) Supported
Model Specific Registers (MSR) Supported
Nested Paging Not Supported
Page Attribute Table (PAT) Supported
Page Global Extension Supported
Page Size Extension (PSE) Supported
Pending Break Event Supported
Physical Address Extension (PAE) Supported
Safer Mode Extensions (SMX) Not Supported
Secure Virtual Machine Extensions (Pacifica) Not Supported
Self-Snoop Supported
Time Stamp Counter (TSC) Supported
Turbo Boost Supported, Enabled
Virtual Machine Extensions (Vanderpool) Supported
Virtual Mode Extension Supported
Watchdog Timer Not Supported
x2APIC Not Supported
XGETBV / XSETBV OS Enabled Supported
XSAVE / XRSTOR / XSETBV / XGETBV Extended States Supported
CPUID Registers (CPU #1):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-00100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000000
CPUID 0000000B 00000004-00000008-00000201-00000000
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #2 Virtual):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-01100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000001
CPUID 0000000B 00000004-00000008-00000201-00000001
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #3):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-02100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000002
CPUID 0000000B 00000004-00000008-00000201-00000002
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #4 Virtual):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-03100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000003
CPUID 0000000B 00000004-00000008-00000201-00000003
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #5):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-04100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000004
CPUID 0000000B 00000004-00000008-00000201-00000004
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #6 Virtual):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-05100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000005
CPUID 0000000B 00000004-00000008-00000201-00000005
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #7):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-06100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000006
CPUID 0000000B 00000004-00000008-00000201-00000006
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
CPUID Registers (CPU #8 Virtual):
CPUID 00000000 0000000D-756E6547-6C65746E-49656E69
CPUID 00000001 000206A7-07100800-1F9AE3BF-BFEBFBFF
CPUID 00000002 76035A01-00F0B2FF-00000000-00CA0000
CPUID 00000003 00000000-00000000-00000000-00000000
CPUID 00000004 1C004121-01C0003F-0000003F-00000000
CPUID 00000004 1C004122-01C0003F-0000003F-00000000
CPUID 00000004 1C004143-01C0003F-000001FF-00000000
CPUID 00000004 1C03C163-03C0003F-00001FFF-00000006
CPUID 00000005 00000040-00000040-00000003-00001120
CPUID 00000006 00000077-00000002-00000009-00000000
CPUID 00000007 00000000-00000000-00000000-00000000
CPUID 00000008 00000000-00000000-00000000-00000000
CPUID 00000009 00000000-00000000-00000000-00000000
CPUID 0000000A 07300403-00000000-00000000-00000603
CPUID 0000000B 00000001-00000002-00000100-00000007
CPUID 0000000B 00000004-00000008-00000201-00000007
CPUID 0000000C 00000000-00000000-00000000-00000000
CPUID 0000000D 00000007-00000340-00000340-00000000
CPUID 0000000D 00000100-00000240-00000000-00000000
CPUID 80000000 80000008-00000000-00000000-00000000
CPUID 80000001 00000000-00000000-00000001-28100000
CPUID 80000002 20202020-49202020-6C65746E-20295228
CPUID 80000003 65726F43-294D5428-2D376920-30303632
CPUID 80000004 5043204B-20402055-30342E33-007A4847
CPUID 80000005 00000000-00000000-00000000-00000000
CPUID 80000006 00000000-00000000-01006040-00000000
CPUID 80000007 00000000-00000000-00000000-00000100
CPUID 80000008 00003024-00000000-00000000-00000000
MSR Registers:
MSR 00000017 0004-0000-0000-0000 [PlatID = 1]
MSR 0000001B 0000-0000-FEE0-0900
MSR 00000035 0000-0000-0004-0008
MSR 0000008B 0000-0014-0000-0000
MSR 000000CE 0000-1000-7001-2200
MSR 000000E7 0000-0000-0152-4D8C
MSR 000000E8 0000-0000-009F-4AF9
MSR 00000194 0000-0000-000E-0000
MSR 00000198 0000-1F8B-0000-1000
MSR 00000199 0000-0000-0000-1000
MSR 0000019A 0000-0000-0000-0000
MSR 0000019B 0000-0000-0000-0000
MSR 0000019C 0000-0000-883F-0000
MSR 0000019D 0000-0000-0000-0000
MSR 000001A0 0000-0000-0085-0089
MSR 000001A2 0000-0000-0062-1200
MSR 000001A4 0000-0000-0000-0000
MSR 000001AA 0000-0000-0040-0000
MSR 000001AD 0000-0000-2C2C-2C2C
MSR 000001B0 0000-0000-0000-0005
MSR 000001B1 0000-0000-883F-0000
MSR 000001B2 0000-0000-0000-0000
MSR 000001FC 0000-0000-0004-005F
MSR 00000606 0000-0000-000A-1003
MSR 0000060A 0000-0000-0000-8850
MSR 0000060B 0000-0000-0000-8868
MSR 0000060C 0000-0000-0000-886D
MSR 0000060D 0000-04F6-3A7C-B972
MSR 00000610 8000-87F8-0014-87F8
MSR 00000611 0000-0000-194B-2092
MSR 00000614 0000-0000-01E0-02F8
MSR 00000638 0000-0000-0000-0000
MSR 00000639 0000-0000-BC7B-FDAF
MSR 0000063A 0000-0000-0000-0000
MSR 00000640 0000-0000-0000-0000
MSR 00000641 0000-0000-0000-0000
MSR 00000642 0000-0000-0000-0010
Motherboard
Motherboard Properties:
Motherboard ID 63-0100-000001-00101111-020510-Chipset$0AAAA000_BIOS DATE: 02/05/10 19:13:52 VER: 08.00.10
Motherboard Name Asus Maximus IV Extreme
Front Side Bus Properties:
Bus Type Intel QPI
Real Clock 100 MHz
Effective Clock 100 MHz
Memory Bus Properties:
Bus Type Dual DDR3 SDRAM
Bus Width 128-bit
DRAM:FSB Ratio 24:3
Real Clock 803 MHz (DDR)
Effective Clock 1605 MHz
Bandwidth [ TRIAL VERSION ] MB/s
Chipset Bus Properties:
Bus Type Intel Direct Media Interface v
Motherboard Physical Info:
CPU Sockets/Slots 1 LGA1155
Expansion Slots [ TRIAL VERSION ]
RAM Slots 4 DDR3 DIMM
Integrated Devices Audio, Dual Gigabit LAN
Form Factor Extended ATX
Motherboard Size 270 mm x 300 mm
Motherboard Chipset P67
Extra Features [ TRIAL VERSION ]
Motherboard Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=mKyCKlQ4oSEtSu5m
BIOS Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
BIOS Upgrades http://www.aida64.com/bios-updates
Memory
Physical Memory:
Total [ TRIAL VERSION ]
Used [ TRIAL VERSION ]
Free 2388 MB
Utilization [ TRIAL VERSION ]
Swap Space:
Total 8142 MB
Used 2536 MB
Free 5606 MB
Utilization 31 %
Virtual Memory:
Total 12215 MB
Used 4221 MB
Free 7994 MB
Utilization 35 %
Paging File:
Paging File C:\pagefile.sys
Current Size 4072 MB
Current / Peak Usage 381 MB / 515 MB
Utilization 9 %
Physical Address Extension (PAE):
Supported by Operating System Yes
Supported by CPU Yes
Active Yes
SPD
[ DIMM2: [ TRIAL VERSION ] ]
Memory Module Properties:
Module Name [ TRIAL VERSION ]
Serial Number None
Module Size 2 GB (2 ranks, 8 banks)
Module Type [ TRIAL VERSION ]
Memory Type DDR3 SDRAM
Memory Speed DDR3-1600 (800 MHz)
Module Width 64 bit
Module Voltage 1.5 V
Error Detection Method None
DRAM Manufacturer G Skill
Memory Timings:
@ 800 MHz 9-9-9-28 (CL-RCD-RP-RAS) / 37-88-5-12-6-6 (RC-RFC-RRD-WR-WTR-RTP)
@ 711 MHz 8-8-8-25 (CL-RCD-RP-RAS) / 33-79-5-11-6-6 (RC-RFC-RRD-WR-WTR-RTP)
@ 622 MHz 7-7-7-22 (CL-RCD-RP-RAS) / 29-69-4-10-5-5 (RC-RFC-RRD-WR-WTR-RTP)
Extreme Memory Profile:
Profile Name Enthusiast (Certified)
Memory Speed DDR3-1600 (800 MHz)
Voltage 1.50 V
@ 800 MHz 6-8-6-24 (CL-RCD-RP-RAS) / 34-110-2-6-10-6-6 (RC-RFC-CR-RRD-WR-WTR-RTP)
Memory Module Features:
Auto Self Refresh Not Supported
Extended Temperature Range Supported
Extended Temperature Refresh Rate Not Supported
On-Die Thermal Sensor Readout Not Supported
Memory Module Manufacturer:
Company Name G.Skill International Enterprise
Product Information http://www.gskill.com/products.php
[ DIMM4: [ TRIAL VERSION ] ]
Memory Module Properties:
Module Name [ TRIAL VERSION ]
Serial Number None
Module Size 2 GB (2 ranks, 8 banks)
Module Type [ TRIAL VERSION ]
Memory Type DDR3 SDRAM
Memory Speed DDR3-1600 (800 MHz)
Module Width 64 bit
Module Voltage 1.5 V
Error Detection Method None
DRAM Manufacturer G Skill
Memory Timings:
@ 800 MHz 9-9-9-28 (CL-RCD-RP-RAS) / 37-88-5-12-6-6 (RC-RFC-RRD-WR-WTR-RTP)
@ 711 MHz 8-8-8-25 (CL-RCD-RP-RAS) / 33-79-5-11-6-6 (RC-RFC-RRD-WR-WTR-RTP)
@ 622 MHz 7-7-7-22 (CL-RCD-RP-RAS) / 29-69-4-10-5-5 (RC-RFC-RRD-WR-WTR-RTP)
Extreme Memory Profile:
Profile Name Enthusiast (Certified)
Memory Speed DDR3-1600 (800 MHz)
Voltage 1.50 V
@ 800 MHz 6-8-6-24 (CL-RCD-RP-RAS) / 34-110-2-6-10-6-6 (RC-RFC-CR-RRD-WR-WTR-RTP)
Memory Module Features:
Auto Self Refresh Not Supported
Extended Temperature Range Supported
Extended Temperature Refresh Rate Not Supported
On-Die Thermal Sensor Readout Not Supported
Memory Module Manufacturer:
Company Name G.Skill International Enterprise
Product Information http://www.gskill.com/products.php
Chipset
[ North Bridge: Intel Sandy Bridge-DT IMC ]
North Bridge Properties:
North Bridge Intel Sandy Bridge-DT IMC
Revision 09
Process Technology 32 nm
Memory Controller:
Type Dual Channel (128-bit)
Active Mode Dual Channel (128-bit)
Memory Timings:
CAS Latency (CL) 6T
RAS To CAS Delay (tRCD) 8T
RAS Precharge (tRP) 6T
RAS Active Time (tRAS) 24T
Row Refresh Cycle Time (tRFC) 88T
Command Rate (CR) 1T
RAS To RAS Delay (tRRD) 5T
Write Recovery Time (tWR) 12T
Write To Read Delay (tWTR) 4T
Read To Precharge Delay (tRTP) 6T
Four Activate Window Delay (tFAW) 24T
Write CAS Latency (tWCL) 8T
Error Correction:
ECC Not Supported
ChipKill ECC Not Supported
RAID Not Supported
ECC Scrubbing Not Supported
Memory Slots:
DRAM Slot #1 2 GB (DDR3-1600 DDR3 SDRAM)
DRAM Slot #2 2 GB (DDR3-1600 DDR3 SDRAM)
Integrated Graphics Controller:
Graphics Controller Type Intel HD Graphics
Graphics Controller Status Disabled
PCI Express Controller:
PCI-E 2.0 x8 port #2 In Use @ x8 (AMD Cayman/Antilles - High Definition Audio Controller, Asus EAH6950 Video Adapter)
Chipset Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/chipsets
Driver Download http://support.intel.com/support/chipsets
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
[ South Bridge: [ TRIAL VERSION ] ]
South Bridge Properties:
South Bridge [ TRIAL VERSION ]
Revision / Stepping 05 / B3
High Definition Audio:
Codec Name Realtek ALC889
Codec ID 10EC0889h / 1043840Fh
Codec Revision 1000h
Codec Type Audio
PCI Express Controller:
PCI-E 2.0 x1 port #1 In Use @ x1 (PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch --> PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch)
PCI-E 2.0 x1 port #2 In Use @ x1 (NEC uPD720200 USB 3.0 Host Controller)
PCI-E 2.0 x1 port #3 In Use @ x1 (NEC uPD720200 USB 3.0 Host Controller)
PCI-E 2.0 x1 port #4 In Use @ x1 (JMicron JMB362 SATA-II AHCI Controller)
PCI-E 2.0 x2 port #5 In Use @ x2 (Marvell 88SE9182 SATA 6Gb/s Controller)
PCI-E 2.0 x1 port #7 In Use @ x1 (Intel 82583V Gigabit Network Connection)
Chipset Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/chipsets
Driver Download http://support.intel.com/support/chipsets
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
BIOS
BIOS Properties:
BIOS Type AMI
BIOS Version 1204
System BIOS Date 02/05/10
Video BIOS Date 12/06/10
BIOS Manufacturer:
Company Name American Megatrends Inc.
Product Information http://www.ami.com/amibios
BIOS Upgrades http://www.aida64.com/bios-updates
ACPI
[ APIC: Multiple APIC Description Table ]
ACPI Table Properties:
ACPI Signature APIC
Table Description Multiple APIC Description Table
Memory Address BEF9DC00h
Table Length 146 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID AMI
Creator Revision 00010013h
Local APIC Address FEE00000h
[ DSDT: Differentiated System Description Table ]
ACPI Table Properties:
ACPI Signature DSDT
Table Description Differentiated System Description Table
Memory Address BEF95140h
Table Length 35271 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 00000000h
Creator ID INTL
Creator Revision 20051117h
nVIDIA SLI:
SLI Certification 374937846529Genuine NVIDIA Certified SLI Ready Motherboard for ASUS COUGAR POINT 1573-Copyright 2010 NVIDIA Corporation All Rights Reserved-458103946203(R)
PCI 0-0-0-0 (Direct I/O) 8086-0100 (Intel)
PCI 0-0-0-0 (HAL) 8086-0100 (Intel)
[ FACP: Fixed ACPI Description Table ]
ACPI Table Properties:
ACPI Signature FACP
Table Description Fixed ACPI Description Table
Memory Address BEF950B8h
Table Length 132 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID AMI
Creator Revision 00010013h
SMI Command Port 000000B2h
PM Timer 00000408h
[ FACS: Firmware ACPI Control Structure ]
ACPI Table Properties:
ACPI Signature FACS
Table Description Firmware ACPI Control Structure
Memory Address BF5D3F40h
Table Length 64 bytes
[ HPET: IA-PC High Precision Event Timer Table ]
ACPI Table Properties:
ACPI Signature HPET
Table Description IA-PC High Precision Event Timer Table
Memory Address BEF9DEB0h
Table Length 56 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID AMI.
Creator Revision 00000004h
[ MCFG: Memory Mapped Configuration Space Base Address Description Table ]
ACPI Table Properties:
ACPI Signature MCFG
Table Description Memory Mapped Configuration Space Base Address Description Table
Memory Address BEF9DE70h
Table Length 60 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID MSFT
Creator Revision 00000097h
[ RSD PTR: Root System Description Pointer ]
ACPI Table Properties:
ACPI Signature RSD PTR
Table Description Root System Description Pointer
Memory Address 000F0420h
Table Length 36 bytes
OEM ID ALASKA
RSDP Revision 2
RSDT Address BEF95028h
XSDT Address 00000000-BEF95068h
[ RSDT: Root System Description Table ]
ACPI Table Properties:
ACPI Signature RSDT
Table Description Root System Description Table
Memory Address BEF95028h
Table Length 56 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID MSFT
Creator Revision 00010013h
RSDT Entry #0 BEF950B8h
RSDT Entry #1 BEF9DC00h
RSDT Entry #2 BEF9DC98h
RSDT Entry #3 BEF9DE70h
RSDT Entry #4 BEF9DEB0h
[ SLIC: Software Licensing Description Table (Emulated) ]
ACPI Table Properties:
ACPI Signature SLIC
Table Description Software Licensing Description Table
Memory Address Emulated
Table Length 374 bytes
OEM ID DELL
OEM Table ID QA09
OEM Revision 42302E31h
Creator ID NVDA
Creator Revision 0100000Eh
[ SSDT: Secondary System Description Table ]
ACPI Table Properties:
ACPI Signature SSDT
Table Description Secondary System Description Table
Memory Address BEF9DC98h
Table Length 470 bytes
OEM ID AMICPU
OEM Table ID PROC
OEM Revision 00000001h
Creator ID MSFT
Creator Revision 03000001h
[ XSDT: Extended System Description Table ]
ACPI Table Properties:
ACPI Signature XSDT
Table Description Extended System Description Table
Memory Address 00000000-BEF95068h
Table Length 76 bytes
OEM ID ALASKA
OEM Table ID A M I
OEM Revision 01072009h
Creator ID AMI
Creator Revision 00010013h
XSDT Entry #0 00000000-BEF9DB08h
XSDT Entry #1 00000000-BEF9DC00h
XSDT Entry #2 00000000-BEF9DC98h
XSDT Entry #3 00000000-BEF9DE70h
XSDT Entry #4 00000000-BEF9DEB0h
Operating System
Operating System Properties:
OS Name Microsoft Windows 7 Ultimate
OS Language English (United States)
OS Kernel Type Multiprocessor Free (64-bit)
OS Version 6.1.7601 (Win7 RTM)
OS Service Pack [ TRIAL VERSION ]
OS Installation Date 12/03/2011
OS Root C:\Windows
License Information:
Registered Owner muggz
Registered Organization
Product ID 00426-OEM-8992662-00400
Product Key 342DG- [ TRIAL VERSION ]
Product Activation (WPA) Not Required
Current Session:
Computer Name MUGGZ-PC
User Name muggz
Logon Domain [ TRIAL VERSION ]
UpTime 5006 sec (0 days, 1 hours, 23 min, 26 sec)
Components Version:
Common Controls 6.16
Internet Explorer 8.0.7601.17514
Internet Explorer Updates [ TRIAL VERSION ]
Windows Mail 6.1.7600.16385 (win7_rtm.090713-1255)
Windows Media Player 12.0.7600.16385 (win7_rtm.090713-1255)
Windows Messenger -
MSN Messenger -
Internet Information Services (IIS) [ TRIAL VERSION ]
.NET Framework 4.0.30319.1 built by: RTMRel
Novell Client -
DirectX DirectX 11.0
OpenGL 6.1.7600.16385 (win7_rtm.090713-1255)
ASPI -
Operating System Features:
Debug Version No
DBCS Version No
Domain Controller No
Security Present No
Network Present Yes
Remote Session No
Safe Mode No
Slow Processor No
Terminal Services Yes
Processes
Process Name Process File Name Type Used Memory Used Swap
aaHMSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe 32-bit 5820 KB 5 KB
AdminService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 64-bit 3148 KB 2 KB
AiChargerAP.exe C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe 32-bit 3468 KB 1 KB
aida64.exe C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe 32-bit 38776 KB 30 KB
ASDR.exe C:\Windows\SysWOW64\ASDR.exe 32-bit 1512 KB 0 KB
AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe 32-bit 812 KB 3 KB
AsShellProcess.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe 32-bit 2900 KB 1 KB
AsSysCtrlService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe 32-bit 3596 KB 3 KB
AthBtTray.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe 64-bit 7696 KB 5 KB
atieclxx.exe C:\Windows\system32\atieclxx.exe 64-bit 4272 KB 3 KB
atiesrxx.exe C:\Windows\system32\atiesrxx.exe 64-bit 2592 KB 2 KB
atkexComSvc.exe C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe 32-bit 8272 KB 10 KB
audiodg.exe 64-bit 14848 KB 16 KB
BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe 64-bit 6744 KB 9 KB
CCC.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 64-bit 25448 KB 170 KB
Core Temp.exe C:\Users\muggz\Downloads\CoreTemp64\Core Temp.exe 64-bit 2016 KB 6 KB
cpuz.exe C:\Program Files\CPUID\ROG CPU-Z\cpuz.exe 64-bit 8316 KB 5 KB
csrss.exe C:\Windows\system32\csrss.exe 64-bit 3680 KB 2 KB
csrss.exe C:\Windows\system32\csrss.exe 64-bit 6304 KB 3 KB
dllhost.exe C:\Windows\system32\DllHost.exe 64-bit 5468 KB 3 KB
dwm.exe C:\Windows\system32\Dwm.exe 64-bit 71944 KB 58 KB
EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe 32-bit 1028 KB 5 KB
explorer.exe C:\Windows\Explorer.EXE 64-bit 77968 KB 55 KB
firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe 32-bit 202 MB 192 KB
fraps.exe C:\Fraps\fraps.exe 32-bit 23416 KB 21 KB
fraps64.dat C:\Fraps\fraps64.dat 64-bit 3452 KB 3 KB
IPROSetMonitor.exe C:\Windows\system32\IProsetMonitor.exe 64-bit 2520 KB 2 KB
KiesPDLR.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 32-bit 15972 KB 30 KB
KiesTrayAgent.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 32-bit 6080 KB 3 KB
lsass.exe C:\Windows\system32\lsass.exe 64-bit 10100 KB 6 KB
lsm.exe C:\Windows\system32\lsm.exe 64-bit 3184 KB 3 KB
MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 64-bit 4004 KB 40 KB
nusb3mon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 32-bit 3916 KB 2 KB
plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 32-bit 35740 KB 32 KB
PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrA.exe 32-bit 2268 KB 1 KB
PnkBstrB.exe C:\Windows\SysWOW64\PnkBstrB.exe 32-bit 2440 KB 2 KB
pnSvc.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe 32-bit 1376 KB 9 KB
PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 64-bit 14076 KB 25 KB
RadeonProSupport.exe C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe 32-bit 5364 KB 11 KB
RTSS.exe C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe 32-bit 828 KB 3 KB
SearchFilterHost.exe C:\Windows\system32\SearchFilterHost.exe 64-bit 9960 KB 4 KB
SearchIndexer.exe C:\Windows\system32\SearchIndexer.exe 64-bit 64024 KB 59 KB
SearchProtocolHost.exe C:\Windows\system32\SearchProtocolHost.exe 64-bit 13124 KB 5 KB
services.exe C:\Windows\system32\services.exe 64-bit 11356 KB 14 KB
smss.exe 64-bit 856 KB 0 KB
splwow64.exe C:\Windows\splwow64.exe 64-bit 5372 KB 2 KB
spoolsv.exe C:\Windows\System32\spoolsv.exe 64-bit 8160 KB 7 KB
sppsvc.exe C:\Windows\system32\sppsvc.exe 64-bit 11868 KB 6 KB
Steam.exe C:\Program Files (x86)\Steam\Steam.exe 32-bit 89 MB 102 KB
svchost.exe C:\Windows\System32\svchost.exe 64-bit 18772 KB 21 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 15152 KB 12 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 15328 KB 21 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 13236 KB 13 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 6132 KB 4 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 16472 KB 9 KB
svchost.exe C:\Windows\System32\svchost.exe 64-bit 110 MB 110 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 38056 KB 31 KB
svchost.exe C:\Windows\System32\svchost.exe 64-bit 28512 KB 73 KB
svchost.exe C:\Windows\System32\svchost.exe 64-bit 12484 KB 13 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 8436 KB 5 KB
svchost.exe C:\Windows\system32\svchost.exe 64-bit 8548 KB 7 KB
System Idle Process 24 KB 0 KB
System 64-bit 724 KB 0 KB
taskeng.exe C:\Windows\system32\taskeng.exe 64-bit 4508 KB 3 KB
taskhost.exe C:\Windows\system32\taskhost.exe 64-bit 7232 KB 9 KB
taskhost.exe C:\Windows\system32\taskhost.exe 64-bit 4436 KB 6 KB
TurboVHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe 32-bit 1252 KB 12 KB
uTorrent.exe C:\Program Files (x86)\uTorrent\uTorrent.exe 32-bit 32184 KB 21 KB
VRMHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe 32-bit 1020 KB 5 KB
wininit.exe C:\Windows\system32\wininit.exe 64-bit 2516 KB 1 KB
winlogon.exe C:\Windows\system32\winlogon.exe 64-bit 4084 KB 3 KB
WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 64-bit 8192 KB 5 KB
WLIDSVCM.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 64-bit 2004 KB 1 KB
WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe 64-bit 7456 KB 3 KB
WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe 32-bit 9432 KB 4 KB
wmpnetwk.exe C:\Program Files\Windows Media Player\wmpnetwk.exe 64-bit 1056 KB 12 KB
wuauclt.exe C:\Windows\system32\wuauclt.exe 64-bit 4772 KB 3 KB
WUDFHost.exe C:\Windows\system32\WUDFHost.exe 64-bit 4472 KB 2 KB
System Drivers
Driver Name Driver Description File Name Version Type State
1394ohci 1394 OHCI Compliant Host Controller 1394ohci.sys 6.1.7601.17514 Kernel Driver Stopped
ACPI Microsoft ACPI Driver ACPI.sys 6.1.7601.17514 Kernel Driver Running
AcpiPmi ACPI Power Meter Driver acpipmi.sys 6.1.7601.17514 Kernel Driver Stopped
adp94xx adp94xx adp94xx.sys 1.6.6.4 Kernel Driver Stopped
adpahci adpahci adpahci.sys 1.6.6.1 Kernel Driver Stopped
adpu320 adpu320 adpu320.sys 7.2.0.0 Kernel Driver Stopped
AFD Ancillary Function Driver for Winsock afd.sys 6.1.7601.17514 Kernel Driver Running
agp440 Intel AGP Bus Filter agp440.sys 6.1.7600.16385 Kernel Driver Stopped
AiCharger ASUS Charger Driver AiCharger.sys 5.2.3790.0 Kernel Driver Running
AIDA64Driver FinalWire AIDA64 Kernel Driver kerneld.x64 Kernel Driver Running
aliide aliide aliide.sys 1.2.0.0 Kernel Driver Stopped
Alpham1 Ideazon Merc USB Human Interface Device Alpham164.sys 1.0.13.33 Kernel Driver Running
Alpham2 Ideazon Merc MM USB Human Interface Device Alpham264.sys 1.0.13.33 Kernel Driver Running
ALSysIO ALSysIO ALSysIO64.sys Kernel Driver Running
amdide amdide amdide.sys 6.1.7600.16385 Kernel Driver Stopped
AmdK8 AMD K8 Processor Driver amdk8.sys 6.1.7600.16385 Kernel Driver Stopped
amdkmdag amdkmdag atikmdag.sys 8.1.1.1152 Kernel Driver Running
amdkmdap amdkmdap atikmpag.sys 8.14.1.6210 Kernel Driver Running
AmdPPM AMD Processor Driver amdppm.sys 6.1.7600.16385 Kernel Driver Stopped
amdsata amdsata amdsata.sys 1.1.2.5 Kernel Driver Stopped
amdsbs amdsbs amdsbs.sys 3.6.1540.127 Kernel Driver Stopped
amdxata amdxata amdxata.sys 1.1.2.5 Kernel Driver Running
AppID AppID Driver appid.sys 6.1.7601.17514 Kernel Driver Stopped
arc arc arc.sys 5.2.0.10384 Kernel Driver Stopped
arcsas arcsas arcsas.sys 5.2.0.16119 Kernel Driver Stopped
AsIO AsIO AsIO.sys Kernel Driver Running
AsUpIO AsUpIO AsUpIO.sys Kernel Driver Running
AsyncMac RAS Asynchronous Media Driver asyncmac.sys 6.1.7600.16385 Kernel Driver Stopped
atapi IDE Channel atapi.sys 6.1.7600.16385 Kernel Driver Running
AthBTPort Atheros Virtual Bluetooth Class btath_flt.sys 1.0.0.0 Kernel Driver Stopped
ATHDFU Atheros Valkyrie USB BootROM AthDfu.sys 6.1.7600.16385 Kernel Driver Stopped
AtiHDAudioService ATI Function Driver for HD Audio Service AtihdW76.sys 7.12.0.7701 Kernel Driver Running
atillk64 atillk64 atillk64.sys 5.11.9.0 Kernel Driver Stopped
b06bdrv Broadcom NetXtreme II VBD bxvbda.sys 4.8.2.0 Kernel Driver Stopped
b57nd60a Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 b57nd60a.sys 10.100.4.0 Kernel Driver Stopped
Beep Beep Kernel Driver Running
blbdrive blbdrive blbdrive.sys 6.1.7600.16385 Kernel Driver Running
bowser Browser Support Driver bowser.sys 6.1.7601.17565 File System Driver Running
BrFiltLo Brother USB Mass-Storage Lower Filter Driver BrFiltLo.sys 1.10.0.2 Kernel Driver Stopped
BrFiltUp Brother USB Mass-Storage Upper Filter Driver BrFiltUp.sys 1.4.0.1 Kernel Driver Stopped
Brserid Brother MFC Serial Port Interface Driver (WDM) Brserid.sys 1.0.1.6 Kernel Driver Stopped
BrSerWdm Brother WDM Serial driver BrSerWdm.sys 1.0.0.20 Kernel Driver Stopped
BrUsbMdm Brother MFC USB Fax Only Modem BrUsbMdm.sys 1.0.0.12 Kernel Driver Stopped
BrUsbSer Brother MFC USB Serial WDM Driver BrUsbSer.sys 1.0.1.3 Kernel Driver Stopped
BTATH_A2DP Bluetooth A2DP Audio Driver btath_a2dp.sys 1.0.0.0 Kernel Driver Stopped
BTATH_BUS Atheros Bluetooth Bus btath_bus.sys 1.0.0.0 Kernel Driver Running
BTATH_HCRP Bluetooth HCRP Server driver btath_hcrp.sys 1.0.0.0 Kernel Driver Stopped
BTATH_LWFLT Bluetooth LWFLT Device btath_lwflt.sys 1.0.0.0 Kernel Driver Stopped
BTATH_RCP Bluetooth AVRCP Device btath_rcp.sys 1.0.0.0 Kernel Driver Stopped
BtFilter BtFilter btfilter.sys 6.1.7600.16385 Kernel Driver Stopped
BthEnum Bluetooth Request Block Driver BthEnum.sys 6.1.7600.16385 Kernel Driver Stopped
BTHMODEM Bluetooth Serial Communications Driver bthmodem.sys 6.1.7600.16385 Kernel Driver Stopped
BthPan Bluetooth Device (Personal Area Network) bthpan.sys 6.1.7600.16385 Kernel Driver Stopped
BTHPORT Bluetooth Port Driver BTHport.sys 6.1.7601.17514 Kernel Driver Stopped
BTHUSB Bluetooth Radio USB Driver BTHUSB.sys 6.1.7601.17514 Kernel Driver Stopped
cdfs CD/DVD File System Reader cdfs.sys 6.1.7600.16385 File System Driver Stopped
cdrom CD-ROM Driver cdrom.sys 6.1.7601.17514 Kernel Driver Running
circlass Consumer IR Devices circlass.sys 6.1.7600.16385 Kernel Driver Stopped
CLFS Common Log (CLFS) CLFS.sys 6.1.7600.16385 Kernel Driver Running
CmBatt Microsoft ACPI Control Method Battery Driver CmBatt.sys 6.1.7600.16385 Kernel Driver Stopped
cmdide cmdide cmdide.sys 2.0.7.0 Kernel Driver Stopped
CNG CNG cng.sys 6.1.7601.17514 Kernel Driver Running
Compbatt Compbatt compbatt.sys 6.1.7600.16385 Kernel Driver Stopped
CompositeBus Composite Bus Enumerator Driver CompositeBus.sys 6.1.7601.17514 Kernel Driver Running
cpuz135 cpuz135 cpuz135_x64.sys 1.0.3.5 Kernel Driver Running
crcdisk Crcdisk Filter Driver crcdisk.sys 6.1.7600.16385 Kernel Driver Stopped
CSC Offline Files Driver csc.sys 6.1.7601.17514 Kernel Driver Running
DAdderFltr DeathAdder Mouse dadder.sys 1.0.0.3 Kernel Driver Stopped
DfsC DFS Namespace Client Driver dfsc.sys 6.1.7601.17514 File System Driver Running
dg_ssudbus SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) ssudbus.sys 2.9.13.428 Kernel Driver Stopped
discache System Attribute Cache discache.sys 6.1.7600.16385 Kernel Driver Running
Disk Disk Driver disk.sys 6.1.7600.16385 Kernel Driver Running
drmkaud Microsoft Trusted Audio Drivers drmkaud.sys 6.1.7600.16385 Kernel Driver Stopped
DXGKrnl LDDM Graphics Subsystem dxgkrnl.sys 6.1.7601.17514 Kernel Driver Running
e1cexpress Intel(R) PRO/1000 PCI Express Network Connection Driver C e1c62x64.sys 11.8.74.0 Kernel Driver Running
e1qexpress Intel(R) PRO/1000 PCI Express Network Connection Driver Q e1q62x64.sys 11.7.32.0 Kernel Driver Running
ebdrv Broadcom NetXtreme II 10 GigE VBD evbda.sys 4.8.13.0 Kernel Driver Stopped
EIO64 EIO Driver EIO64.sys 1.9.7.0 Kernel Driver Running
elxstor elxstor elxstor.sys 7.2.10.211 Kernel Driver Stopped
ENTECH64 ENTECH64 ENTECH64.sys 5.0.1.1 Kernel Driver Stopped
ErrDev Microsoft Hardware Error Device Driver errdev.sys 6.1.7600.16385 Kernel Driver Stopped
exfat exFAT File System Driver File System Driver Stopped
fastfat FAT12/16/32 File System Driver File System Driver Running
fdc Floppy Disk Controller Driver fdc.sys 6.1.7600.16385 Kernel Driver Stopped
FileInfo File Information FS MiniFilter fileinfo.sys 6.1.7600.16385 File System Driver Running
Filetrace Filetrace filetrace.sys 6.1.7600.16385 File System Driver Stopped
flpydisk Floppy Disk Driver flpydisk.sys 6.1.7600.16385 Kernel Driver Stopped
FltMgr FltMgr fltmgr.sys 6.1.7601.17514 File System Driver Running
FsDepends File System Dependency Minifilter FsDepends.sys 6.1.7600.16385 File System Driver Stopped
fvevol Bitlocker Drive Encryption Filter Driver fvevol.sys 6.1.7601.17514 Kernel Driver Running
gagp30kx Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms gagp30kx.sys 6.1.7600.16385 Kernel Driver Stopped
hcw85cir Hauppauge Consumer Infrared Receiver hcw85cir.sys 1.31.27127.0 Kernel Driver Stopped
HdAudAddService Microsoft 1.1 UAA Function Driver for High Definition Audio Service HdAudio.sys 6.1.7601.17514 Kernel Driver Running
HDAudBus Microsoft UAA Bus Driver for High Definition Audio HDAudBus.sys 6.1.7601.17514 Kernel Driver Running
HidBatt HID UPS Battery Driver HidBatt.sys 6.1.7600.16385 Kernel Driver Stopped
HidBth Microsoft Bluetooth HID Miniport hidbth.sys 6.1.7600.16385 Kernel Driver Stopped
HidIr Microsoft Infrared HID Driver hidir.sys 6.1.7600.16385 Kernel Driver Stopped
HidUsb Microsoft HID Class Driver hidusb.sys 6.1.7601.17514 Kernel Driver Running
HpSAMD HpSAMD HpSAMD.sys 6.12.6.64 Kernel Driver Stopped
HTTP HTTP HTTP.sys 6.1.7601.17514 Kernel Driver Running
hwpolicy Hardware Policy Driver hwpolicy.sys 6.1.7601.17514 Kernel Driver Running
i8042prt i8042 Keyboard and PS/2 Mouse Port Driver i8042prt.sys 6.1.7600.16385 Kernel Driver Stopped
iaStor Intel AHCI Controller iaStor.sys 10.5.0.1026 Kernel Driver Running
iaStorV Intel RAID Controller Windows 7 iaStorV.sys 8.6.2.1014 Kernel Driver Stopped
ICCWDT Intel(R) Watchdog Timer Driver (Intel(R) WDT) ICCWDT.sys 7.0.0.7190 Kernel Driver Running
iirsp iirsp iirsp.sys 5.4.22.0 Kernel Driver Stopped
IntcAzAudAddService Service for Realtek HD Audio (WDM) RTKVHD64.sys 6.0.1.6235 Kernel Driver Stopped
intelide intelide intelide.sys 6.1.7600.16385 Kernel Driver Stopped
intelppm Intel Processor Driver intelppm.sys 6.1.7600.16385 Kernel Driver Running
IpFilterDriver IP Traffic Filter Driver ipfltdrv.sys 6.1.7601.17514 Kernel Driver Stopped
IPMIDRV IPMIDRV IPMIDrv.sys 6.1.7601.17514 Kernel Driver Stopped
IPNAT IP Network Address Translator ipnat.sys 6.1.7600.16385 Kernel Driver Stopped
IRENUM IR Bus Enumerator irenum.sys 6.1.7600.16385 Kernel Driver Stopped
isapnp isapnp isapnp.sys 6.1.7600.16385 Kernel Driver Stopped
iScsiPrt iScsiPort Driver msiscsi.sys 6.1.7601.17514 Kernel Driver Stopped
ISODrive ISO DVD/CD-ROM Device Driver ISODrv64.sys 3.1.3.579 File System Driver Running
kbdclass Keyboard Class Driver kbdclass.sys 6.1.7600.16385 Kernel Driver Running
kbdhid Keyboard HID Driver kbdhid.sys 6.1.7601.17514 Kernel Driver Running
KSecDD KSecDD ksecdd.sys 6.1.7601.17514 Kernel Driver Running
KSecPkg KSecPkg ksecpkg.sys 6.1.7601.17514 Kernel Driver Running
ksthunk Kernel Streaming Thunks ksthunk.sys 6.1.7600.16385 Kernel Driver Running
lltdio Link-Layer Topology Discovery Mapper I/O Driver lltdio.sys 6.1.7600.16385 Kernel Driver Running
LSI_FC LSI_FC lsi_fc.sys 1.28.3.52 Kernel Driver Stopped
LSI_SAS LSI_SAS lsi_sas.sys 1.28.3.52 Kernel Driver Stopped
LSI_SAS2 LSI_SAS2 lsi_sas2.sys 2.0.2.71 Kernel Driver Stopped
LSI_SCSI LSI_SCSI lsi_scsi.sys 1.28.3.67 Kernel Driver Stopped
luafv UAC File Virtualization luafv.sys 6.1.7600.16385 File System Driver Running
megasas megasas megasas.sys 4.5.1.64 Kernel Driver Stopped
MegaSR MegaSR MegaSR.sys 13.5.409.2009 Kernel Driver Stopped
MEIx64 Intel(R) Management Engine Interface HECIx64.sys 7.0.0.1118 Kernel Driver Running
Modem Modem modem.sys 6.1.7600.16385 Kernel Driver Stopped
monitor Microsoft Monitor Class Function Driver Service monitor.sys 6.1.7600.16385 Kernel Driver Running
mouclass Mouse Class Driver mouclass.sys 6.1.7600.16385 Kernel Driver Running
mouhid Mouse HID Driver mouhid.sys 6.1.7600.16385 Kernel Driver Running
mountmgr Mount Point Manager mountmgr.sys 6.1.7601.17514 Kernel Driver Running
mpio Microsoft Multi-Path Bus Driver mpio.sys 6.1.7601.17514 Kernel Driver Stopped
mpsdrv Windows Firewall Authorization Driver mpsdrv.sys 6.1.7600.16385 Kernel Driver Running
MRxDAV WebDav Client Redirector Driver mrxdav.sys 6.1.7601.17514 File System Driver Stopped
mrxsmb SMB MiniRedirector Wrapper and Engine mrxsmb.sys 6.1.7601.17565 File System Driver Running
mrxsmb10 SMB 1.x MiniRedirector mrxsmb10.sys 6.1.7601.17565 File System Driver Running
mrxsmb20 SMB 2.0 MiniRedirector mrxsmb20.sys 6.1.7601.17565 File System Driver Running
msahci msahci msahci.sys 6.1.7601.17514 Kernel Driver Running
msdsm Microsoft Multi-Path Device Specific Module msdsm.sys 6.1.7601.17514 Kernel Driver Stopped
Msfs Msfs File System Driver Running
mshidkmdf Pass-through HID to KMDF Filter Driver mshidkmdf.sys 6.1.7600.16385 Kernel Driver Stopped
msisadrv msisadrv msisadrv.sys 6.1.7600.16385 Kernel Driver Running
MSKSSRV Microsoft Streaming Service Proxy MSKSSRV.sys 6.1.7600.16385 Kernel Driver Stopped
MSPCLOCK Microsoft Streaming Clock Proxy MSPCLOCK.sys 6.1.7600.16385 Kernel Driver Stopped
MSPQM Microsoft Streaming Quality Manager Proxy MSPQM.sys 6.1.7600.16385 Kernel Driver Stopped
MsRPC MsRPC Kernel Driver Stopped
mssmbios Microsoft System Management BIOS Driver mssmbios.sys 6.1.7600.16385 Kernel Driver Running
MSTEE Microsoft Streaming Tee/Sink-to-Sink Converter MSTEE.sys 6.1.7600.16385 Kernel Driver Stopped
MTConfig Microsoft Input Configuration Driver MTConfig.sys 6.1.7600.16385 Kernel Driver Stopped
Mup Mup mup.sys 6.1.7600.16385 File System Driver Running
NativeWifiP NativeWiFi Filter nwifi.sys 6.1.7600.16385 Kernel Driver Stopped
NDIS NDIS System Driver ndis.sys 6.1.7601.17514 Kernel Driver Running
NdisCap NDIS Capture LightWeight Filter ndiscap.sys 6.1.7600.16385 Kernel Driver Stopped
NdisTapi Remote Access NDIS TAPI Driver ndistapi.sys 6.1.7600.16385 Kernel Driver Running
Ndisuio NDIS Usermode I/O Protocol ndisuio.sys 6.1.7601.17514 Kernel Driver Stopped
NdisWan Remote Access NDIS WAN Driver ndiswan.sys 6.1.7601.17514 Kernel Driver Running
NDProxy NDIS Proxy Kernel Driver Running
NetBIOS NetBIOS Interface netbios.sys 6.1.7600.16385 File System Driver Running
NetBT NetBT netbt.sys 6.1.7601.17514 Kernel Driver Running
nfrd960 nfrd960 nfrd960.sys 7.10.0.0 Kernel Driver Stopped
Npfs Npfs File System Driver Running
nsiproxy NSI proxy service driver. nsiproxy.sys 6.1.7600.16385 Kernel Driver Running
Ntfs Ntfs File System Driver Running
Null Null Kernel Driver Running
nusb3hub Renesas Electronics USB 3.0 Hub Driver nusb3hub.sys 2.0.32.0 Kernel Driver Running
nusb3xhc Renesas Electronics USB 3.0 Host Controller Driver nusb3xhc.sys 2.0.32.0 Kernel Driver Running
nv_agp NVIDIA nForce AGP Bus Filter nv_agp.sys 6.1.7600.16385 Kernel Driver Stopped
nvraid nvraid nvraid.sys 10.6.0.18 Kernel Driver Stopped
nvstor nvstor nvstor.sys 10.6.0.18 Kernel Driver Stopped
ohci1394 1394 OHCI Compliant Host Controller (Legacy) ohci1394.sys 6.1.7600.16385 Kernel Driver Stopped
Parport Parallel port driver parport.sys 6.1.7600.16385 Kernel Driver Stopped
partmgr Partition Manager partmgr.sys 6.1.7601.17514 Kernel Driver Running
pci PCI Bus Driver pci.sys 6.1.7601.17514 Kernel Driver Running
pciide pciide pciide.sys 6.1.7600.16385 Kernel Driver Running
pcmcia pcmcia pcmcia.sys 6.1.7600.16385 Kernel Driver Stopped
pcw Performance Counters for Windows Driver pcw.sys 6.1.7600.16385 Kernel Driver Running
PEAUTH PEAUTH peauth.sys 6.1.7600.16385 Kernel Driver Running
PptpMiniport WAN Miniport (PPTP) raspptp.sys 6.1.7601.17514 Kernel Driver Running
Processor Processor Driver processr.sys 6.1.7600.16385 Kernel Driver Stopped
Psched QoS Packet Scheduler pacer.sys 6.1.7601.17514 Kernel Driver Running
ql2300 ql2300 ql2300.sys 9.1.8.6 Kernel Driver Stopped
ql40xx ql40xx ql40xx.sys 2.1.3.20 Kernel Driver Stopped
QWAVEdrv QWAVE driver qwavedrv.sys 6.1.7600.16385 Kernel Driver Stopped
RasAcd Remote Access Auto Connection Driver rasacd.sys 6.1.7600.16385 Kernel Driver Stopped
RasAgileVpn WAN Miniport (IKEv2) AgileVpn.sys 6.1.7600.16385 Kernel Driver Running
Rasl2tp WAN Miniport (L2TP) rasl2tp.sys 6.1.7601.17514 Kernel Driver Running
RasPppoe Remote Access PPPOE Driver raspppoe.sys 6.1.7600.16385 Kernel Driver Running
RasSstp WAN Miniport (SSTP) rassstp.sys 6.1.7600.16385 Kernel Driver Running
rdbss Redirected Buffering Sub Sysytem rdbss.sys 6.1.7601.17514 File System Driver Running
rdpbus Remote Desktop Device Redirector Bus Driver rdpbus.sys 6.1.7600.16385 Kernel Driver Running
RDPCDD RDPCDD RDPCDD.sys 6.1.7600.16385 Kernel Driver Running
RDPDR Terminal Server Device Redirector Driver rdpdr.sys 6.1.7601.17514 Kernel Driver Stopped
RDPENCDD RDP Encoder Mirror Driver rdpencdd.sys 6.1.7600.16385 Kernel Driver Running
RDPREFMP Reflector Display Driver used to gain access to graphics data rdprefmp.sys 6.1.7600.16385 Kernel Driver Running
RdpVideoMiniport Remote Desktop Video Miniport Driver rdpvideominiport.sys 6.1.7601.17514 Kernel Driver Stopped
RDPWD RDP Winstation Driver Kernel Driver Stopped
rdyboost ReadyBoost rdyboost.sys 6.1.7601.17514 Kernel Driver Running
RFCOMM Bluetooth Device (RFCOMM Protocol TDI) rfcomm.sys 6.1.7600.16385 Kernel Driver Stopped
rspndr Link-Layer Topology Discovery Responder rspndr.sys 6.1.7600.16385 Kernel Driver Running
s3cap s3cap vms3cap.sys 6.1.7601.17514 Kernel Driver Stopped
sbp2port SBP-2 Transport/Protocol Bus Driver sbp2port.sys 6.1.7601.17514 Kernel Driver Stopped
scfilter Smart card PnP Class Filter Driver scfilter.sys 6.1.7601.17514 Kernel Driver Stopped
secdrv Security Driver Kernel Driver Running
Serenum Serenum Filter Driver serenum.sys 6.1.7600.16385 Kernel Driver Stopped
Serial Serial port driver serial.sys 6.1.7600.16385 Kernel Driver Stopped
sermouse Serial Mouse Driver sermouse.sys 6.1.7600.16385 Kernel Driver Stopped
sffdisk SFF Storage Class Driver sffdisk.sys 6.1.7600.16385 Kernel Driver Stopped
sffp_mmc SFF Storage Protocol Driver for MMC sffp_mmc.sys 6.1.7600.16385 Kernel Driver Stopped
sffp_sd SFF Storage Protocol Driver for SDBus sffp_sd.sys 6.1.7601.17514 Kernel Driver Stopped
sfloppy High-Capacity Floppy Disk Drive sfloppy.sys 6.1.7600.16385 Kernel Driver Stopped
SiSRaid2 SiSRaid2 SiSRaid2.sys 5.1.1039.2600 Kernel Driver Stopped
SiSRaid4 SiSRaid4 sisraid4.sys 5.1.1039.3600 Kernel Driver Stopped
Smb Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) smb.sys 6.1.7600.16385 Kernel Driver Stopped
spldr Security Processor Loader Driver Kernel Driver Running
srv Server SMB 1.xxx Driver srv.sys 6.1.7601.17565 File System Driver Running
srv2 Server SMB 2.xxx Driver srv2.sys 6.1.7601.17565 File System Driver Running
srvnet srvnet srvnet.sys 6.1.7601.17565 File System Driver Running
ssudmdm SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) ssudmdm.sys 2.9.10.209 Kernel Driver Running
stexstor stexstor stexstor.sys 5.0.1.1 Kernel Driver Stopped
storflt Disk Virtual Machine Bus Acceleration Filter Driver vmstorfl.sys 6.1.7601.17514 Kernel Driver Running
storvsc storvsc storvsc.sys 6.1.7601.17514 Kernel Driver Stopped
swenum Software Bus Driver swenum.sys 6.1.7600.16385 Kernel Driver Running
Synth3dVsc Synth3dVsc synth3dvsc.sys Kernel Driver Stopped
Tcpip TCP/IP Protocol Driver tcpip.sys 6.1.7601.17514 Kernel Driver Running
TCPIP6 Microsoft IPv6 Protocol Driver tcpip.sys 6.1.7601.17514 Kernel Driver Stopped
tcpipreg TCP/IP Registry Compatibility tcpipreg.sys 6.1.7601.17514 Kernel Driver Running
TDPIPE TDPIPE tdpipe.sys 6.1.7600.16385 Kernel Driver Stopped
TDTCP TDTCP tdtcp.sys 6.1.7600.16385 Kernel Driver Stopped
tdx NetIO Legacy TDI Support Driver tdx.sys 6.1.7601.17514 Kernel Driver Running
TermDD Terminal Device Driver termdd.sys 6.1.7601.17514 Kernel Driver Running
tssecsrv Remote Desktop Services Security Filter Driver tssecsrv.sys 6.1.7601.17514 Kernel Driver Stopped
TsUsbFlt TsUsbFlt tsusbflt.sys 6.1.7601.17514 Kernel Driver Stopped
tsusbhub tsusbhub tsusbhub.sys Kernel Driver Stopped
tunnel Microsoft Tunnel Miniport Adapter Driver tunnel.sys 6.1.7601.17514 Kernel Driver Running
uagp35 Microsoft AGPv3.5 Filter uagp35.sys 6.1.7600.16385 Kernel Driver Stopped
udfs udfs udfs.sys 6.1.7601.17514 File System Driver Stopped
uliagpkx Uli AGP Bus Filter uliagpkx.sys 6.1.7600.16385 Kernel Driver Stopped
umbus UMBus Enumerator Driver umbus.sys 6.1.7601.17514 Kernel Driver Running
UmPass Microsoft UMPass Driver umpass.sys 6.1.7600.16385 Kernel Driver Stopped
usbccgp Microsoft USB Generic Parent Driver usbccgp.sys 6.1.7601.17514 Kernel Driver Running
usbcir eHome Infrared Receiver (USBCIR) usbcir.sys 6.1.7600.16385 Kernel Driver Stopped
usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver usbehci.sys 6.1.7601.17514 Kernel Driver Running
usbhub Microsoft USB Standard Hub Driver usbhub.sys 6.1.7601.17514 Kernel Driver Running
usbohci Microsoft USB Open Host Controller Miniport Driver usbohci.sys 6.1.7600.16385 Kernel Driver Stopped
usbprint Microsoft USB PRINTER Class usbprint.sys 6.1.7600.16385 Kernel Driver Stopped
USBSTOR USB Mass Storage Driver USBSTOR.SYS 6.1.7601.17514 Kernel Driver Running
usbuhci Microsoft USB Universal Host Controller Miniport Driver usbuhci.sys 6.1.7600.16385 Kernel Driver Stopped
vdrvroot Microsoft Virtual Drive Enumerator Driver vdrvroot.sys 6.1.7600.16385 Kernel Driver Running
vga vga vgapnp.sys 6.1.7600.16385 Kernel Driver Stopped
VgaSave VgaSave vga.sys 6.1.7600.16385 Kernel Driver Running
VGPU VGPU rdvgkmd.sys Kernel Driver Stopped
vhdmp vhdmp vhdmp.sys 6.1.7601.17514 Kernel Driver Stopped
viaide viaide viaide.sys 6.0.6000.170 Kernel Driver Stopped
vmbus Virtual Machine Bus vmbus.sys 6.1.7601.17514 Kernel Driver Running
VMBusHID VMBusHID VMBusHID.sys 6.1.7601.17514 Kernel Driver Stopped
volmgr Volume Manager Driver volmgr.sys 6.1.7601.17514 Kernel Driver Running
volmgrx Dynamic Volume Manager volmgrx.sys 6.1.7601.17514 Kernel Driver Running
volsnap Storage volumes volsnap.sys 6.1.7601.17514 Kernel Driver Running
vsmraid vsmraid vsmraid.sys 6.0.6000.6210 Kernel Driver Stopped
vwifibus Virtual WiFi Bus Driver vwifibus.sys 6.1.7600.16385 Kernel Driver Stopped
WacomPen Wacom Serial Pen HID Driver wacompen.sys 6.1.7600.16385 Kernel Driver Stopped
WANARP Remote Access IP ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Stopped
Wanarpv6 Remote Access IPv6 ARP Driver wanarp.sys 6.1.7601.17514 Kernel Driver Running
Wd Wd wd.sys 6.1.7600.16385 Kernel Driver Stopped
Wdf01000 Kernel Mode Driver Frameworks service Wdf01000.sys 1.9.7600.16385 Kernel Driver Running
WfpLwf WFP Lightweight Filter wfplwf.sys 6.1.7600.16385 Kernel Driver Running
WIMMount WIMMount wimmount.sys 6.1.7600.16385 File System Driver Stopped
WinUsb WinUsb WinUsb.sys 6.1.7601.17514 Kernel Driver Stopped
WmiAcpi Microsoft Windows Management Interface for ACPI wmiacpi.sys 6.1.7600.16385 Kernel Driver Running
ws2ifsl Winsock IFS Driver ws2ifsl.sys 6.1.7600.16385 Kernel Driver Stopped
WudfPf User Mode Driver Frameworks Platform Driver WudfPf.sys 6.1.7601.17514 Kernel Driver Running
WUDFRd WUDFRd WUDFRd.sys 6.1.7601.17514 Kernel Driver Running
xusb21 Xbox 360 Wireless Receiver Driver Service 21 xusb21.sys 9.18.1034.0 Kernel Driver Running
Services
Service Name Service Description File Name Version Type State Account
AeLookupSvc Application Experience svchost.exe 6.1.7600.16385 Share Process Running localSystem
ALG Application Layer Gateway Service alg.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService
AMD External Events Utility AMD External Events Utility atiesrxx.exe 6.14.11.1092 Own Process Running LocalSystem
AppIDSvc Application Identity svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
Appinfo Application Information svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
AppMgmt Application Management svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
asComSvc ASUS Com Service atkexComSvc.exe Own Process Running LocalSystem
ASDR ASDR ASDR.exe 1.1.0.1 Own Process Running LocalSystem
asHmComSvc ASUS HM Com Service aaHMSvc.exe Own Process Running LocalSystem
AsSysCtrlService ASUS System Control Service AsSysCtrlService.exe Own Process Running LocalSystem
AtherosSvc AtherosSvc adminservice.exe 7.2.0.40 Own Process Running LocalSystem
AudioEndpointBuilder Windows Audio Endpoint Builder svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
AudioSrv Windows Audio svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
AxInstSV ActiveX Installer (AxInstSV) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
BDESVC BitLocker Drive Encryption Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
BFE Base Filtering Engine svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
BITS Background Intelligent Transfer Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
Browser Computer Browser svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
bthserv Bluetooth Support Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
CertPropSvc Certificate Propagation svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
clr_optimization_v2.0.50727_32 Microsoft .NET Framework NGEN v2.0.50727_X86 mscorsvw.exe 2.0.50727.4927 Own Process Stopped LocalSystem
clr_optimization_v2.0.50727_64 Microsoft .NET Framework NGEN v2.0.50727_X64 mscorsvw.exe 2.0.50727.4927 Own Process Stopped LocalSystem
clr_optimization_v4.0.30319_32 Microsoft .NET Framework NGEN v4.0.30319_X86 mscorsvw.exe 4.0.30319.1 Own Process Stopped LocalSystem
clr_optimization_v4.0.30319_64 Microsoft .NET Framework NGEN v4.0.30319_X64 mscorsvw.exe 4.0.30319.1 Own Process Stopped LocalSystem
COMSysApp COM+ System Application dllhost.exe 6.1.7600.16385 Own Process Stopped LocalSystem
CryptSvc Cryptographic Services svchost.exe 6.1.7600.16385 Share Process Running NT Authority\NetworkService
CscService Offline Files svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
DcomLaunch DCOM Server Process Launcher svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
defragsvc Disk Defragmenter svchost.exe 6.1.7600.16385 Own Process Stopped localSystem
Dhcp DHCP Client svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService
Dnscache DNS Client svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
dot3svc Wired AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
DPS Diagnostic Policy Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
EapHost Extensible Authentication Protocol svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
EFS Encrypting File System (EFS) lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem
ehRecvr Windows Media Center Receiver Service ehRecvr.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\networkService
ehSched Windows Media Center Scheduler Service ehsched.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\networkService
eventlog Windows Event Log svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
EventSystem COM+ Event System svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
Fax Fax fxssvc.exe 6.1.7601.17514 Own Process Stopped NT AUTHORITY\NetworkService
fdPHost Function Discovery Provider Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
FDResPub Function Discovery Resource Publication svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
FontCache Windows Font Cache Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
FontCache3.0.0.0 Windows Presentation Foundation Font Cache 3.0.0.0 PresentationFontCache.exe 3.0.6920.5011 Own Process Running NT Authority\LocalService
gpsvc Group Policy Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
hidserv Human Interface Device Access svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
hkmsvc Health Key and Certificate Management svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
HomeGroupListener HomeGroup Listener svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
HomeGroupProvider HomeGroup Provider svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
IDriverT InstallDriver Table Manager IDriverT.exe 11.0.0.28844 Own Process Stopped LocalSystem
idsvc Windows CardSpace infocard.exe 3.0.4506.5420 Share Process Stopped LocalSystem
IKEEXT IKE and AuthIP IPsec Keying Modules svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
Intel® PROSet Monitoring Service Intel® PROSet Monitoring Service IProsetMonitor.exe 15.6.1.1 Own Process Running LocalSystem
IPBusEnum PnP-X IP Bus Enumerator svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
iphlpsvc IP Helper svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
KeyIso CNG Key Isolation lsass.exe 6.1.7600.16385 Share Process Running LocalSystem
KtmRm KtmRm for Distributed Transaction Coordinator svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
LanmanServer Server svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
LanmanWorkstation Workstation svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
lltdsvc Link-Layer Topology Discovery Mapper svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
lmhosts TCP/IP NetBIOS Helper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
Mcx2Svc Media Center Extender Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
MMCSS Multimedia Class Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
MpsSvc Windows Firewall svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService
MSDTC Distributed Transaction Coordinator msdtc.exe 2001.12.8530.16385 Own Process Stopped NT AUTHORITY\NetworkService
MSiSCSI Microsoft iSCSI Initiator Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
msiserver Windows Installer msiexec.exe 5.0.7601.17514 Own Process Stopped LocalSystem
napagent Network Access Protection Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
Netlogon Netlogon lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem
Netman Network Connections svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
netprofm Network List Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
NetTcpPortSharing Net.Tcp Port Sharing Service SMSvcHost.exe 3.0.4506.4926 Share Process Stopped NT AUTHORITY\LocalService
NlaSvc Network Location Awareness svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
nsi Network Store Interface Service svchost.exe 6.1.7600.16385 Share Process Running NT Authority\LocalService
p2pimsvc Peer Networking Identity Manager svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
p2psvc Peer Networking Grouping svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
PcaSvc Program Compatibility Assistant Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
PeerDistSvc BranchCache svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
PerfHost Performance Counter DLL Host perfhost.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService
pla Performance Logs & Alerts svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
PlugPlay Plug and Play svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
PnkBstrA PnkBstrA PnkBstrA.exe Own Process Running LocalSystem
PnkBstrB PnkBstrB PnkBstrB.exe Own Process Running LocalSystem
PNRPAutoReg PNRP Machine Name Publication Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
PNRPsvc Peer Name Resolution Protocol svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
PolicyAgent IPsec Policy Agent svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService
Power Power svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
ProfSvc User Profile Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
ProtectedStorage Protected Storage lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem
QWAVE Quality Windows Audio Video Experience svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
RadeonPro Support Service RadeonPro Support Service RadeonProSupport.exe 1.0.3.4 Own Process Running LocalSystem
RasAuto Remote Access Auto Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
RasMan Remote Access Connection Manager svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
RemoteAccess Routing and Remote Access svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
RemoteRegistry Remote Registry svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
RpcEptMapper RPC Endpoint Mapper svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
RpcLocator Remote Procedure Call (RPC) Locator locator.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\NetworkService
RpcSs Remote Procedure Call (RPC) svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\NetworkService
SamSs Security Accounts Manager lsass.exe 6.1.7600.16385 Share Process Running LocalSystem
SCardSvr Smart Card svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
Schedule Task Scheduler svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
SCPolicySvc Smart Card Removal Policy svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
SDRSVC Windows Backup svchost.exe 6.1.7600.16385 Own Process Stopped localSystem
seclogon Secondary Logon svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
SENS System Event Notification Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
SensrSvc Adaptive Brightness svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
SessionEnv Remote Desktop Configuration svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
SharedAccess Internet Connection Sharing (ICS) svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
ShellHWDetection Shell Hardware Detection svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
SNMPTRAP SNMP Trap snmptrap.exe 6.1.7600.16385 Own Process Stopped NT AUTHORITY\LocalService
Spooler Print Spooler spoolsv.exe 6.1.7601.17514 Own Process Running LocalSystem
sppsvc Software Protection sppsvc.exe 6.1.7601.17514 Own Process Running NT AUTHORITY\NetworkService
sppuinotify SPP Notification Service svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
SSDPSRV SSDP Discovery svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
SstpSvc Secure Socket Tunneling Protocol Service svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
Steam Client Service Steam Client Service Program Own Process Stopped LocalSystem
stisvc Windows Image Acquisition (WIA) svchost.exe 6.1.7600.16385 Own Process Running NT Authority\LocalService
swprv Microsoft Software Shadow Copy Provider svchost.exe 6.1.7600.16385 Own Process Stopped LocalSystem
SysMain Superfetch svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
TabletInputService Tablet PC Input Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
TapiSrv Telephony svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
TBS TPM Base Services svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
TermService Remote Desktop Services svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\NetworkService
Themes Themes svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
THREADORDER Thread Ordering Server svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
TrkWks Distributed Link Tracking Client svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
TrustedInstaller Windows Modules Installer TrustedInstaller.exe 6.1.7601.17514 Own Process Stopped localSystem
UI0Detect Interactive Services Detection UI0Detect.exe 6.1.7600.16385 Own Process Stopped LocalSystem
UmRdpService Remote Desktop Services UserMode Port Redirector svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
upnphost UPnP Device Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
UxSms Desktop Window Manager Session Manager svchost.exe 6.1.7600.16385 Share Process Running localSystem
VaultSvc Credential Manager lsass.exe 6.1.7600.16385 Share Process Stopped LocalSystem
vds Virtual Disk vds.exe 6.1.7601.17514 Own Process Stopped LocalSystem
VSS Volume Shadow Copy vssvc.exe 6.1.7601.17514 Own Process Stopped LocalSystem
W32Time Windows Time svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
WatAdminSvc WatAdminSvc WatAdminSvc.exe Own Process Stopped LocalSystem
wbengine Block Level Backup Engine Service wbengine.exe 6.1.7601.17514 Own Process Stopped localSystem
WbioSrvc Windows Biometric Service svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
wcncsvc Windows Connect Now - Config Registrar svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
WcsPlugInService Windows Color System svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
WdiServiceHost Diagnostic Service Host svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
WdiSystemHost Diagnostic System Host svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
WebClient WebClient svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\LocalService
Wecsvc Windows Event Collector svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
wercplsupport Problem Reports and Solutions Control Panel Support svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
WerSvc Windows Error Reporting Service svchost.exe 6.1.7600.16385 Share Process Stopped localSystem
WinDefend Windows Defender svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
Winmgmt Windows Management Instrumentation svchost.exe 6.1.7600.16385 Share Process Running localSystem
WinRM Windows Remote Management (WS-Management) svchost.exe 6.1.7600.16385 Share Process Stopped NT AUTHORITY\NetworkService
Wlansvc WLAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped LocalSystem
wlidsvc Windows Live ID Sign-in Assistant WLIDSVC.EXE 6.500.3165.0 Own Process Running LocalSystem
wmiApSrv WMI Performance Adapter WmiApSrv.exe 6.1.7600.16385 Own Process Stopped localSystem
WMPNetworkSvc Windows Media Player Network Sharing Service wmpnetwk.exe Own Process Running NT AUTHORITY\NetworkService
WPCSvc Parental Controls svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
WPDBusEnum Portable Device Enumerator Service svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
wscsvc Security Center svchost.exe 6.1.7600.16385 Share Process Running NT AUTHORITY\LocalService
WSearch Windows Search SearchIndexer.exe 7.0.7600.16385 Own Process Running LocalSystem
wuauserv Windows Update svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
wudfsvc Windows Driver Foundation - User-mode Driver Framework svchost.exe 6.1.7600.16385 Share Process Running LocalSystem
WwanSvc WWAN AutoConfig svchost.exe 6.1.7600.16385 Share Process Stopped NT Authority\LocalService
AX Files
AX File Version Description
3daudio.ax
bdaplgin.ax 6.1.7600.16385 Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax 6.1.7601.17514 Intel G711 CODEC
iac25_32.ax 2.0.5.53 Indeo® audio software
ir41_32.ax 4.51.16.3 Intel Indeo® Video 4.5
ivfsrc.ax 5.10.2.51 Intel Indeo® video IVF Source Filter 5.10
ksproxy.ax 6.1.7601.17514 WDM Streaming ActiveMovie Proxy
kstvtune.ax 6.1.7601.17514 WDM Streaming TvTuner
kswdmcap.ax 6.1.7601.17514 WDM Streaming Video Capture
ksxbar.ax 6.1.7601.17514 WDM Streaming Crossbar
mpeg2data.ax 6.6.7601.17514 Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax 6.6.7601.17528 DirectShow MPEG-2 Splitter.
msdvbnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks.
msnp.ax 6.6.7601.17514 Microsoft Network Provider for MPEG2 based networks.
muzdecode.ax 1.0.0.60207 PCube Audio Decoder Filter
muzeffect.ax 1.0.0.60210 P3AudioEffect Filter
muzmp4sp.ax 1.0.0.60210 P3MP4Splitter Filter
muzmpgsp.ax 1.1.7.911 PCube MPEG Splitter Filter
muzoggsp.ax 1.0.0.60207 OGG Splitter
psisrndr.ax 6.6.7601.17514 Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax 6.6.7601.17514 Microsoft VBI Codec
vbisurf.ax 6.1.7601.17514 VBI Surface Allocator Filter
vidcap.ax 6.1.7600.16385 Video Capture Interface Server
wstpager.ax 6.6.7601.17514 Microsoft Teletext Server
DLL Files
DLL File Version Description
aaclient.dll 6.1.7601.17514 Anywhere access client
accessibilitycpl.dll 6.1.7601.17514 Ease of access control panel
acctres.dll 6.1.7600.16385 Microsoft Internet Account Manager Resources
acledit.dll 6.1.7600.16385 Access Control List Editor
aclui.dll 6.1.7600.16385 Security Descriptor Editor
acppage.dll 6.1.7601.17514 Compatibility Tab Shell Extension Library
actioncenter.dll 6.1.7601.17514 Action Center
actioncentercpl.dll 6.1.7601.17514 Action Center Control Panel
activeds.dll 6.1.7601.17514 ADs Router Layer DLL
actxprxy.dll 6.1.7601.17514 ActiveX Interface Marshaling Library
admparse.dll 8.0.7600.16385 IEAK Global Policy Template Parser
admtmpl.dll 6.1.7601.17514 Administrative Templates Extension
adprovider.dll 6.1.7600.16385 adprovider DLL
adsldp.dll 6.1.7601.17514 ADs LDAP Provider DLL
adsldpc.dll 6.1.7600.16385 ADs LDAP Provider C DLL
adsmsext.dll 6.1.7600.16385 ADs LDAP Provider DLL
adsnt.dll 6.1.7600.16385 ADs Windows NT Provider DLL
adtschema.dll 6.1.7600.16385 Security Audit Schema DLL
advapi32.dll 6.1.7601.17514 Advanced Windows 32 Base API
advpack.dll 8.0.7600.16385 ADVPACK
aecache.dll 6.1.7600.16385 AECache Sysprep Plugin
aeevts.dll 6.1.7600.16385 Application Experience Event Resources
alttab.dll 6.1.7600.16385 Windows Shell Alt Tab
amdocl.dll 2.4.595.10 AMD Accelerated Parallel Processing OpenCL 1.1 Runtime
amdpcom32.dll 8.14.10.23 Radeon PCOM Universal Driver
amstream.dll 6.6.7601.17514 DirectShow Runtime.
amxread.dll 6.1.7600.16385 API Tracing Manifest Read Library
apds.dll 6.1.7600.16385 Microsoft® Help Data Services Module
apilogen.dll 6.1.7600.16385 API Tracing Log Engine
api-ms-win-core-console-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-datetime-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-debug-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-delayload-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-errorhandling-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-fibers-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-file-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-handle-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-heap-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-interlocked-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-io-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-libraryloader-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-localization-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-localregistry-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-memory-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-misc-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-namedpipe-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-processenvironment-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-processthreads-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-profile-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-rtlsupport-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-string-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-synch-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-sysinfo-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-threadpool-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-util-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-core-xstate-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-security-base-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-security-lsalookup-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-security-sddl-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-service-core-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-service-management-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-service-management-l2-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
api-ms-win-service-winsvc-l1-1-0.dll 6.1.7600.16385 ApiSet Stub DLL
apircl.dll 6.1.7600.16385 Microsoft® InfoTech IR Local DLL
apisetschema.dll 6.1.7600.16385 ApiSet Schema DLL
apphelp.dll 6.1.7601.17514 Application Compatibility Client Library
apphlpdm.dll 6.1.7600.16385 Application Compatibility Help Module
appidapi.dll 6.1.7600.16385 Application Identity APIs Dll
appidpolicyengineapi.dll 6.1.7600.16385 AppId Policy Engine API Module
appmgmts.dll 6.1.7600.16385 Software installation Service
appmgr.dll 6.1.7601.17514 Software Installation Snapin Extenstion
apss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library
asferror.dll 12.0.7600.16385 ASF Error Definitions
asio.dll 1.0.0.4 AsIO DLL
asycfilt.dll 6.1.7601.17514
ati2edxx.dll 6.14.10.2514 ati2edxx
atiadlxy.dll 6.14.10.1057 ADL
aticalcl.dll 6.14.10.1385 ATI CAL compiler runtime
aticaldd.dll 6.14.10.1385 ATI CAL DD
aticalrt.dll 6.14.10.1385 ATI CAL runtime
aticfx32.dll 8.17.10.1077 aticfx32.dll
atidxx32.dll 8.17.10.355 atidxx32.dll
atigktxx.dll 8.14.1.6210 atigktxx.dll
atiglpxx.dll 8.14.1.6210 atiglpxx.dll
atimpc32.dll 8.14.10.23 Radeon PCOM Universal Driver
atioglxx.dll 6.14.10.10767 ATI OpenGL driver
atipdlxx.dll 6.14.10.2563 ATI Desktop CWDDEDI DLL
atiu9pag.dll 8.14.1.6210 atiu9pag.dll
atiumdag.dll 7.14.10.833 atiumdag.dll
atiumdmv.dll 7.14.10.184 Radeon Video Acceleration Universal Driver
atiumdva.dll 8.14.10.308 Radeon Video Acceleration Universal Driver
atiuxpag.dll 8.14.1.6210 atiuxpag.dll
atl.dll 3.5.2284.0 ATL Module for Windows XP (Unicode)
atmfd.dll 5.1.2.234 Windows NT OpenType/Type 1 Font Driver
atmlib.dll 5.1.2.234 Windows NT OpenType/Type 1 API Library.
audiodev.dll 6.1.7601.17514 Portable Media Devices Shell Extension
audioeng.dll 6.1.7600.16385 Audio Engine
audiokse.dll 6.1.7600.16385 Audio Ks Endpoint
audioses.dll 6.1.7601.17514 Audio Session
auditnativesnapin.dll 6.1.7600.16385 Audit Policy Group Policy Editor Extension
auditpolicygpinterop.dll 6.1.7600.16385 Audit Policy GP Module
auditpolmsg.dll 6.1.7600.16385 Audit Policy MMC SnapIn Messages
authfwcfg.dll 6.1.7600.16385 Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll 6.1.7600.16385 Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll 6.1.7601.17514 Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll 6.1.7600.16385 Wizard Framework
authui.dll 6.1.7601.17514 Windows Authentication UI
authz.dll 6.1.7600.16385 Authorization Framework
autoplay.dll 6.1.7601.17514 AutoPlay Control Panel
auxiliarydisplayapi.dll 6.1.7600.16385 Microsoft Windows SideShow API
auxiliarydisplaycpl.dll 6.1.7601.17514 Microsoft Windows SideShow Control Panel
avicap32.dll 6.1.7600.16385 AVI Capture window class
avifil32.dll 6.1.7601.17514 Microsoft AVI File support library
avrt.dll 6.1.7600.16385 Multimedia Realtime Runtime
azroles.dll 6.1.7601.17514 azroles Module
azroleui.dll 6.1.7601.17514 Authorization Manager
azsqlext.dll 6.1.7601.17514 AzMan Sql Audit Extended Stored Procedures Dll
basecsp.dll 6.1.7601.17514 Microsoft Base Smart Card Crypto Provider
batmeter.dll 6.1.7601.17514 Battery Meter Helper DLL
bcrypt.dll 6.1.7600.16385 Windows Cryptographic Primitives Library (Wow64)
bcryptprimitives.dll 6.1.7600.16385 Windows Cryptographic Primitives Library
bidispl.dll 6.1.7600.16385 Bidispl DLL
biocredprov.dll 6.1.7600.16385 WinBio Credential Provider
bitsperf.dll 7.5.7601.17514 Perfmon Counter Access
bitsprx2.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy
bitsprx3.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.0 Proxy
bitsprx4.dll 7.5.7600.16385 Background Intelligent Transfer Service 2.5 Proxy
bitsprx5.dll 7.5.7600.16385 Background Intelligent Transfer Service 3.0 Proxy
bitsprx6.dll 7.5.7600.16385 Background Intelligent Transfer Service 4.0 Proxy
blackbox.dll 11.0.7601.17514 BlackBox DLL
bootvid.dll 6.1.7600.16385 VGA Boot Driver
browcli.dll 6.1.7601.17514 Browser Service Client DLL
browseui.dll 6.1.7601.17514 Shell Browser UI Library
btpanui.dll 6.1.7600.16385 Bluetooth PAN User Interface
bwcontexthandler.dll 1.0.0.1 ContextH Application
bwunpairelevated.dll 6.1.7600.16385 BWUnpairElevated Proxy Dll
c_g18030.dll 6.1.7600.16385 GB18030 DBCS-Unicode Conversion DLL
c_is2022.dll 6.1.7600.16385 ISO-2022 Code Page Translation DLL
c_iscii.dll 6.1.7601.17514 ISCII Code Page Translation DLL
cabinet.dll 6.1.7601.17514 Microsoft® Cabinet File API
cabview.dll 6.1.7601.17514 Cabinet File Viewer Shell Extension
capiprovider.dll 6.1.7600.16385 capiprovider DLL
capisp.dll 6.1.7600.16385 Sysprep cleanup dll for CAPI
catsrv.dll 2001.12.8530.16385 COM+ Configuration Catalog Server
catsrvps.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll 2001.12.8530.16385 COM+ Configuration Catalog Server Utilities
cca.dll 6.6.7601.17514 CCA DirectShow Filter.
cdosys.dll 6.6.7601.17514 Microsoft CDO for Windows Library
certcli.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Client
certcredprovider.dll 6.1.7600.16385 Cert Credential Provider
certenc.dll 6.1.7600.16385 Active Directory Certificate Services Encoding
certenroll.dll 6.1.7601.17514 Microsoft® Active Directory Certificate Services Enrollment Client
certenrollui.dll 6.1.7600.16385 X509 Certificate Enrollment UI
certmgr.dll 6.1.7601.17514 Certificates snap-in
certpoleng.dll 6.1.7601.17514 Certificate Policy Engine
cewmdm.dll 12.0.7600.16385 Windows CE WMDM Service Provider
cfgbkend.dll 6.1.7600.16385 Configuration Backend Interface
cfgmgr32.dll 6.1.7601.17514 Configuration Manager DLL
chsbrkr.dll 6.1.7600.16385 Simplified Chinese Word Breaker
chtbrkr.dll 6.1.7600.16385 Chinese Traditional Word Breaker
chxreadingstringime.dll 6.1.7600.16385 CHxReadingStringIME
cic.dll 6.1.7600.16385 CIC - MMC controls for Taskpad
cis-2.4.dll
clb.dll 6.1.7600.16385 Column List Box
clbcatq.dll 2001.12.8530.16385 COM+ Configuration Catalog
clfsw32.dll 6.1.7600.16385 Common Log Marshalling Win32 DLL
cliconfg.dll 6.1.7600.16385 SQL Client Configuration Utility DLL
clusapi.dll 6.1.7601.17514 Cluster API Library
cmcfg32.dll 7.2.7600.16385 Microsoft Connection Manager Configuration Dll
cmdial32.dll 7.2.7600.16385 Microsoft Connection Manager
cmicryptinstall.dll 6.1.7600.16385 Installers for cryptographic elements of CMI objects
cmifw.dll 6.1.7600.16385 Windows Firewall rule configuration plug-in
cmipnpinstall.dll 6.1.7600.16385 PNP plugin installer for CMI
cmlua.dll 7.2.7600.16385 Connection Manager Admin API Helper
cmpbk32.dll 7.2.7600.16385 Microsoft Connection Manager Phonebook
cmstplua.dll 7.2.7600.16385 Connection Manager Admin API Helper for Setup
cmutil.dll 7.2.7600.16385 Microsoft Connection Manager Utility Lib
cngaudit.dll 6.1.7600.16385 Windows Cryptographic Next Generation audit library
cngprovider.dll 6.1.7600.16385 cngprovider DLL
cnvfat.dll 6.1.7600.16385 FAT File System Conversion Utility DLL
colbact.dll 2001.12.8530.16385 COM+
colorcnv.dll 6.1.7600.16385 Windows Media Color Conversion
colorui.dll 6.1.7600.16385 Microsoft Color Control Panel
comcat.dll 6.1.7600.16385 Microsoft Component Category Manager Library
comctl32.dll 5.82.7601.17514 User Experience Controls Library
comdlg32.dll 6.1.7601.17514 Common Dialogs DLL
compobj.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library
compstui.dll 6.1.7600.16385 Common Property Sheet User Interface DLL
comrepl.dll 2001.12.8530.16385 COM+
comres.dll 2001.12.8530.16385 COM+ Resources
comsnap.dll 2001.12.8530.16385 COM+ Explorer MMC Snapin
comsvcs.dll 2001.12.8530.16385 COM+ Services
comuid.dll 2001.12.8530.16385 COM+ Explorer UI
connect.dll 6.1.7600.16385 Get Connected Wizards
console.dll 6.1.7600.16385 Control Panel Console Applet
corpol.dll 8.0.7600.16385 Microsoft COM Runtime Execution Engine
cpfilters.dll 6.6.7601.17528 PTFilter & Encypter/Decrypter Tagger Filters.
credssp.dll 6.1.7601.17514 Credential Delegation Security Package
credui.dll 6.1.7601.17514 Credential Manager User Interface
crtdll.dll 4.0.1183.1 Microsoft C Runtime Library
crypt32.dll 6.1.7601.17514 Crypto API32
cryptbase.dll 6.1.7600.16385 Base cryptographic API DLL
cryptdlg.dll 6.1.7600.16385 Microsoft Common Certificate Dialogs
cryptdll.dll 6.1.7600.16385 Cryptography Manager
cryptext.dll 6.1.7600.16385 Crypto Shell Extensions
cryptnet.dll 6.1.7600.16385 Crypto Network Related API
cryptsp.dll 6.1.7600.16385 Cryptographic Service Provider API
cryptsvc.dll 6.1.7601.17514 Cryptographic Services
cryptui.dll 6.1.7601.17514 Microsoft Trust UI Provider
cryptxml.dll 6.1.7600.16385 XML DigSig API
cscapi.dll 6.1.7601.17514 Offline Files Win32 API
cscdll.dll 6.1.7601.17514 Offline Files Temporary Shim
cscobj.dll 6.1.7601.17514 In-proc COM object used by clients of CSC API
csver.dll 9.2.0.1021 CSVer
ctl3d32.dll 2.31.0.0 Ctl3D 3D Windows Controls
d2d1.dll 6.1.7601.17563 Microsoft D2D Library
d3d10.dll 6.1.7600.16385 Direct3D 10 Runtime
d3d10_1.dll 6.1.7600.16385 Direct3D 10.1 Runtime
d3d10_1core.dll 6.1.7601.17514 Direct3D 10.1 Runtime
d3d10core.dll 6.1.7600.16385 Direct3D 10 Runtime
d3d10level9.dll 6.1.7601.17514 Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll 6.1.7601.17514 Direct3D 10 Rasterizer
d3d11.dll 6.1.7601.17514 Direct3D 11 Runtime
d3d8.dll 6.1.7600.16385 Microsoft Direct3D
d3d8thk.dll 6.1.7600.16385 Microsoft Direct3D OS Thunk Layer
d3d9.dll 6.1.7601.17514 Direct3D 9 Runtime
d3dcompiler_33.dll 9.18.904.15 Microsoft Direct3D
d3dcompiler_34.dll 9.19.949.46 Microsoft Direct3D
d3dcompiler_35.dll 9.19.949.1104 Microsoft Direct3D
d3dcompiler_36.dll 9.19.949.2111 Microsoft Direct3D
d3dcompiler_37.dll 9.22.949.2248 Microsoft Direct3D
d3dcompiler_38.dll 9.23.949.2378 Microsoft Direct3D
d3dcompiler_39.dll 9.24.949.2307 Microsoft Direct3D
d3dcompiler_40.dll 9.24.950.2656 Direct3D HLSL Compiler
d3dcompiler_41.dll 9.26.952.2844 Direct3D HLSL Compiler
d3dcompiler_42.dll 9.27.952.3022 Direct3D HLSL Compiler
d3dcompiler_43.dll 9.29.952.3111 Direct3D HLSL Compiler
d3dcsx_42.dll 9.27.952.3022 Direct3D 10.1 Extensions
d3dcsx_43.dll 9.29.952.3111 Direct3D 10.1 Extensions
d3dim.dll 6.1.7600.16385 Microsoft Direct3D
d3dim700.dll 6.1.7600.16385 Microsoft Direct3D
d3dramp.dll 6.1.7600.16385 Microsoft Direct3D
d3dx10.dll 9.16.843.0 Microsoft Direct3D
d3dx10_33.dll 9.18.904.21 Microsoft Direct3D
d3dx10_34.dll 9.19.949.46 Microsoft Direct3D
d3dx10_35.dll 9.19.949.1104 Microsoft Direct3D
d3dx10_36.dll 9.19.949.2009 Microsoft Direct3D
d3dx10_37.dll 9.19.949.2187 Microsoft Direct3D
d3dx10_38.dll 9.23.949.2378 Microsoft Direct3D
d3dx10_39.dll 9.24.949.2307 Microsoft Direct3D
d3dx10_40.dll 9.24.950.2656 Direct3D 10.1 Extensions
d3dx10_41.dll 9.26.952.2844 Direct3D 10.1 Extensions
d3dx10_42.dll 9.27.952.3001 Direct3D 10.1 Extensions
d3dx10_43.dll 9.29.952.3111 Direct3D 10.1 Extensions
d3dx11_42.dll 9.27.952.3022 Direct3D 10.1 Extensions
d3dx11_43.dll 9.29.952.3111 Direct3D 10.1 Extensions
d3dx9_24.dll 9.5.132.0 Microsoft® DirectX for Windows®
d3dx9_25.dll 9.6.168.0 Microsoft® DirectX for Windows®
d3dx9_26.dll 9.7.239.0 Microsoft® DirectX for Windows®
d3dx9_27.dll 9.8.299.0 Microsoft® DirectX for Windows®
d3dx9_28.dll 9.10.455.0 Microsoft® DirectX for Windows®
d3dx9_29.dll 9.11.519.0 Microsoft® DirectX for Windows®
d3dx9_30.dll 9.12.589.0 Microsoft® DirectX for Windows®
d3dx9_31.dll 9.15.779.0 Microsoft® DirectX for Windows®
d3dx9_32.dll 9.16.843.0 Microsoft® DirectX for Windows®
d3dx9_33.dll 9.18.904.15 Microsoft® DirectX for Windows®
d3dx9_34.dll 9.19.949.46 Microsoft® DirectX for Windows®
d3dx9_35.dll 9.19.949.1104 Microsoft® DirectX for Windows®
d3dx9_36.dll 9.19.949.2111 Microsoft® DirectX for Windows®
d3dx9_37.dll 9.22.949.2248 Microsoft® DirectX for Windows®
d3dx9_38.dll 9.23.949.2378 Microsoft® DirectX for Windows®
d3dx9_39.dll 9.24.949.2307 Microsoft® DirectX for Windows®
d3dx9_40.dll 9.24.950.2656 Direct3D 9 Extensions
d3dx9_41.dll 9.26.952.2844 Direct3D 9 Extensions
d3dx9_42.dll 9.27.952.3001 Direct3D 9 Extensions
d3dx9_43.dll 9.29.952.3111 Direct3D 9 Extensions
d3dxof.dll 6.1.7600.16385 DirectX Files DLL
dataclen.dll 6.1.7600.16385 Disk Space Cleaner for Windows
davclnt.dll 6.1.7601.17514 Web DAV Client DLL
davhlpr.dll 6.1.7600.16385 DAV Helper DLL
dbgeng.dll 6.1.7601.17514 Windows Symbolic Debugger Engine
dbghelp.dll 6.1.7601.17514 Windows Image Helper
dbnetlib.dll 6.1.7600.16385 Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll 6.1.7600.16385 Named Pipes Net DLL for SQL Clients
dciman32.dll 6.1.7600.16385 DCI Manager
ddaclsys.dll 6.1.7600.16385 SysPrep module for Reseting Data Drive ACL
ddoiproxy.dll 6.1.7600.16385 DDOI Interface Proxy
ddores.dll 6.1.7600.16385 Device Category information and resources
ddraw.dll 6.1.7600.16385 Microsoft DirectDraw
ddrawex.dll 6.1.7600.16385 Direct Draw Ex
defaultlocationcpl.dll 6.1.7601.17514 Default Location Control Panel
deskadp.dll 6.1.7600.16385 Advanced display adapter properties
deskmon.dll 6.1.7600.16385 Advanced display monitor properties
deskperf.dll 6.1.7600.16385 Advanced display performance properties
devenum.dll 6.6.7600.16385 Device enumeration.
devicecenter.dll 6.1.7601.17514 Device Center
devicedisplaystatusmanager.dll 6.1.7600.16385 Device Display Status Manager
devicemetadataparsers.dll 6.1.7600.16385 Common Device Metadata parsers
devicepairing.dll 6.1.7600.16385 Shell extensions for Device Pairing
devicepairingfolder.dll 6.1.7601.17514 Device Pairing Folder
devicepairinghandler.dll 6.1.7600.16385 Device Pairing Handler Dll
devicepairingproxy.dll 6.1.7600.16385 Device Pairing Proxy Dll
deviceuxres.dll 6.1.7600.16385 Windows Device User Experience Resource File
devmgr.dll 6.1.7600.16385 Device Manager MMC Snapin
devobj.dll 6.1.7600.16385 Device Information Set DLL
devrtl.dll 6.1.7600.16385 Device Management Run Time Library
dfscli.dll 6.1.7600.16385 Windows NT Distributed File System Client DLL
dfshim.dll 4.0.40305.0 ClickOnce Application Deployment Support Library
dfsshlex.dll 6.1.7600.16385 Distributed File System shell extension
dgderapi.dll 1.3.1900.0 Device Error Recovery SDK(x86)
dhcpcmonitor.dll 6.1.7600.16385 DHCP Client Monitor Dll
dhcpcore.dll 6.1.7601.17514 DHCP Client Service
dhcpcore6.dll 6.1.7600.16385 DHCPv6 Client
dhcpcsvc.dll 6.1.7600.16385 DHCP Client Service
dhcpcsvc6.dll 6.1.7600.16385 DHCPv6 Client
dhcpqec.dll 6.1.7600.16385 Microsoft DHCP NAP Enforcement Client
dhcpsapi.dll 6.1.7600.16385 DHCP Server API Stub DLL
difxapi.dll 2.1.0.0 Driver Install Frameworks for API library module
dimsjob.dll 6.1.7600.16385 DIMS Job DLL
dimsroam.dll 6.1.7600.16385 Key Roaming DIMS Provider DLL
dinput.dll 6.1.7600.16385 Microsoft DirectInput
dinput8.dll 6.1.7600.16385 Microsoft DirectInput
directdb.dll 6.1.7600.16385 Microsoft Direct Database API
diskcopy.dll 6.1.7600.16385 Windows DiskCopy
dispex.dll 5.8.7600.16385 Microsoft ® DispEx
display.dll 6.1.7601.17514 Display Control Panel
dmband.dll 6.1.7600.16385 Microsoft DirectMusic Band
dmcompos.dll 6.1.7600.16385 Microsoft DirectMusic Composer
dmdlgs.dll 6.1.7600.16385 Disk Management Snap-in Dialogs
dmdskmgr.dll 6.1.7600.16385 Disk Management Snap-in Support Library
dmdskres.dll 6.1.7600.16385 Disk Management Snap-in Resources
dmdskres2.dll 6.1.7600.16385 Disk Management Snap-in Resources
dmime.dll 6.1.7600.16385 Microsoft DirectMusic Interactive Engine
dmintf.dll 6.1.7600.16385 Disk Management DCOM Interface Stub
dmloader.dll 6.1.7600.16385 Microsoft DirectMusic Loader
dmocx.dll 6.1.7600.16385 TreeView OCX
dmrc.dll 6.1.7600.16385 Windows MRC
dmscript.dll 6.1.7600.16385 Microsoft DirectMusic Scripting
dmstyle.dll 6.1.7600.16385 Microsoft DirectMusic Style Engline
dmsynth.dll 6.1.7600.16385 Microsoft DirectMusic Software Synthesizer
dmusic.dll 6.1.7600.16385 Microsoft DirectMusic Core Services
dmutil.dll 6.1.7600.16385 Logical Disk Manager Utility Library
dmvdsitf.dll 6.1.7600.16385 Disk Management Snap-in Support Library
dnsapi.dll 6.1.7601.17570 DNS Client API DLL
dnscmmc.dll 6.1.7601.17514 DNS Client MMC Snap-in DLL
docprop.dll 6.1.7600.16385 OLE DocFile Property Page
dot3api.dll 6.1.7601.17514 802.3 Autoconfiguration API
dot3cfg.dll 6.1.7601.17514 802.3 Netsh Helper
dot3dlg.dll 6.1.7600.16385 802.3 UI Helper
dot3gpclnt.dll 6.1.7600.16385 802.3 Group Policy Client
dot3gpui.dll 6.1.7600.16385 802.3 Network Policy Management Snap-in
dot3hc.dll 6.1.7600.16385 Dot3 Helper Class
dot3msm.dll 6.1.7601.17514 802.3 Media Specific Module
dot3ui.dll 6.1.7601.17514 802.3 Advanced UI
dpapiprovider.dll 6.1.7600.16385 dpapiprovider DLL
dplayx.dll 6.1.7600.16385 Microsoft DirectPlay
dpmodemx.dll 6.1.7600.16385 Modem and Serial Connection For DirectPlay
dpnaddr.dll 6.1.7601.17514 Microsoft DirectPlay8 Address
dpnathlp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPnP
dpnet.dll 6.1.7600.16385 Microsoft DirectPlay
dpnhpast.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper PAST
dpnhupnp.dll 6.1.7600.16385 Microsoft DirectPlay NAT Helper UPNP
dpnlobby.dll 6.1.7600.16385 Microsoft DirectPlay8 Lobby
dpwsockx.dll 6.1.7600.16385 Internet TCP/IP and IPX Connection For DirectPlay
dpx.dll 6.1.7601.17514 Microsoft(R) Delta Package Expander
drmmgrtn.dll 11.0.7601.17514 DRM Migration DLL
drmv2clt.dll 11.0.7600.16385 DRMv2 Client DLL
drprov.dll 6.1.7600.16385 Microsoft Remote Desktop Session Host Server Network Provider
drt.dll 6.1.7600.16385 Distributed Routing Table
drtprov.dll 6.1.7600.16385 Distributed Routing Table Providers
drttransport.dll 6.1.7600.16385 Distributed Routing Table Transport Provider
drvstore.dll 6.1.7601.17514 Driver Store API
ds32gt.dll 6.1.7600.16385 ODBC Driver Setup Generic Thunk
dsauth.dll 6.1.7601.17514 DS Authorization for Services
dsdmo.dll 6.1.7600.16385 DirectSound Effects
dshowrdpfilter.dll 1.0.0.0 RDP Renderer Filter (redirector)
dskquota.dll 6.1.7600.16385 Windows Shell Disk Quota Support DLL
dskquoui.dll 6.1.7601.17514 Windows Shell Disk Quota UI DLL
dsound.dll 6.1.7600.16385 DirectSound
dsprop.dll 6.1.7600.16385 Windows Active Directory Property Pages
dsquery.dll 6.1.7600.16385 Directory Service Find
dsrole.dll 6.1.7600.16385 DS Role Client DLL
dssec.dll 6.1.7600.16385 Directory Service Security UI
dssenh.dll 6.1.7600.16385 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsuiext.dll 6.1.7601.17514 Directory Service Common UI
dswave.dll 6.1.7600.16385 Microsoft DirectMusic Wave
dtsh.dll 6.1.7600.16385 Detection and Sharing Status API
dui70.dll 6.1.7600.16385 Windows DirectUI Engine
duser.dll 6.1.7600.16385 Windows DirectUser Engine
dwmapi.dll 6.1.7600.16385 Microsoft Desktop Window Manager API
dwmcore.dll 6.1.7601.17514 Microsoft DWM Core Library
dwrite.dll 6.1.7601.17563 Microsoft DirectX Typography Services
dxdiagn.dll 6.1.7601.17514 Microsoft DirectX Diagnostic Tool
dxgi.dll 6.1.7601.17514 DirectX Graphics Infrastructure
dxmasf.dll 12.0.7601.17514 Microsoft Windows Media Component Removal File.
dxptaskringtone.dll 6.1.7601.17514 Microsoft Ringtone Editor
dxptasksync.dll 6.1.7601.17514 Microsoft Windows DXP Sync.
dxtmsft.dll 8.0.7600.16385 DirectX Media -- Image DirectX Transforms
dxtrans.dll 8.0.7600.16385 DirectX Media -- DirectX Transform Core
dxva2.dll 6.1.7600.16385 DirectX Video Acceleration 2.0 DLL
eapp3hst.dll 6.1.7601.17514 Microsoft ThirdPartyEapDispatcher
eappcfg.dll 6.1.7600.16385 Eap Peer Config
eappgnui.dll 6.1.7601.17514 EAP Generic UI
eapphost.dll 6.1.7601.17514 Microsoft EAPHost Peer service
eappprxy.dll 6.1.7600.16385 Microsoft EAPHost Peer Client DLL
eapqec.dll 6.1.7600.16385 Microsoft EAP NAP Enforcement Client
efsadu.dll 6.1.7600.16385 File Encryption Utility
efscore.dll 6.1.7601.17514 EFS Core Library
efsutil.dll 6.1.7600.16385 EFS Utility Library
ehstorapi.dll 6.1.7601.17514 Windows Enhanced Storage API
ehstorpwdmgr.dll 6.1.7600.16385 Windows Enhanced Storage Password Manager
ehstorshell.dll 6.1.7600.16385 Windows Enhanced Storage Shell Extension DLL
els.dll 6.1.7600.16385 Event Viewer Snapin
elscore.dll 6.1.7600.16385 Els Core Platform DLL
elslad.dll 6.1.7600.16385 ELS Language Detection
elstrans.dll 6.1.7601.17514 ELS Transliteration Service
encapi.dll 6.1.7600.16385 Encoder API
encdec.dll 6.6.7601.17528 XDSCodec & Encypter/Decrypter Tagger Filters.
eqossnap.dll 6.1.7600.16385 EQoS Snapin extension
es.dll 2001.12.8530.16385 COM+
esent.dll 6.1.7601.17514 Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll 6.1.7600.16385 Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
eventcls.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service event class
evr.dll 6.1.7601.17514 Enhanced Video Renderer DLL
explorerframe.dll 6.1.7601.17514 ExplorerFrame
expsrv.dll 6.0.72.9589 Visual Basic for Applications Runtime - Expression Service
f3ahvoas.dll 6.1.7600.16385 JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
faultrep.dll 6.1.7601.17514 Windows User Mode Crash Reporting DLL
fdbth.dll 6.1.7600.16385 Function Discovery Bluetooth Provider Dll
fdbthproxy.dll 6.1.7600.16385 Bluetooth Provider Proxy Dll
fde.dll 6.1.7601.17514 Folder Redirection Snapin Extension
fdeploy.dll 6.1.7601.17514 Folder Redirection Group Policy Extension
fdpnp.dll 6.1.7600.16385 Pnp Provider Dll
fdproxy.dll 6.1.7600.16385 Function Discovery Proxy Dll
fdssdp.dll 6.1.7600.16385 Function Discovery SSDP Provider Dll
fdwcn.dll 6.1.7600.16385 Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll 6.1.7600.16385 Function Discovery WNet Provider Dll
fdwsd.dll 6.1.7600.16385 Function Discovery WS Discovery Provider Dll
feclient.dll 6.1.7600.16385 Windows NT File Encryption Client Interfaces
filemgmt.dll 6.1.7600.16385 Services and Shared Folders
findnetprinters.dll 6.1.7600.16385 Find Network Printers COM Component
firewallapi.dll 6.1.7600.16385 Windows Firewall API
firewallcontrolpanel.dll 6.1.7601.17514 Windows Firewall Control Panel
fltlib.dll 6.1.7600.16385 Filter Library
fmifs.dll 6.1.7600.16385 FM IFS Utility DLL
fms.dll 1.1.6000.16384 Font Management Services
fontext.dll 6.1.7601.17514 Windows Font Folder
fontsub.dll 6.1.7601.17105 Font Subsetting DLL
fphc.dll 6.1.7601.17514 Filtering Platform Helper Class
framedyn.dll 6.1.7601.17514 WMI SDK Provider Framework
framedynos.dll 6.1.7601.17514 WMI SDK Provider Framework
frapsvid.dll 3.2.6.12176 Fraps
fthsvc.dll 6.1.7600.16385 Microsoft Windows Fault Tolerant Heap Diagnostic Module
fundisc.dll 6.1.7600.16385 Function Discovery Dll
fwcfg.dll 6.1.7600.16385 Windows Firewall Configuration Helper
fwpuclnt.dll 6.1.7601.17514 FWP/IPsec User-Mode API
fwremotesvr.dll 6.1.7600.16385 Windows Firewall Remote APIs Server
fxsapi.dll 6.1.7600.16385 Microsoft Fax API Support DLL
fxscom.dll 6.1.7600.16385 Microsoft Fax Server COM Client Interface
fxscomex.dll 6.1.7600.16385 Microsoft Fax Server Extended COM Client Interface
fxsext32.dll 6.1.7600.16385 Microsoft Fax Exchange Command Extension
fxsresm.dll 6.1.7600.16385 Microsoft Fax Resource DLL
fxsxp32.dll 6.1.7600.16385 Microsoft Fax Transport Provider
gameux.dll 6.1.7601.17514 Games Explorer
gameuxlegacygdfs.dll 1.0.0.1 Legacy GDF resource DLL
gcdef.dll 6.1.7600.16385 Game Controllers Default Sheets
gdi32.dll 6.1.7601.17514 GDI Client DLL
getuname.dll 6.1.7600.16385 Unicode name Dll for UCE
glmf32.dll 6.1.7600.16385 OpenGL Metafiling DLL
glu32.dll 6.1.7600.16385 OpenGL Utility Library DLL
gpapi.dll 6.1.7600.16385 Group Policy Client API
gpedit.dll 6.1.7600.16385 GPEdit
gpprefcl.dll 6.1.7601.17514 Group Policy Preference Client
gpprnext.dll 6.1.7600.16385 Group Policy Printer Extension
gpscript.dll 6.1.7600.16385 Script Client Side Extension
gptext.dll 6.1.7600.16385 GPTExt
hbaapi.dll 6.1.7601.17514 HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll 6.1.7600.16385 Action Center Providers
helppaneproxy.dll 6.1.7600.16385 Microsoft® Help Proxy
hgcpl.dll 6.1.7601.17514 HomeGroup Control Panel
hhsetup.dll 6.1.7600.16385 Microsoft® HTML Help
hid.dll 6.1.7600.16385 Hid User Library
hidserv.dll 6.1.7600.16385 HID Service
hlink.dll 6.1.7600.16385 Microsoft Office 2000 component
hnetcfg.dll 6.1.7600.16385 Home Networking Configuration Manager
hnetmon.dll 6.1.7600.16385 Home Networking Monitor DLL
httpapi.dll 6.1.7601.17514 HTTP Protocol Stack API
htui.dll 6.1.7600.16385 Common halftone Color Adjustment Dialogs
ias.dll 6.1.7600.16385 Network Policy Server
iasacct.dll 6.1.7601.17514 NPS Accounting Provider
iasads.dll 6.1.7600.16385 NPS Active Directory Data Store
iasdatastore.dll 6.1.7600.16385 NPS Datastore server
iashlpr.dll 6.1.7600.16385 NPS Surrogate Component
iasmigplugin.dll 6.1.7600.16385 NPS Migration DLL
iasnap.dll 6.1.7600.16385 NPS NAP Provider
iaspolcy.dll 6.1.7600.16385 NPS Pipeline
iasrad.dll 6.1.7601.17514 NPS RADIUS Protocol Component
iasrecst.dll 6.1.7601.17514 NPS XML Datastore Access
iassam.dll 6.1.7600.16385 NPS NT SAM Provider
iassdo.dll 6.1.7600.16385 NPS SDO Component
iassvcs.dll 6.1.7600.16385 NPS Services Component
icardie.dll 8.0.7600.16385 Microsoft Information Card IE Helper
icardres.dll 3.0.4506.4926 Windows CardSpace
icclibdll.dll
iccvid.dll 1.10.0.13 Cinepak® Codec
icm32.dll 6.1.7600.16385 Microsoft Color Management Module (CMM)
icmp.dll 6.1.7600.16385 ICMP DLL
icmui.dll 6.1.7600.16385 Microsoft Color Matching System User Interface DLL
iconcodecservice.dll 6.1.7600.16385 Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll 6.1.7600.16385 Internet Gateway Device properties
idndl.dll 6.1.7600.16385 Downlevel DLL
idstore.dll 6.1.7600.16385 Identity Store
ieakeng.dll 8.0.7600.16385 Internet Explorer Administration Kit Engine Library
ieaksie.dll 8.0.7600.16385 Internet Explorer Snap-in Extension to Group Policy
ieakui.dll 8.0.7600.16385 Microsoft IEAK Shared UI DLL
ieapfltr.dll 8.0.6001.18669 Microsoft SmartScreen Filter
iedkcs32.dll 18.0.7601.17514 IEAK branding
ieframe.dll 8.0.7601.17573 Internet Browser
iepeers.dll 8.0.7601.17514 Internet Explorer Peer Objects
iernonce.dll 8.0.7600.16385 Extended RunOnce processing with UI
iertutil.dll 8.0.7601.17514 Run time utility for Internet Explorer
iesetup.dll 8.0.7600.16385 IOD Version Map
iesysprep.dll 8.0.7601.17514 IE Sysprep Provider
ieui.dll 8.0.7601.17573 Internet Explorer UI Engine
ifmon.dll 6.1.7600.16385 IF Monitor DLL
ifsutil.dll 6.1.7601.17514 IFS Utility DLL
ifsutilx.dll 6.1.7600.16385 IFS Utility Extension DLL
imagehlp.dll 6.1.7601.17514 Windows NT Image Helper
imageres.dll 6.1.7600.16385 Windows Image Resource
imagesp1.dll 6.1.7600.16385 Windows SP1 Image Resource
imapi.dll 6.1.7600.16385 Image Mastering API
imapi2.dll 6.1.7601.17514 Image Mastering API v2
imapi2fs.dll 6.1.7601.17514 Image Mastering File System Imaging API v2
imgutil.dll 8.0.7601.17514 IE plugin image decoder support DLL
imjp10k.dll 10.1.7600.16385 Microsoft IME
imm32.dll 6.1.7601.17514 Multi-User Windows IMM32 API Client DLL
inetcomm.dll 6.1.7601.17574 Microsoft Internet Messaging API Resources
inetmib1.dll 6.1.7601.17514 Microsoft MIB-II subagent
inetres.dll 6.1.7600.16385 Microsoft Internet Messaging API Resources
infocardapi.dll 3.0.4506.4926 Microsoft InfoCards
inked.dll 6.1.7600.16385 Microsoft Tablet PC InkEdit Control
input.dll 6.1.7601.17514 InputSetting DLL
inseng.dll 8.0.7601.17514 Install engine
iologmsg.dll 6.1.7600.16385 IO Logging DLL
ipbusenumproxy.dll 6.1.7600.16385 Associated Device Presence Proxy Dll
iphlpapi.dll 6.1.7601.17514 IP Helper API
iprop.dll 6.1.7600.16385 OLE PropertySet Implementation
iprtprio.dll 6.1.7600.16385 IP Routing Protocol Priority DLL
iprtrmgr.dll 6.1.7601.17514 IP Router Manager
ipsecsnp.dll 6.1.7600.16385 IP Security Policy Management Snap-in
ipsmsnap.dll 6.1.7601.17514 IP Security Monitor Snap-in
ir32_32.dll 3.24.15.3 Intel Indeo(R) Video R3.2 32-bit Driver
ir41_qc.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor
ir41_qcx.dll 4.30.62.2 Intel Indeo® Video Interactive Quick Compressor
ir50_32.dll 5.2562.15.55 Intel Indeo® video 5.10
ir50_qc.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor
ir50_qcx.dll 5.0.63.48 Intel Indeo® video 5.10 Quick Compressor
irclass.dll 6.1.7600.16385 Infrared Class Coinstaller
iscsicpl.dll 5.2.3790.1830 iSCSI Initiator Control Panel Applet
iscsidsc.dll 6.1.7600.16385 iSCSI Discovery api
iscsied.dll 6.1.7600.16385 iSCSI Extension DLL
iscsium.dll 6.1.7601.17514 iSCSI Discovery api
iscsiwmi.dll 6.1.7600.16385 MS iSCSI Initiator WMI Provider
issacapi_bs-2.3.dll
issacapi_pe-2.3.dll
issacapi_se-2.3.dll
itircl.dll 6.1.7601.17514 Microsoft® InfoTech IR Local DLL
itss.dll 6.1.7600.16385 Microsoft® InfoTech Storage System Library
itvdata.dll 6.6.7601.17514 iTV Data Filters.
iyuv_32.dll 6.1.7601.17514 Intel Indeo(R) Video YUV Codec
jscript.dll 5.8.7601.17562 Microsoft ® JScript
jsproxy.dll 8.0.7601.17573 JScript Proxy Auto-Configuration
kbd101.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 101
kbd101a.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll 6.1.7600.16385 KO Hangeul Keyboard Layout for 103
kbd106.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106
kbd106n.dll 6.1.7600.16385 JP Japanese Keyboard Layout for 106
kbda1.dll 6.1.7600.16385 Arabic_English_101 Keyboard Layout
kbda2.dll 6.1.7600.16385 Arabic_2 Keyboard Layout
kbda3.dll 6.1.7600.16385 Arabic_French_102 Keyboard Layout
kbdal.dll 6.1.7600.16385 Albania Keyboard Layout
kbdarme.dll 6.1.7600.16385 Eastern Armenian Keyboard Layout
kbdarmw.dll 6.1.7600.16385 Western Armenian Keyboard Layout
kbdax2.dll 6.1.7600.16385 JP Japanese Keyboard Layout for AX2
kbdaze.dll 6.1.7600.16385 Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll 6.1.7600.16385 Azeri-Latin Keyboard Layout
kbdbash.dll 6.1.7601.17514 Bashkir Keyboard Layout
kbdbe.dll 6.1.7600.16385 Belgian Keyboard Layout
kbdbene.dll 6.1.7600.16385 Belgian Dutch Keyboard Layout
kbdbgph.dll 6.1.7600.16385 Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll 6.1.7600.16385 Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll 6.1.7600.16385 Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll 6.1.7601.17514 Belarusian Keyboard Layout
kbdbr.dll 6.1.7600.16385 Brazilian Keyboard Layout
kbdbu.dll 6.1.7600.16385 Bulgarian (Typewriter) Keyboard Layout
kbdbulg.dll 6.1.7601.17514 Bulgarian Keyboard Layout
kbdca.dll 6.1.7600.16385 Canadian Multilingual Keyboard Layout
kbdcan.dll 6.1.7600.16385 Canadian Multilingual Standard Keyboard Layout
kbdcr.dll 6.1.7600.16385 Croatian/Slovenian Keyboard Layout
kbdcz.dll 6.1.7600.16385 Czech Keyboard Layout
kbdcz1.dll 6.1.7601.17514 Czech_101 Keyboard Layout
kbdcz2.dll 6.1.7600.16385 Czech_Programmer's Keyboard Layout
kbdda.dll 6.1.7600.16385 Danish Keyboard Layout
kbddiv1.dll 6.1.7600.16385 Divehi Phonetic Keyboard Layout
kbddiv2.dll 6.1.7600.16385 Divehi Typewriter Keyboard Layout
kbddv.dll 6.1.7600.16385 Dvorak US English Keyboard Layout
kbdes.dll 6.1.7600.16385 Spanish Alernate Keyboard Layout
kbdest.dll 6.1.7600.16385 Estonia Keyboard Layout
kbdfa.dll 6.1.7600.16385 Persian Keyboard Layout
kbdfc.dll 6.1.7600.16385 Canadian French Keyboard Layout
kbdfi.dll 6.1.7600.16385 Finnish Keyboard Layout
kbdfi1.dll 6.1.7600.16385 Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll 6.1.7600.16385 Færoese Keyboard Layout
kbdfr.dll 6.1.7600.16385 French Keyboard Layout
kbdgae.dll 6.1.7600.16385 Gaelic Keyboard Layout
kbdgeo.dll 6.1.7601.17514 Georgian Keyboard Layout
kbdgeoer.dll 6.1.7600.16385 Georgian (Ergonomic) Keyboard Layout
kbdgeoqw.dll 6.1.7600.16385 Georgian (QWERTY) Keyboard Layout
kbdgkl.dll 6.1.7601.17514 Greek_Latin Keyboard Layout
kbdgr.dll 6.1.7600.16385 German Keyboard Layout
kbdgr1.dll 6.1.7601.17514 German_IBM Keyboard Layout
kbdgrlnd.dll 6.1.7600.16385 Greenlandic Keyboard Layout
kbdhau.dll 6.1.7600.16385 Hausa Keyboard Layout
kbdhe.dll 6.1.7600.16385 Greek Keyboard Layout
kbdhe220.dll 6.1.7600.16385 Greek IBM 220 Keyboard Layout
kbdhe319.dll 6.1.7600.16385 Greek IBM 319 Keyboard Layout
kbdheb.dll 6.1.7600.16385 KBDHEB Keyboard Layout
kbdhela2.dll 6.1.7600.16385 Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll 6.1.7600.16385 Greek IBM 319 Latin Keyboard Layout
kbdhept.dll 6.1.7600.16385 Greek_Polytonic Keyboard Layout
kbdhu.dll 6.1.7600.16385 Hungarian Keyboard Layout
kbdhu1.dll 6.1.7600.16385 Hungarian 101-key Keyboard Layout
kbdibm02.dll 6.1.7600.16385 JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll 6.1.7600.16385 Igbo Keyboard Layout
kbdic.dll 6.1.7600.16385 Icelandic Keyboard Layout
kbdinasa.dll 6.1.7600.16385 Assamese (Inscript) Keyboard Layout
kbdinbe1.dll 6.1.7600.16385 Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll 6.1.7600.16385 Bengali (Inscript) Keyboard Layout
kbdinben.dll 6.1.7601.17514 Bengali Keyboard Layout
kbdindev.dll 6.1.7600.16385 Devanagari Keyboard Layout
kbdinguj.dll 6.1.7600.16385 Gujarati Keyboard Layout
kbdinhin.dll 6.1.7601.17514 Hindi Keyboard Layout
kbdinkan.dll 6.1.7601.17514 Kannada Keyboard Layout
kbdinmal.dll 6.1.7600.16385 Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll 6.1.7601.17514 Marathi Keyboard Layout
kbdinori.dll 6.1.7601.17514 Oriya Keyboard Layout
kbdinpun.dll 6.1.7600.16385 Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll 6.1.7601.17514 Tamil Keyboard Layout
kbdintel.dll 6.1.7601.17514 Telugu Keyboard Layout
kbdinuk2.dll 6.1.7600.16385 Inuktitut Naqittaut Keyboard Layout
kbdir.dll 6.1.7600.16385 Irish Keyboard Layout
kbdit.dll 6.1.7600.16385 Italian Keyboard Layout
kbdit142.dll 6.1.7600.16385 Italian 142 Keyboard Layout
kbdiulat.dll 6.1.7600.16385 Inuktitut Latin Keyboard Layout
kbdjpn.dll 6.1.7600.16385 JP Japanese Keyboard Layout Stub driver
kbdkaz.dll 6.1.7600.16385 Kazak_Cyrillic Keyboard Layout
kbdkhmr.dll 6.1.7600.16385 Cambodian Standard Keyboard Layout
kbdkor.dll 6.1.7600.16385 KO Hangeul Keyboard Layout Stub driver
kbdkyr.dll 6.1.7600.16385 Kyrgyz Keyboard Layout
kbdla.dll 6.1.7600.16385 Latin-American Spanish Keyboard Layout
kbdlao.dll 6.1.7600.16385 Lao Standard Keyboard Layout
kbdlk41a.dll 6.1.7601.17514 DEC LK411-AJ Keyboard Layout
kbdlt.dll 6.1.7600.16385 Lithuania Keyboard Layout
kbdlt1.dll 6.1.7601.17514 Lithuanian Keyboard Layout
kbdlt2.dll 6.1.7600.16385 Lithuanian Standard Keyboard Layout
kbdlv.dll 6.1.7600.16385 Latvia Keyboard Layout
kbdlv1.dll 6.1.7600.16385 Latvia-QWERTY Keyboard Layout
kbdmac.dll 6.1.7600.16385 Macedonian (FYROM) Keyboard Layout
kbdmacst.dll 6.1.7600.16385 Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll 6.1.7601.17514 Maori Keyboard Layout
kbdmlt47.dll 6.1.7600.16385 Maltese 47-key Keyboard Layout
kbdmlt48.dll 6.1.7600.16385 Maltese 48-key Keyboard Layout
kbdmon.dll 6.1.7601.17514 Mongolian Keyboard Layout
kbdmonmo.dll 6.1.7600.16385 Mongolian (Mongolian Script) Keyboard Layout
kbdne.dll 6.1.7600.16385 Dutch Keyboard Layout
kbdnec.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll 6.1.7600.16385 JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll 6.1.7600.16385 JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll 6.1.7601.17514 Nepali Keyboard Layout
kbdno.dll 6.1.7600.16385 Norwegian Keyboard Layout
kbdno1.dll 6.1.7600.16385 Norwegian with Sami Keyboard Layout
kbdnso.dll 6.1.7600.16385 Sesotho sa Leboa Keyboard Layout
kbdpash.dll 6.1.7600.16385 Pashto (Afghanistan) Keyboard Layout
kbdpl.dll 6.1.7600.16385 Polish Keyboard Layout
kbdpl1.dll 6.1.7600.16385 Polish Programmer's Keyboard Layout
kbdpo.dll 6.1.7601.17514 Portuguese Keyboard Layout
kbdro.dll 6.1.7600.16385 Romanian (Legacy) Keyboard Layout
kbdropr.dll 6.1.7600.16385 Romanian (Programmers) Keyboard Layout
kbdrost.dll 6.1.7600.16385 Romanian (Standard) Keyboard Layout
kbdru.dll 6.1.7600.16385 Russian Keyboard Layout
kbdru1.dll 6.1.7600.16385 Russia(Typewriter) Keyboard Layout
kbdsf.dll 6.1.7601.17514 Swiss French Keyboard Layout
kbdsg.dll 6.1.7601.17514 Swiss German Keyboard Layout
kbdsl.dll 6.1.7600.16385 Slovak Keyboard Layout
kbdsl1.dll 6.1.7600.16385 Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll 6.1.7600.16385 Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll 6.1.7600.16385 Sami Extended Norway Keyboard Layout
kbdsn1.dll 6.1.7600.16385 Sinhala Keyboard Layout
kbdsorex.dll 6.1.7600.16385 Sorbian Extended Keyboard Layout
kbdsors1.dll 6.1.7600.16385 Sorbian Standard Keyboard Layout
kbdsorst.dll 6.1.7600.16385 Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll 6.1.7600.16385 Spanish Keyboard Layout
kbdsw.dll 6.1.7600.16385 Swedish Keyboard Layout
kbdsw09.dll 6.1.7600.16385 Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll 6.1.7600.16385 Syriac Standard Keyboard Layout
kbdsyr2.dll 6.1.7600.16385 Syriac Phoenetic Keyboard Layout
kbdtajik.dll 6.1.7601.17514 Tajik Keyboard Layout
kbdtat.dll 6.1.7600.16385 Tatar_Cyrillic Keyboard Layout
kbdth0.dll 6.1.7600.16385 Thai Kedmanee Keyboard Layout
kbdth1.dll 6.1.7600.16385 Thai Pattachote Keyboard Layout
kbdth2.dll 6.1.7600.16385 Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll 6.1.7600.16385 Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdtiprc.dll 6.1.7600.16385 Tibetan (PRC) Keyboard Layout
kbdtuf.dll 6.1.7601.17514 Turkish F Keyboard Layout
kbdtuq.dll 6.1.7601.17514 Turkish Q Keyboard Layout
kbdturme.dll 6.1.7601.17514 Turkmen Keyboard Layout
kbdughr.dll 6.1.7600.16385 Uyghur (Legacy) Keyboard Layout
kbdughr1.dll 6.1.7601.17514 Uyghur Keyboard Layout
kbduk.dll 6.1.7600.16385 United Kingdom Keyboard Layout
kbdukx.dll 6.1.7600.16385 United Kingdom Extended Keyboard Layout
kbdur.dll 6.1.7600.16385 Ukrainian Keyboard Layout
kbdur1.dll 6.1.7600.16385 Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll 6.1.7600.16385 Urdu Keyboard Layout
kbdus.dll 6.1.7601.17514 United States Keyboard Layout
kbdusa.dll 6.1.7600.16385 US IBM Arabic 238_L Keyboard Layout
kbdusl.dll 6.1.7600.16385 Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll 6.1.7600.16385 Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll 6.1.7600.16385 US Multinational Keyboard Layout
kbduzb.dll 6.1.7600.16385 Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll 6.1.7600.16385 Vietnamese Keyboard Layout
kbdwol.dll 6.1.7600.16385 Wolof Keyboard Layout
kbdyak.dll 6.1.7600.16385 Yakut - Russia Keyboard Layout
kbdyba.dll 6.1.7600.16385 Yoruba Keyboard Layout
kbdycc.dll 6.1.7600.16385 Serbian (Cyrillic) Keyboard Layout
kbdycl.dll 6.1.7600.16385 Serbian (Latin) Keyboard Layout
kerberos.dll 6.1.7601.17527 Kerberos Security Package
kernel32.dll 6.1.7601.17514 Windows NT BASE API Client DLL
kernelbase.dll 6.1.7601.17514 Windows NT BASE API Client DLL
keyiso.dll 6.1.7600.16385 CNG Key Isolation Service
keymgr.dll 6.1.7600.16385 Stored User Names and Passwords
korwbrkr.dll 6.1.7600.16385 korwbrkr
ksuser.dll 6.1.7600.16385 User CSA Library
ktmw32.dll 6.1.7600.16385 Windows KTM Win32 Client DLL
l2gpstore.dll 6.1.7600.16385 Policy Storage dll
l2nacp.dll 6.1.7600.16385 Windows Onex Credential Provider
l2sechc.dll 6.1.7600.16385 Layer 2 Security Diagnostics Helper Classes
laprxy.dll 12.0.7600.16385 Windows Media Logagent Proxy
licmgr10.dll 8.0.7601.17514 Microsoft® License Manager DLL
linkinfo.dll 6.1.7600.16385 Windows Volume Tracking
livessp.dll 6.500.3165.0 LiveSSP
loadperf.dll 6.1.7600.16385 Load & Unload Performance Counters
localsec.dll 6.1.7601.17514 Local Users and Groups MMC Snapin
locationapi.dll 6.1.7600.16385 Microsoft Windows Location API
loghours.dll 6.1.7600.16385 Schedule Dialog
logoncli.dll 6.1.7601.17514 Net Logon Client DLL
lpk.dll 6.1.7600.16385 Language Pack
lsmproxy.dll 6.1.7601.17514 LSM interfaces proxy Dll
luainstall.dll 6.1.7601.17514 Lua manifest install
lz32.dll 6.1.7600.16385 LZ Expand/Compress API DLL
macxmlproto.dll 1.2.2005.128 ????? ???? ?????
madrm.dll 3.0.2004.1011 MaDRM DLL
magnification.dll 6.1.7600.16385 Microsoft Magnification API
majguilib.dll 1.0.2004.301 MaJGUILib DLL
mamacextract.dll 1.0.531.1 MAMACExtract
mapi32.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT
mapistub.dll 1.0.2536.0 Extended MAPI 1.0 for Windows NT
maxmlproto.dll 1.0.2004.602 MaXMLProto DLL
mcewmdrmndbootstrap.dll 1.3.2302.0 Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL
mciavi32.dll 6.1.7601.17514 Video For Windows MCI driver
mcicda.dll 6.1.7600.16385 MCI driver for cdaudio devices
mciqtz32.dll 6.6.7601.17514 DirectShow MCI Driver
mciseq.dll 6.1.7600.16385 MCI driver for MIDI sequencer
mciwave.dll 6.1.7600.16385 MCI driver for waveform audio
mctres.dll 6.1.7600.16385 MCT resource DLL
mdminst.dll 6.1.7600.16385 Modem Class Installer
mediametadatahandler.dll 6.1.7601.17514 Media Metadata Handler
mf.dll 12.0.7601.17514 Media Foundation DLL
mf3216.dll 6.1.7600.16385 32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll 6.1.7600.16385 Media Foundation AAC Encoder
mfc40.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version
mfc40u.dll 4.1.0.6151 MFCDLL Shared Library - Retail Version
mfc42.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version
mfc42u.dll 6.6.8064.0 MFCDLL Shared Library - Retail Version
mfcsubs.dll 2001.12.8530.16385 COM+
mfds.dll 12.0.7601.17514 Media Foundation Direct Show wrapper DLL
mfdvdec.dll 6.1.7600.16385 Media Foundation DV Decoder
mferror.dll 12.0.7600.16385 Media Foundation Error DLL
mfh264enc.dll 6.1.7600.16385 Media Foundation H264 Encoder
mfmjpegdec.dll 6.1.7600.16385 Media Foundation MJPEG Decoder
mfplat.dll 12.0.7600.16385 Media Foundation Platform DLL
mfplay.dll 12.0.7601.17514 Media Foundation Playback API DLL
mfps.dll 12.0.7600.16385 Media Foundation Proxy DLL
mfreadwrite.dll 12.0.7601.17514 Media Foundation ReadWrite DLL
mfvdsp.dll 6.1.7600.16385 Windows Media Foundation Video DSP Components
mfwmaaec.dll 6.1.7600.16385 Windows Media Audio AEC for Media Foundation
mgmtapi.dll 6.1.7600.16385 Microsoft SNMP Manager API (uses WinSNMP)
midimap.dll 6.1.7600.16385 Microsoft MIDI Mapper
migisol.dll 6.1.7601.17514 Migration System Isolation Layer
miguiresource.dll 6.1.7600.16385 MIG wini32 resources
mimefilt.dll 2008.0.7601.17514 MIME Filter
mk_lyric.dll 1.0.1124.1 MK_Lyric
mkl_blueripple.dll 1.0.2.0 Custom Math Kernel Library
mlang.dll 6.1.7600.16385 Multi Language Support DLL
mmcbase.dll 6.1.7600.16385 MMC Base DLL
mmci.dll 6.1.7600.16385 Media class installer
mmcico.dll 6.1.7600.16385 Media class co-installer
mmcndmgr.dll 6.1.7601.17514 MMC Node Manager DLL
mmcshext.dll 6.1.7600.16385 MMC Shell Extension DLL
mmdevapi.dll 6.1.7601.17514 MMDevice API
mmres.dll 6.1.7600.16385 General Audio Resources
modemui.dll 6.1.7600.16385 Windows Modem Properties
moricons.dll 6.1.7600.16385 Windows NT Setup Icon Resources Library
mp3dmod.dll 6.1.7600.16385 Microsoft MP3 Decoder DMO
mp43decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder
mp4sdecd.dll 6.1.7600.16385 Windows Media MPEG-4 S Video Decoder
mpg4decd.dll 6.1.7600.16385 Windows Media MPEG-4 Video Decoder
mpr.dll 6.1.7600.16385 Multiple Provider Router DLL
mprapi.dll 6.1.7601.17514 Windows NT MP Router Administration DLL
mprddm.dll 6.1.7601.17514 Demand Dial Manager Supervisor
mprdim.dll 6.1.7600.16385 Dynamic Interface Manager
mprmsg.dll 6.1.7600.16385 Multi-Protocol Router Service Messages DLL
msaatext.dll 2.0.10413.0 Active Accessibility text support
msac3enc.dll 6.1.7601.17514 Microsoft AC-3 Encoder
msacm32.dll 6.1.7600.16385 Microsoft ACM Audio Filter
msadce.dll 6.1.7601.17514 OLE DB Cursor Engine
msadcer.dll 6.1.7600.16385 OLE DB Cursor Engine Resources
msadcf.dll 6.1.7601.17514 Remote Data Services Data Factory
msadcfr.dll 6.1.7600.16385 Remote Data Services Data Factory Resources
msadco.dll 6.1.7601.17514 Remote Data Services Data Control
msadcor.dll 6.1.7600.16385 Remote Data Services Data Control Resources
msadcs.dll 6.1.7601.17514 Remote Data Services ISAPI Library
msadds.dll 6.1.7600.16385 OLE DB Data Shape Provider
msaddsr.dll 6.1.7600.16385 OLE DB Data Shape Provider Resources
msader15.dll 6.1.7600.16385 ActiveX Data Objects Resources
msado15.dll 6.1.7601.17514 ActiveX Data Objects
msadomd.dll 6.1.7601.17514 ActiveX Data Objects (Multi-Dimensional)
msador15.dll 6.1.7601.17514 Microsoft ActiveX Data Objects Recordset
msadox.dll 6.1.7601.17514 ActiveX Data Objects Extensions
msadrh15.dll 6.1.7600.16385 ActiveX Data Objects Rowset Helper
msafd.dll 6.1.7600.16385 Microsoft Windows Sockets 2.0 Service Provider
msasn1.dll 6.1.7601.17514 ASN.1 Runtime APIs
msaudite.dll 6.1.7600.16385 Security Audit Events DLL
mscandui.dll 6.1.7600.16385 MSCANDUI Server DLL
mscat32.dll 6.1.7600.16385 MSCAT32 Forwarder DLL
msclib.dll 1.0.0.8 MSCLib DLL
msclmd.dll 6.1.7601.17514 Microsoft Class Mini-driver
mscms.dll 6.1.7601.17514 Microsoft Color Matching System DLL
mscoree.dll 4.0.40305.0 Microsoft .NET Runtime Execution Engine
mscorier.dll 2.0.50727.5420 Microsoft .NET Runtime IE resources
mscories.dll 2.0.50727.5420 Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll 6.1.7600.16385 ODBC Code Page Translator Resources
mscpxl32.dll 6.1.7600.16385 ODBC Code Page Translator
msctf.dll 6.1.7600.16385 MSCTF Server DLL
msctfmonitor.dll 6.1.7600.16385 MsCtfMonitor DLL
msctfp.dll 6.1.7600.16385 MSCTFP Server DLL
msctfui.dll 6.1.7600.16385 MSCTFUI Server DLL
msdadc.dll 6.1.7600.16385 OLE DB Data Conversion Stub
msdadiag.dll 6.1.7600.16385 Built-In Diagnostics
msdaenum.dll 6.1.7600.16385 OLE DB Root Enumerator Stub
msdaer.dll 6.1.7600.16385 OLE DB Error Collection Stub
msdaora.dll 6.1.7600.16385 OLE DB Provider for Oracle
msdaorar.dll 6.1.7600.16385 OLE DB Provider for Oracle Resources
msdaosp.dll 6.1.7601.17514 OLE DB Simple Provider
msdaprsr.dll 6.1.7600.16385 OLE DB Persistence Services Resources
msdaprst.dll 6.1.7600.16385 OLE DB Persistence Services
msdaps.dll 6.1.7600.16385 OLE DB Interface Proxies/Stubs
msdarem.dll 6.1.7601.17514 OLE DB Remote Provider
msdaremr.dll 6.1.7600.16385 OLE DB Remote Provider Resources
msdart.dll 6.1.7600.16385 OLE DB Runtime Routines
msdasc.dll 6.1.7600.16385 OLE DB Service Components Stub
msdasql.dll 6.1.7601.17514 OLE DB Provider for ODBC Drivers
msdasqlr.dll 6.1.7600.16385 OLE DB Provider for ODBC Drivers Resources
msdatl3.dll 6.1.7600.16385 OLE DB Implementation Support Routines
msdatt.dll 6.1.7600.16385 OLE DB Temporary Table Services
msdaurl.dll 6.1.7600.16385 OLE DB RootBinder Stub
msdelta.dll 6.1.7600.16385 Microsoft Patch Engine
msdfmap.dll 6.1.7601.17514 Data Factory Handler
msdmo.dll 6.6.7601.17514 DMO Runtime
msdrm.dll 6.1.7601.17514 Windows Rights Management client
msdtcprx.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexch40.dll 4.0.9756.0 Microsoft Jet Exchange Isam
msexcl40.dll 4.0.9756.0 Microsoft Jet Excel Isam
msfeeds.dll 8.0.7601.17514 Microsoft Feeds Manager
msfeedsbs.dll 8.0.7601.17514 Microsoft Feeds Background Sync
msflib.dll 1.0.0.7 MSFLib DLL
msftedit.dll 5.41.21.2510 Rich Text Edit Control, v4.1
mshtml.dll 8.0.7601.17573 Microsoft (R) HTML Viewer
mshtmled.dll 8.0.7601.17514 Microsoft® HTML Editing Component
mshtmler.dll 8.0.7600.16385 Microsoft® HTML Editing Component's Resource DLL
msi.dll 5.0.7601.17514 Windows Installer
msidcrl30.dll 6.1.7600.16385 IDCRL Dynamic Link Library
msident.dll 6.1.7600.16385 Microsoft Identity Manager
msidle.dll 6.1.7600.16385 User Idle Monitor
msidntld.dll 6.1.7600.16385 Microsoft Identity Manager
msieftp.dll 6.1.7601.17514 Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll 5.0.7601.17514 Windows® installer
msiltcfg.dll 5.0.7600.16385 Windows Installer Configuration API Stub
msimg32.dll 6.1.7600.16385 GDIEXT Client DLL
msimsg.dll 5.0.7600.16385 Windows® Installer International Messages
msimtf.dll 6.1.7600.16385 Active IMM Server DLL
msisip.dll 5.0.7600.16385 MSI Signature SIP Provider
msjet40.dll 4.0.9756.0 Microsoft Jet Engine Library
msjetoledb40.dll 4.0.9756.0
msjint40.dll 4.0.9756.0 Microsoft Jet Database Engine International DLL
msjro.dll 6.1.7601.17514 Jet and Replication Objects
msjter40.dll 4.0.9756.0 Microsoft Jet Database Engine Error DLL
msjtes40.dll 4.0.9756.0 Microsoft Jet Expression Service
msls31.dll 3.10.349.0 Microsoft Line Services library file
msltus40.dll 4.0.9756.0 Microsoft Jet Lotus 1-2-3 Isam
mslur71.dll 7.10.0.0 User-Generated Microsoft (R) C/C++ Runtime Library
msmpeg2adec.dll 6.1.7140.0 Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll 6.1.7601.17514 Microsoft MPEG-2 Encoder
msmpeg2vdec.dll 6.1.7140.0 Microsoft DTV-DVD Video Decoder
msnetobj.dll 11.0.7601.17514 DRM ActiveX Network Object
msobjs.dll 6.1.7600.16385 System object audit names
msoeacct.dll 6.1.7600.16385 Microsoft Internet Account Manager
msoert2.dll 6.1.7600.16385 Microsoft Windows Mail RT Lib
msorc32r.dll 6.1.7600.16385 ODBC Driver for Oracle Resources
msorcl32.dll 6.1.7601.17514 ODBC Driver for Oracle
mspatcha.dll 6.1.7600.16385 Microsoft File Patch Application API
mspbde40.dll 4.0.9756.0 Microsoft Jet Paradox Isam
msports.dll 6.1.7600.16385 Ports Class Installer
msrating.dll 8.0.7601.17514 Internet Ratings and Local User Management DLL
msrd2x40.dll 4.0.9756.0 Microsoft (R) Red ISAM
msrd3x40.dll 4.0.9756.0 Microsoft (R) Red ISAM
msrdc.dll 6.1.7600.16385 Remote Differential Compression COM server
msrdpwebaccess.dll 6.1.7600.16385 Microsoft Remote Desktop Services Web Access Control
msrepl40.dll 4.0.9756.0 Microsoft Replication Library
msrle32.dll 6.1.7601.17514 Microsoft RLE Compressor
msscntrs.dll 7.0.7600.16385 msscntrs.dll
msscp.dll 11.0.7601.17514 Windows Media Secure Content Provider
mssha.dll 6.1.7600.16385 Windows Security Health Agent
msshavmsg.dll 6.1.7600.16385 Windows Security Health Agent Validator Message
msshooks.dll 7.0.7600.16385 MSSHooks.dll
mssign32.dll 6.1.7600.16385 Microsoft Trust Signing APIs
mssip32.dll 6.1.7600.16385 MSSIP32 Forwarder DLL
mssitlb.dll 7.0.7600.16385 mssitlb
mssph.dll 7.0.7600.16385 Microsoft Search Protocol Handler
mssphtb.dll 7.0.7601.17514 Outlook MSSearch Connector
mssprxy.dll 7.0.7600.16385 Microsoft Search Proxy
mssrch.dll 7.0.7601.17514 mssrch.dll
mssvp.dll 7.0.7601.17514 MSSearch Vista Platform
msswch.dll 6.1.7600.16385 msswch
mstask.dll 6.1.7601.17514 Task Scheduler interface DLL
mstext40.dll 4.0.9756.0 Microsoft Jet Text Isam
mstime.dll 8.0.7601.17514 Microsoft (R) Timed Interactive Multimedia Extensions to HTML
mstscax.dll 6.1.7601.17514 Remote Desktop Services ActiveX Client
msutb.dll 6.1.7601.17514 MSUTB Server DLL
msv1_0.dll 6.1.7601.17514 Microsoft Authentication Package v1.0
msvbvm60.dll 6.0.98.15 Visual Basic Virtual Machine
msvcirt.dll 7.0.7600.16385 Windows NT IOStreams DLL
msvcp60.dll 7.0.7600.16385 Windows NT C++ Runtime Library DLL
msvcr100_clr0400.dll 10.0.30319.1 Microsoft® C Runtime Library
msvcr71.dll 7.10.3052.4 Microsoft® C Runtime Library
msvcrt.dll 7.0.7600.16385 Windows NT CRT DLL
msvcrt20.dll 2.12.0.0 Microsoft® C Runtime Library
msvcrt40.dll 6.1.7600.16385 VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll 6.1.7601.17514 Microsoft Video for Windows DLL
msvidc32.dll 6.1.7601.17514 Microsoft Video 1 Compressor
msvidctl.dll 6.5.7601.17514 ActiveX control for streaming video
mswdat10.dll 4.0.9756.0 Microsoft Jet Sort Tables
mswmdm.dll 12.0.7600.16385 Windows Media Device Manager Core
mswsock.dll 6.1.7601.17514 Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll 4.0.9756.0 Microsoft Jet Sort Library
msxactps.dll 6.1.7600.16385 OLE DB Transaction Proxies/Stubs
msxbde40.dll 4.0.9756.0 Microsoft Jet xBASE Isam
msxml3.dll 8.110.7601.17514 MSXML 3.0 SP11
msxml3r.dll 8.110.7600.16385 XML Resources
msxml6.dll 6.30.7601.17514 MSXML 6.0 SP3
msxml6r.dll 6.30.7600.16385 XML Resources
msyuv.dll 6.1.7601.17514 Microsoft UYVY Video Decompressor
mttelechip.dll 1.9.4.2 USB Dynamic Link Library for TCC730
mtxclu.dll 2001.12.8531.17514 Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll 2001.12.8530.16385 COM+
mtxex.dll 2001.12.8530.16385 COM+
mtxlegih.dll 2001.12.8530.16385 COM+
mtxoci.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
mtxsyncicon.dll 1.0.0.1 MTXSYNCICON Module
muifontsetup.dll 6.1.7601.17514 MUI Callback for font registry settings
muzaf1.dll 1.0.0.60410 AOD Sourcer Filter
muzapp.dll 1.3.9.303 MUZAoDAppCtrl Module
muzwmts.dll 1.0.0.60208 P3WMTSplitter Filter
mycomput.dll 6.1.7600.16385 Computer Management
mydocs.dll 6.1.7601.17514 My Documents Folder UI
napcrypt.dll 6.1.7601.17514 NAP Cryptographic API helper
napdsnap.dll 6.1.7601.17514 NAP GPEdit Extension
naphlpr.dll 6.1.7601.17514 NAP client config API helper
napinsp.dll 6.1.7600.16385 E-mail Naming Shim Provider
napipsec.dll 6.1.7600.16385 NAP IPSec Enforcement Client
napmontr.dll 6.1.7600.16385 NAP Netsh Helper
nativehooks.dll 6.1.7600.16385 Microsoft Narrator Native hook handler
naturallanguage6.dll 6.1.7601.17514 Natural Language Development Platform 6
ncdprop.dll 6.1.7600.16385 Advanced network device properties
nci.dll 6.1.7601.17514 CoInstaller: NET
ncobjapi.dll 6.1.7600.16385 Microsoft® Windows® Operating System
ncrypt.dll 6.1.7600.16385 Windows cryptographic library
ncryptui.dll 6.1.7601.17514 Windows cryptographic key protection UI library
ncsi.dll 6.1.7601.17514 Network Connectivity Status Indicator
nddeapi.dll 6.1.7600.16385 Network DDE Share Management APIs
ndfapi.dll 6.1.7600.16385 Network Diagnostic Framework Client API
ndfetw.dll 6.1.7600.16385 Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll 6.1.7600.16385 Network Diagnostic Framework HC Discovery API
ndiscapcfg.dll 6.1.7600.16385 NdisCap Notify Object
ndishc.dll 6.1.7600.16385 NDIS Helper Classes
ndproxystub.dll 6.1.7600.16385 Network Diagnostic Engine Proxy/Stub
negoexts.dll 6.1.7600.16385 NegoExtender Security Package
netapi32.dll 6.1.7601.17514 Net Win32 API DLL
netbios.dll 6.1.7600.16385 NetBIOS Interface Library
netcenter.dll 6.1.7601.17514 Network Center control panel
netcfgx.dll 6.1.7601.17514 Network Configuration Objects
netcorehc.dll 6.1.7600.16385 Networking Core Diagnostics Helper Classes
netdiagfx.dll 6.1.7601.17514 Network Diagnostic Framework
netevent.dll 6.1.7600.16385 Net Event Handler
netfxperf.dll 4.0.40305.0 Extensible Performance Counter Shim
neth.dll 6.1.7600.16385 Net Help Messages DLL
netid.dll 6.1.7601.17514 System Control Panel Applet; Network ID Page
netiohlp.dll 6.1.7601.17514 Netio Helper DLL
netjoin.dll 6.1.7601.17514 Domain Join DLL
netlogon.dll 6.1.7601.17514 Net Logon Services DLL
netmsg.dll 6.1.7600.16385 Net Messages DLL
netplwiz.dll 6.1.7601.17514 Map Network Drives/Network Places Wizard
netprof.dll 6.1.7600.16385 Network Profile Management UI
netprofm.dll 6.1.7600.16385 Network List Manager
netshell.dll 6.1.7601.17514 Network Connections Shell
netutils.dll 6.1.7601.17514 Net Win32 API Helpers DLL
networkexplorer.dll 6.1.7601.17514 Network Explorer
networkitemfactory.dll 6.1.7600.16385 NetworkItem Factory
networkmap.dll 6.1.7601.17514 Network Map
newdev.dll 6.0.5054.0 Add Hardware Device Library
nlaapi.dll 6.1.7601.17514 Network Location Awareness 2
nlhtml.dll 2008.0.7600.16385 HTML filter
nlmgp.dll 6.1.7600.16385 Network List Manager Snapin
nlmsprep.dll 6.1.7600.16385 Network List Manager Sysprep Module
nlsbres.dll 6.1.7601.17514 NLSBuild resource DLL
nlsdata0000.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code
nlsdata0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code
nlsdata000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code
nlsdata000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code
nlsdata000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code
nlsdata0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdata0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsdl.dll 6.1.7600.16385 Nls Downlevel DLL
nlslexicons0001.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0002.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0003.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0007.dll 6.1.7600.16385 Microsoft German Natural Language Server Data and Code
nlslexicons0009.dll 6.1.7600.16385 Microsoft English Natural Language Server Data and Code
nlslexicons000a.dll 6.1.7600.16385 Microsoft Spanish Natural Language Server Data and Code
nlslexicons000c.dll 6.1.7600.16385 Microsoft French Natural Language Server Data and Code
nlslexicons000d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons000f.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0010.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code
nlslexicons0013.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0018.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0019.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons001a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons001b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons001d.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0020.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0021.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0022.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0024.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0026.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0027.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons002a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0039.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons003e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0045.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0046.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0047.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0049.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons004a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons004b.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons004c.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons004e.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0414.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0416.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0816.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons081a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlslexicons0c1a.dll 6.1.7600.16385 Microsoft Neutral Natural Language Server Data and Code
nlsmodels0011.dll 6.1.7600.16385 Microsoft Japanese Natural Language Server Data and Code
normaliz.dll 6.1.7600.16385 Unicode Normalization DLL
npmproxy.dll 6.1.7600.16385 Network List Manager Proxy
nshhttp.dll 6.1.7600.16385 HTTP netsh DLL
nshipsec.dll 6.1.7601.17514 Net Shell IP Security helper DLL
nshwfp.dll 6.1.7601.17514 Windows Filtering Platform Netsh Helper
nsi.dll 6.1.7600.16385 NSI User-mode interface DLL
ntdll.dll 6.1.7601.17514 NT Layer DLL
ntdsapi.dll 6.1.7600.16385 Active Directory Domain Services API
ntlanman.dll 6.1.7601.17514 Microsoft® Lan Manager
ntlanui2.dll 6.1.7600.16385 Network object shell UI
ntmarta.dll 6.1.7600.16385 Windows NT MARTA provider
ntprint.dll 6.1.7601.17514 Spooler Setup DLL
ntshrui.dll 6.1.7601.17514 Shell extensions for sharing
ntvdm64.dll 6.1.7600.16385 16-bit Emulation on NT64
objsel.dll 6.1.7600.16385 Object Picker Dialog
occache.dll 8.0.7601.17514 Object Control Viewer
ocsetapi.dll 6.1.7601.17514 Windows Optional Component Setup API
odbc32.dll 6.1.7601.17514 ODBC Driver Manager
odbc32gt.dll 6.1.7600.16385 ODBC Driver Generic Thunk
odbcbcp.dll 6.1.7600.16385 BCP for ODBC
odbcconf.dll 6.1.7601.17514 ODBC Driver Configuration Program
odbccp32.dll 6.1.7601.17514 ODBC Installer
odbccr32.dll 6.1.7600.16385 ODBC Cursor Library
odbccu32.dll 6.1.7600.16385 ODBC Cursor Library
odbcint.dll 6.1.7600.16385 ODBC Resources
odbcji32.dll 6.1.7600.16385 Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll 6.1.7601.17514 Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll 6.1.7601.17514 ODBC Driver Manager Trace
oddbse32.dll 6.1.7600.16385 ODBC (3.0) driver for DBase
odexl32.dll 6.1.7600.16385 ODBC (3.0) driver for Excel
odfox32.dll 6.1.7600.16385 ODBC (3.0) driver for FoxPro
odpdx32.dll 6.1.7600.16385 ODBC (3.0) driver for Paradox
odtext32.dll 6.1.7600.16385 ODBC (3.0) driver for text files
oemdspif.dll 6.15.6.6 ATI Driver Interface DLL
offfilt.dll 2008.0.7600.16385 OFFICE Filter
ogldrv.dll 6.1.7600.16385 MSOGL
ole2.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library
ole2disp.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library
ole2nls.dll 2.10.3050.1 OLE 2.1 16/32 Interoperability Library
ole32.dll 6.1.7601.17514 Microsoft OLE for Windows
oleacc.dll 7.0.0.0 Active Accessibility Core Component
oleacchooks.dll 7.0.0.0 Active Accessibility Event Hooks Library
oleaccrc.dll 7.0.0.0 Active Accessibility Resource DLL
oleaut32.dll 6.1.7601.17514
olecli32.dll 6.1.7600.16385 Object Linking and Embedding Client Library
oledb32.dll 6.1.7601.17514 OLE DB Core Services
oledb32r.dll 6.1.7600.16385 OLE DB Core Services Resources
oledlg.dll 6.1.7600.16385 OLE User Interface Support
oleprn.dll 6.1.7600.16385 Oleprn DLL
olepro32.dll 6.1.7601.17514
oleres.dll 6.1.7600.16385 Ole resource dll
olesvr32.dll 6.1.7600.16385 Object Linking and Embedding Server Library
olethk32.dll 6.1.7601.17514 Microsoft OLE for Windows
onex.dll 6.1.7601.17514 IEEE 802.1X supplicant library
onexui.dll 6.1.7601.17514 IEEE 802.1X supplicant UI library
onlineidcpl.dll 6.1.7601.17514 Online IDs Control Panel
oobefldr.dll 6.1.7601.17514 Getting Started
opcservices.dll 6.1.7601.17514 Native Code OPC Services Library
openal32.dll 6.14.357.24 Standard OpenAL(TM) Implementation
opencl.dll 1.1.0.0 OpenCL Client DLL
opengl32.dll 6.1.7600.16385 OpenGL Client DLL
osbaseln.dll 6.1.7600.16385 Service Reporting API
osuninst.dll 6.1.7600.16385 Uninstall Interface
ovdecode.dll
p2p.dll 6.1.7600.16385 Peer-to-Peer Grouping
p2pcollab.dll 6.1.7600.16385 Peer-to-Peer Collaboration
p2pgraph.dll 6.1.7600.16385 Peer-to-Peer Graphing
p2pnetsh.dll 6.1.7600.16385 Peer-to-Peer NetSh Helper
packager.dll 6.1.7600.16385 Object Packager2
panmap.dll 6.1.7600.16385 PANOSE(tm) Font Mapper
pautoenr.dll 6.1.7600.16385 Auto Enrollment DLL
pcaui.dll 6.1.7600.16385 Program Compatibility Assistant User Interface Module
pcwum.dll 6.1.7600.16385 Performance Counters for Windows Native DLL
pdh.dll 6.1.7601.17514 Windows Performance Data Helper DLL
pdhui.dll 6.1.7601.17514 PDH UI
peerdist.dll 6.1.7600.16385 BranchCache Client Library
peerdistsh.dll 6.1.7600.16385 BranchCache Netshell Helper
perfcentercpl.dll 6.1.7601.17514 Performance Center
perfctrs.dll 6.1.7600.16385 Performance Counters
perfdisk.dll 6.1.7600.16385 Windows Disk Performance Objects DLL
perfnet.dll 6.1.7600.16385 Windows Network Service Performance Objects DLL
perfos.dll 6.1.7600.16385 Windows System Performance Objects DLL
perfproc.dll 6.1.7600.16385 Windows System Process Performance Objects DLL
perfts.dll 6.1.7601.17514 Windows Remote Desktop Services Performance Objects
photometadatahandler.dll 6.1.7600.16385 Photo Metadata Handler
photowiz.dll 6.1.7601.17514 Photo Printing Wizard
pid.dll 6.1.7600.16385 Microsoft PID
pidgenx.dll 6.1.7600.16385 Pid Generation
pifmgr.dll 6.1.7601.17514 Windows NT PIF Manager Icon Resources Library
pku2u.dll 6.1.7600.16385 Pku2u Security Package
pla.dll 6.1.7601.17514 Performance Logs & Alerts
playsndsrv.dll 6.1.7600.16385 PlaySound Service
pmcsnap.dll 6.1.7600.16385 pmcsnap dll
pngfilt.dll 8.0.7600.16385 IE PNG plugin image decoder
pnidui.dll 6.1.7601.17514 Network System Icon
pnpsetup.dll 6.1.7600.16385 Pnp installer for CMI
pnrpnsp.dll 6.1.7600.16385 PNRP Name Space Provider
polstore.dll 6.1.7600.16385 Policy Storage dll
portabledeviceapi.dll 6.1.7601.17514 Windows Portable Device API Components
portabledeviceclassextension.dll 6.1.7600.16385 Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll 6.1.7600.16385 Portable Device Connection API Components
portabledevicestatus.dll 6.1.7601.17514 Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll 6.1.7601.17514 Microsoft Windows Portable Device Provider.
portabledevicetypes.dll 6.1.7600.16385 Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll 6.1.7600.16385 PortableDevice WIA Compatibility Driver
portabledevicewmdrm.dll 6.1.7600.16385 Windows Portable Device WMDRM Component
pots.dll 6.1.7600.16385 Power Troubleshooter
powercpl.dll 6.1.7601.17514 Power Options Control Panel
powrprof.dll 6.1.7600.16385 Power Profile Helper DLL
ppcsnap.dll 6.1.7600.16385 ppcsnap DLL
presentationcffrasterizernative_v0300.dll 3.0.6920.4902 WinFX OpenType/CFF Rasterizer
presentationhostproxy.dll 4.0.40305.0 Windows Presentation Foundation Host Proxy
presentationnative_v0300.dll 3.0.6920.4902 PresentationNative_v0300.dll
prflbmsg.dll 6.1.7600.16385 Perflib Event Messages
printui.dll 6.1.7601.17514 Printer Settings User Interface
prncache.dll 6.1.7601.17514 Print UI Cache
prnfldr.dll 6.1.7601.17514 prnfldr dll
prnntfy.dll 6.1.7600.16385 prnntfy DLL
prntvpt.dll 6.1.7601.17514 Print Ticket Services Module
profapi.dll 6.1.7600.16385 User Profile Basic API
propsys.dll 7.0.7601.17514 Microsoft Property System
provsvc.dll 6.1.7601.17514 Windows HomeGroup
provthrd.dll 6.1.7600.16385 WMI Provider Thread & Log Library
psapi.dll 6.1.7600.16385 Process Status Helper
psbase.dll 6.1.7600.16385 Protected Storage default provider
pshed.dll 6.1.7600.16385 Platform Specific Hardware Error Driver
psisdecd.dll 6.6.7600.16385 Microsoft SI/PSI parser for MPEG2 based networks.
pstorec.dll 6.1.7600.16385 Protected Storage COM interfaces
pstorsvc.dll 6.1.7600.16385 Protected storage server
puiapi.dll 6.1.7600.16385 puiapi DLL
puiobj.dll 6.1.7601.17514 PrintUI Objects DLL
pwrshplugin.dll 6.1.7600.16385 pwrshplugin.dll
qagent.dll 6.1.7601.17514 Quarantine Agent Proxy
qasf.dll 12.0.7601.17514 DirectShow ASF Support
qcap.dll 6.6.7601.17514 DirectShow Runtime.
qcliprov.dll 6.1.7601.17514 Quarantine Client WMI Provider
qdv.dll 6.6.7601.17514 DirectShow Runtime.
qdvd.dll 6.6.7601.17514 DirectShow DVD PlayBack Runtime.
qedit.dll 6.6.7601.17514 DirectShow Editing.
qedwipes.dll 6.6.7600.16385 DirectShow Editing SMPTE Wipes
qmgrprxy.dll 7.5.7600.16385 Background Intelligent Transfer Service Proxy
qshvhost.dll 6.1.7601.17514 Quarantine SHV Host
qsvrmgmt.dll 6.1.7601.17514 Quarantine Server Management
quartz.dll 6.6.7601.17514 DirectShow Runtime.
query.dll 6.1.7601.17514 Content Index Utility DLL
qutil.dll 6.1.7601.17514 Quarantine Utilities
qwave.dll 6.1.7600.16385 Windows NT
racengn.dll 6.1.7601.17514 Reliability analysis metrics calculation engine
racpldlg.dll 6.1.7600.16385 Remote Assistance Contact List
radardt.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Detector
radarrs.dll 6.1.7600.16385 Microsoft Windows Resource Exhaustion Resolver
rapture3d_oal.dll 2.4.8.0 Rapture3D OpenAL Renderer
rasadhlp.dll 6.1.7600.16385 Remote Access AutoDial Helper
rasapi32.dll 6.1.7600.16385 Remote Access API
rascfg.dll 6.1.7600.16385 RAS Configuration Objects
raschap.dll 6.1.7601.17514 Remote Access PPP CHAP
rasctrs.dll 6.1.7600.16385 Windows NT Remote Access Perfmon Counter dll
rasdiag.dll 6.1.7600.16385 RAS Diagnostics Helper Classes
rasdlg.dll 6.1.7600.16385 Remote Access Common Dialog API
rasgcw.dll 6.1.7600.16385 RAS Wizard Pages
rasman.dll 6.1.7600.16385 Remote Access Connection Manager
rasmm.dll 6.1.7600.16385 RAS Media Manager
rasmontr.dll 6.1.7600.16385 RAS Monitor DLL
rasmxs.dll 6.1.7600.16385 Remote Access Device DLL for modems, PADs and switches
rasplap.dll 6.1.7600.16385 RAS PLAP Credential Provider
rasppp.dll 6.1.7601.17514 Remote Access PPP
rasser.dll 6.1.7600.16385 Remote Access Media DLL for COM ports
rastapi.dll 6.1.7601.17514 Remote Access TAPI Compliance Layer
rastls.dll 6.1.7601.17514 Remote Access PPP EAP-TLS
rdpcore.dll 6.1.7601.17514 RDP Core DLL
rdpd3d.dll 6.1.7601.17514 RDP Direct3D Remoting DLL
rdpencom.dll 6.1.7601.17514 RDPSRAPI COM Objects
rdpendp.dll 6.1.7601.17514 RDP Audio Endpoint
rdprefdrvapi.dll 6.1.7601.17514 Reflector Driver API
rdvgumd32.dll 6.1.7601.17514 Microsoft vGPU
reagent.dll 6.1.7601.17514 Microsoft Windows Recovery Agent DLL
redemption.dll 4.8.0.1184 Outlook Redemption COM library
regapi.dll 6.1.7601.17514 Registry Configuration APIs
regctrl.dll 6.1.7600.16385 RegCtrl
remotepg.dll 6.1.7601.17514 Remote Sessions CPL Extension
resampledmo.dll 6.1.7600.16385 Windows Media Resampler
resutils.dll 6.1.7601.17514 Microsoft Cluster Resource Utility DLL
rgb9rast.dll 6.1.7600.16385 Microsoft® Windows® Operating System
riched20.dll 5.31.23.1230 Rich Text Edit Control, v3.1
riched32.dll 6.1.7601.17514 Wrapper Dll for Richedit 1.0
rnr20.dll 6.1.7600.16385 Windows Socket2 NameSpace DLL
rpcdiag.dll 6.1.7600.16385 RPC Diagnostics
rpchttp.dll 6.1.7601.17514 RPC HTTP DLL
rpcndfp.dll 1.0.0.1 RPC NDF Helper Class
rpcns4.dll 6.1.7600.16385 Remote Procedure Call Name Service Client
rpcnsh.dll 6.1.7600.16385 RPC Netshell Helper
rpcrt4.dll 6.1.7601.17514 Remote Procedure Call Runtime
rpcrtremote.dll 6.1.7601.17514 Remote RPC Extension
rsaenh.dll 6.1.7600.16385 Microsoft Enhanced Cryptographic Provider
rshx32.dll 6.1.7600.16385 Security Shell Extension
rstrtmgr.dll 6.1.7600.16385 Restart Manager
rtffilt.dll 2008.0.7600.16385 RTF Filter
rtm.dll 6.1.7600.16385 Routing Table Manager
rtutils.dll 6.1.7601.17514 Routing Utilities
samcli.dll 6.1.7601.17514 Security Accounts Manager Client DLL
samlib.dll 6.1.7600.16385 SAM Library DLL
sampleres.dll 6.1.7600.16385 Microsoft Samples
sas.dll 6.1.7600.16385 WinLogon Software SAS Library
sbe.dll 6.6.7601.17528 DirectShow Stream Buffer Filter.
sbeio.dll 12.0.7600.16385 Stream Buffer IO DLL
sberes.dll 6.6.7600.16385 DirectShow Stream Buffer Filter Resouces.
scansetting.dll 6.1.7601.17514 Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll 6.1.7600.16385 SCardDlg - Smart Card Common Dialog
scecli.dll 6.1.7601.17514 Windows Security Configuration Editor Client Engine
scesrv.dll 6.1.7601.17514 Windows Security Configuration Editor Engine
schannel.dll 6.1.7601.17514 TLS / SSL Security Provider
schedcli.dll 6.1.7601.17514 Scheduler Service Client DLL
scksp.dll 6.1.7600.16385 Microsoft Smart Card Key Storage Provider
scripto.dll 6.6.7600.16385 Microsoft ScriptO
scrobj.dll 5.8.7600.16385 Windows ® Script Component Runtime
scrptadm.dll 6.1.7601.17514 Script Adm Extension
scrrun.dll 5.8.7600.16385 Microsoft ® Script Runtime
sdiageng.dll 6.1.7600.16385 Scripted Diagnostics Execution Engine
sdiagprv.dll 6.1.7600.16385 Windows Scripted Diagnostic Provider API
sdohlp.dll 6.1.7600.16385 NPS SDO Helper Component
searchfolder.dll 6.1.7601.17514 SearchFolder
sechost.dll 6.1.7600.16385 Host for SCM/SDDL/LSA Lookup APIs
secproc.dll 6.1.7601.17514 Windows Rights Management Desktop Security Processor
secproc_isv.dll 6.1.7601.17514 Windows Rights Management Desktop Security Processor
secproc_ssp.dll 6.1.7601.17514 Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll 6.1.7601.17514 Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll 6.1.7601.17514 Security Support Provider Interface
security.dll 6.1.7600.16385 Security Support Provider Interface
sendmail.dll 6.1.7600.16385 Send Mail
sens.dll 6.1.7600.16385 System Event Notification Service (SENS)
sensapi.dll 6.1.7600.16385 SENS Connectivity API DLL
sensorsapi.dll 6.1.7600.16385 Sensor API
sensorscpl.dll 6.1.7601.17514 Open Location and Other Sensors
serialui.dll 6.1.7600.16385 Serial Port Property Pages
serwvdrv.dll 6.1.7600.16385 Unimodem Serial Wave driver
sessenv.dll 6.1.7601.17514 Remote Desktop Configuration service
setupapi.dll 6.1.7601.17514 Windows Setup API
setupcln.dll 6.1.7601.17514 Setup Files Cleanup
sfc.dll 6.1.7600.16385 Windows File Protection
sfc_os.dll 6.1.7600.16385 Windows File Protection
sfcom.dll 3.0.0.11 SFCOM.DLL
shacct.dll 6.1.7601.17514 Shell Accounts Classes
shdocvw.dll 6.1.7601.17514 Shell Doc Object and Control Library
shell32.dll 6.1.7601.17514 Windows Shell Common Dll
shellstyle.dll 6.1.7600.16385 Windows Shell Style Resource Dll
shfolder.dll 6.1.7600.16385 Shell Folder Service
shgina.dll 6.1.7601.17514 Windows Shell User Logon
shimeng.dll 6.1.7600.16385 Shim Engine DLL
shimgvw.dll 6.1.7601.17514 Photo Gallery Viewer
shlwapi.dll 6.1.7601.17514 Shell Light-weight Utility Library
shpafact.dll 6.1.7600.16385 Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll 6.1.7601.17514 Shell setup helper
shsvcs.dll 6.1.7601.17514 Windows Shell Services Dll
shunimpl.dll 6.1.7601.17514 Windows Shell Obsolete APIs
shwebsvc.dll 6.1.7601.17514 Windows Shell Web Services
signdrv.dll 6.1.7600.16385 WMI provider for Signed Drivers
sisbkup.dll 6.1.7601.17514 Single-Instance Store Backup Support Functions
slc.dll 6.1.7600.16385 Software Licensing Client Dll
slcext.dll 6.1.7600.16385 Software Licensing Client Extension Dll
slwga.dll 6.1.7601.17514 Software Licensing WGA API
smartcardcredentialprovider.dll 6.1.7601.17514 Windows Smartcard Credential Provider
smbhelperclass.dll 1.0.0.1 SMB (File Sharing) Helper Class for Network Diagnostic Framework
sndvolsso.dll 6.1.7601.17514 SCA Volume
snmpapi.dll 6.1.7600.16385 SNMP Utility Library
softkbd.dll 6.1.7600.16385 Soft Keyboard Server and Tip
softpub.dll 6.1.7600.16385 Softpub Forwarder DLL
sortserver2003compat.dll 6.1.7600.16385 Sort Version Server 2003
sortwindows6compat.dll 6.1.7600.16385 Sort Version Windows 6.0
spbcd.dll 6.1.7601.17514 BCD Sysprep Plugin
spfileq.dll 6.1.7600.16385 Windows SPFILEQ
spinf.dll 6.1.7600.16385 Windows SPINF
spnet.dll 6.1.7600.16385 Net Sysprep Plugin
spopk.dll 6.1.7601.17514 OPK Sysprep Plugin
spp.dll 6.1.7601.17514 Microsoft® Windows Shared Protection Point Library
sppc.dll 6.1.7601.17514 Software Licensing Client Dll
sppcc.dll 6.1.7600.16385 Software Licensing Commerce Client
sppcext.dll 6.1.7600.16385 Software Protection Platform Client Extension Dll
sppcomapi.dll 6.1.7601.17514 Software Licensing Library
sppcommdlg.dll 6.1.7600.16385 Software Licensing UI API
sppinst.dll 6.1.7601.17514 SPP CMI Installer Plug-in DLL
sppwmi.dll 6.1.7600.16385 Software Protection Platform WMI provider
spwinsat.dll 6.1.7600.16385 WinSAT Sysprep Plugin
spwizeng.dll 6.1.7601.17514 Setup Wizard Framework
spwizimg.dll 6.1.7600.16385 Setup Wizard Framework Resources
spwizres.dll 6.1.7601.17514 Setup Wizard Framework Resources
spwmp.dll 6.1.7601.17514 Windows Media Player System Preparation DLL
sqlceoledb30.dll 3.0.7600.0 Microsoft SQL Mobile
sqlceqp30.dll 3.0.7600.0 Microsoft SQL Mobile
sqlcese30.dll 3.0.7601.0 Microsoft SQL Mobile
sqloledb.dll 6.1.7601.17514 OLE DB Provider for SQL Server
sqlsrv32.dll 6.1.7601.17514 SQL Server ODBC Driver
sqlunirl.dll 2000.80.728.0 String Function .DLL for SQL Enterprise Components
sqlwid.dll 1999.10.20.0 Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll 1999.10.20.0 Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll 6.1.7600.16385 XML extensions for SQL Server
sqmapi.dll 6.1.7601.17514 SQM Client
srchadmin.dll 7.0.7601.17514 Indexing Options
srclient.dll 6.1.7600.16385 Microsoft® Windows System Restore Client Library
srhelper.dll 6.1.7600.16385 Microsoft® Windows driver and windows update enumeration library
srpuxnativesnapin.dll 6.1.7600.16385 Application Control Policies Group Policy Editor Extension
srvcli.dll 6.1.7601.17514 Server Service Client DLL
sscore.dll 6.1.7601.17514 Server Service Core DLL
ssdpapi.dll 6.1.7600.16385 SSDP Client API DLL
sspicli.dll 6.1.7601.17514 Security Support Provider Interface
ssshim.dll 6.1.7600.16385 Windows Componentization Platform Servicing API
stclient.dll 2001.12.8530.16385 COM+ Configuration Catalog Client
sti.dll 6.1.7600.16385 Still Image Devices client DLL
stobject.dll 6.1.7601.17514 Systray shell service object
storage.dll 2.10.35.35 OLE 2.1 16/32 Interoperability Library
storagecontexthandler.dll 6.1.7600.16385 Device Center Storage Context Menu Handler
storprop.dll 6.1.7600.16385 Property Pages for Storage Devices
structuredquery.dll 7.0.7601.17514 Structured Query
sud.dll 6.1.7601.17514 SUD Control Panel
sxproxy.dll 6.1.7600.16385 Microsoft® Windows System Protection Proxy Library
sxs.dll 6.1.7601.17514 Fusion 2.5
sxshared.dll 6.1.7600.16385 Microsoft® Windows SX Shared Library
sxsstore.dll 6.1.7600.16385 Sxs Store DLL
synccenter.dll 6.1.7601.17514 Microsoft Sync Center
synceng.dll 6.1.7600.16385 Windows Briefcase Engine
synchostps.dll 6.1.7600.16385 Proxystub for sync host
syncinfrastructure.dll 6.1.7600.16385 Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll 6.1.7600.16385 Microsoft Windows sync infrastructure proxy stub.
syncreg.dll 2007.94.7600.16385 Microsoft Synchronization Framework Registration
syncui.dll 6.1.7601.17514 Windows Briefcase
syssetup.dll 6.1.7601.17514 Windows NT System Setup
systemcpl.dll 6.1.7601.17514 My System CPL
t2embed.dll 6.1.7601.17514 Microsoft T2Embed Font Embedding
tapi3.dll 6.1.7600.16385 Microsoft TAPI3
tapi32.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API Client DLL
tapimigplugin.dll 6.1.7600.16385 Microsoft® Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Performance Monitor
tapisrv.dll 6.1.7601.17514 Microsoft® Windows(TM) Telephony Server
tapisysprep.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony Sysprep Work
tapiui.dll 6.1.7600.16385 Microsoft® Windows(TM) Telephony API UI DLL
taskcomp.dll 6.1.7601.17514 Task Scheduler Backward Compatibility Plug-in
taskschd.dll 6.1.7601.17514 Task Scheduler COM API
taskschdps.dll 6.1.7600.16385 Task Scheduler Interfaces Proxy
tbs.dll 6.1.7600.16385 TBS
tcpipcfg.dll 6.1.7601.17514 Network Configuration Objects
tcpmonui.dll 6.1.7600.16385 Standard TCP/IP Port Monitor UI DLL
tdh.dll 6.1.7600.16385 Event Trace Helper Library
termmgr.dll 6.1.7601.17514 Microsoft TAPI3 Terminal Manager
thawbrkr.dll 6.1.7600.16385 Thai Word Breaker
themecpl.dll 6.1.7601.17514 Personalization CPL
themeui.dll 6.1.7601.17514 Windows Theme API
thumbcache.dll 6.1.7601.17514 Microsoft Thumbnail Cache
timedatemuicallback.dll 6.1.7600.16385 Time Date Control UI Language Change plugin
tlscsp.dll 6.1.7601.17514 Microsoft® Remote Desktop Services Cryptographic Utility
tpmcompc.dll 6.1.7600.16385 Computer Chooser Dialog
tquery.dll 7.0.7601.17514 tquery.dll
traffic.dll 6.1.7600.16385 Microsoft Traffic Control 1.0 DLL
trapi.dll 6.1.7601.17514 Microsoft Narrator Text Renderer
tsbyuv.dll 6.1.7601.17514 Toshiba Video Codec
tschannel.dll 6.1.7600.16385 Task Scheduler Proxy
tsgqec.dll 6.1.7601.17514 RD Gateway QEC
tsmf.dll 6.1.7601.17514 RDP MF Plugin
tspkg.dll 6.1.7601.17514 Web Service Security Package
tsworkspace.dll 6.1.7601.17514 RemoteApp and Desktop Connection Component
tvratings.dll 6.6.7600.16385 Module for managing TV ratings
twext.dll 6.1.7601.17514 Previous Versions property page
txflog.dll 2001.12.8530.16385 COM+
txfw32.dll 6.1.7600.16385 TxF Win32 DLL
typelib.dll 2.10.3029.1 OLE 2.1 16/32 Interoperability Library
tzres.dll 6.1.7601.17514 Time Zones resource DLL
ubpm.dll 6.1.7600.16385 Unified Background Process Manager DLL
ucmhc.dll 6.1.7600.16385 UCM Helper Class
udhisapi.dll 6.1.7600.16385 UPnP Device Host ISAPI Extension
uexfat.dll 6.1.7600.16385 eXfat Utility DLL
ufat.dll 6.1.7600.16385 FAT Utility DLL
uianimation.dll 6.1.7600.16385 Windows Animation Manager
uiautomationcore.dll 7.0.0.0 Microsoft UI Automation Core
uicom.dll 6.1.7600.16385 Add/Remove Modems
uiribbon.dll 6.1.7601.17514 Windows Ribbon Framework
uiribbonres.dll 6.1.7601.17514 Windows Ribbon Framework Resources
ulib.dll 6.1.7600.16385 File Utilities Support DLL
umdmxfrm.dll 6.1.7600.16385 Unimodem Tranform Module
unimdmat.dll 6.1.7601.17514 Unimodem Service Provider AT Mini Driver
uniplat.dll 6.1.7600.16385 Unimodem AT Mini Driver Platform Driver for Windows NT
untfs.dll 6.1.7601.17514 NTFS Utility DLL
upnp.dll 6.1.7601.17514 UPnP Control Point API
upnphost.dll 6.1.7600.16385 UPnP Device Host
ureg.dll 6.1.7600.16385 Registry Utility DLL
url.dll 8.0.7600.16385 Internet Shortcut Shell Extension DLL
urlmon.dll 8.0.7601.17573 OLE32 Extensions for Win32
usbceip.dll 6.1.7600.16385 USBCEIP Task
usbperf.dll 6.1.7600.16385 USB Performance Objects DLL
usbui.dll 6.1.7600.16385 USB UI Dll
user32.dll 6.1.7601.17514 Multi-User Windows USER API Client DLL
useraccountcontrolsettings.dll 6.1.7601.17514 UserAccountControlSettings
usercpl.dll 6.1.7601.17514 User control panel
userenv.dll 6.1.7601.17514 Userenv
usp10.dll 1.626.7601.17514 Uniscribe Unicode script processor
utildll.dll 6.1.7601.17514 WinStation utility support DLL
uudf.dll 6.1.7600.16385 UDF Utility DLL
uxinit.dll 6.1.7600.16385 Windows User Experience Session Initialization Dll
uxlib.dll 6.1.7601.17514 Setup Wizard Framework
uxlibres.dll 6.1.7600.16385 UXLib Resources
uxtheme.dll 6.1.7600.16385 Microsoft UxTheme Library
van.dll 6.1.7601.17514 View Available Networks
vault.dll 6.1.7601.17514 Windows vault Control Panel
vaultcli.dll 6.1.7600.16385 Credential Vault Client Library
vbajet32.dll 6.0.1.9431 Visual Basic for Applications Development Environment - Expression Service Loader
vbscript.dll 5.8.7601.17562 Microsoft ® VBScript
vdmdbg.dll 6.1.7600.16385 VDMDBG.DLL
vds_ps.dll 6.1.7600.16385 Microsoft® Virtual Disk Service proxy/stub
vdsbas.dll 6.1.7601.17514 Virtual Disk Service Basic Provider
vdsdyn.dll 6.1.7600.16385 VDS Dynamic Volume Provider, Version 2.1.0.1
vdsvd.dll 6.1.7600.16385 VDS Virtual Disk Provider, Version 1.0
verifier.dll 6.1.7600.16385 Standard application verifier provider dll
version.dll 6.1.7600.16385 Version Checking and File Installation Libraries
vfpodbc.dll 1.0.2.0 vfpodbc
vfwwdm32.dll 6.1.7601.17514 VfW MM Driver for WDM Video Capture Devices
vidreszr.dll 6.1.7600.16385 Windows Media Resizer
virtdisk.dll 6.1.7600.16385 Virtual Disk API DLL
vpnikeapi.dll 6.1.7601.17514 VPN IKE API's
vss_ps.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service proxy/stub
vssapi.dll 6.1.7601.17514 Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll 6.1.7600.16385 Microsoft® Volume Shadow Copy Service Tracing Library
w32topl.dll 6.1.7600.16385 Windows NT Topology Maintenance Tool
wab32.dll 6.1.7600.16385 Microsoft (R) Contacts DLL
wab32res.dll 6.1.7600.16385 Microsoft (R) Contacts DLL
wabsyncprovider.dll 6.1.7600.16385 Microsoft Windows Contacts Sync Provider
wavemsp.dll 6.1.7601.17514 Microsoft Wave MSP
wbemcomn.dll 6.1.7601.17514 WMI
wcnapi.dll 6.1.7600.16385 Windows Connect Now - API Helper DLL
wcncsvc.dll 6.1.7601.17514 Windows Connect Now - Config Registrar Service
wcneapauthproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP Authenticator Proxy
wcneappeerproxy.dll 6.1.7600.16385 Windows Connect Now - WCN EAP PEER Proxy
wcnwiz.dll 6.1.7600.16385 Windows Connect Now Wizards
wcspluginservice.dll 6.1.7600.16385 WcsPlugInService DLL
wdc.dll 6.1.7601.17514 Performance Monitor
wdi.dll 6.1.7600.16385 Windows Diagnostic Infrastructure
wdigest.dll 6.1.7600.16385 Microsoft Digest Access
wdscore.dll 6.1.7601.17514 Panther Engine Module
webcheck.dll 8.0.7601.17514 Web Site Monitor
webclnt.dll 6.1.7601.17514 Web DAV Service DLL
webio.dll 6.1.7601.17514 Web Transfer Protocols API
webservices.dll 6.1.7601.17514 Windows Web Services Runtime
wecapi.dll 6.1.7600.16385 Event Collector Configuration API
wer.dll 6.1.7601.17514 Windows Error Reporting DLL
werdiagcontroller.dll 6.1.7600.16385 WER Diagnostic Controller
werui.dll 6.1.7600.16385 Windows Error Reporting UI DLL
wevtapi.dll 6.1.7600.16385 Eventing Consumption and Configuration API
wevtfwd.dll 6.1.7600.16385 WS-Management Event Forwarding Plug-in
wfapigp.dll 6.1.7600.16385 Windows Firewall GPO Helper dll
wfhc.dll 6.1.7600.16385 Windows Firewall Helper Class
whealogr.dll 6.1.7600.16385 WHEA Troubleshooter
whhelper.dll 6.1.7600.16385 Net shell helper DLL for winHttp
wiaaut.dll 6.1.7600.16385 WIA Automation Layer
wiadefui.dll 6.1.7601.17514 WIA Scanner Default UI
wiadss.dll 6.1.7600.16385 WIA TWAIN compatibility layer
wiaextensionhost64.dll 6.1.7600.16385 WIA Extension Host for thunking APIs from 32-bit to 64-bit process
wiascanprofiles.dll 6.1.7600.16385 Microsoft Windows ScanProfiles
wiashext.dll 6.1.7600.16385 Imaging Devices Shell Folder UI
wiatrace.dll 6.1.7600.16385 WIA Tracing
wiavideo.dll 6.1.7601.17514 WIA Video
wimgapi.dll 6.1.7601.17514 Windows Imaging Library
win32spl.dll 6.1.7601.17514 Client Side Rendering Print Provider
winbio.dll 6.1.7600.16385 Windows Biometrics Client API
winbrand.dll 6.1.7600.16385 Windows Branding Resources
wincredprovider.dll 6.1.7600.16385 wincredprovider DLL
windowscodecs.dll 6.1.7601.17514 Microsoft Windows Codecs Library
windowscodecsext.dll 6.1.7600.16385 Microsoft Windows Codecs Extended Library
winfax.dll 6.1.7600.16385 Microsoft Fax API Support DLL
winhttp.dll 6.1.7601.17514 Windows HTTP Services
wininet.dll 8.0.7601.17573 Internet Extensions for Win32
winipsec.dll 6.1.7600.16385 Windows IPsec SPD Client DLL
winmm.dll 6.1.7601.17514 MCI API DLL
winnsi.dll 6.1.7600.16385 Network Store Information RPC interface
winrnr.dll 6.1.7600.16385 LDAP RnR Provider DLL
winrscmd.dll 6.1.7600.16385 remtsvc
winrsmgr.dll 6.1.7600.16385 WSMan Shell API
winrssrv.dll 6.1.7600.16385 winrssrv
winsatapi.dll 6.1.7601.17514 Windows System Assessment Tool API
winscard.dll 6.1.7601.17514 Microsoft Smart Card API
winshfhc.dll 6.1.7600.16385 File Risk Estimation
winsockhc.dll 6.1.7600.16385 Winsock Network Diagnostic Helper Class
winsrpc.dll 6.1.7600.16385 WINS RPC LIBRARY
winsta.dll 6.1.7601.17514 Winstation Library
winsync.dll 2007.94.7600.16385 Synchronization Framework
winsyncmetastore.dll 2007.94.7600.16385 Windows Synchronization Metadata Store
winsyncproviders.dll 2007.94.7600.16385 Windows Synchronization Provider Framework
wintrust.dll 6.1.7601.17514 Microsoft Trust Verification APIs
winusb.dll 6.1.7600.16385 Windows USB Driver User Library
wkscli.dll 6.1.7601.17514 Workstation Service Client DLL
wksprtps.dll 6.1.7600.16385 WorkspaceRuntime ProxyStub DLL
wlanapi.dll 6.1.7600.16385 Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll 6.1.7600.16385 Wlan Netsh Helper DLL
wlanconn.dll 6.1.7600.16385 Dot11 Connection Flows
wlandlg.dll 6.1.7600.16385 Wireless Lan Dialog Wizards
wlangpui.dll 6.1.7601.17514 Wireless Network Policy Management Snap-in
wlanhlp.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Client Side Helper API
wlaninst.dll 6.1.7600.16385 Windows NET Device Class Co-Installer for Wireless LAN
wlanmm.dll 6.1.7600.16385 Dot11 Media and AdHoc Managers
wlanmsm.dll 6.1.7601.17514 Windows Wireless LAN 802.11 MSM DLL
wlanpref.dll 6.1.7601.17514 Wireless Preferred Networks
wlansec.dll 6.1.7600.16385 Windows Wireless LAN 802.11 MSM Security Module DLL
wlanui.dll 6.1.7601.17514 Wireless Profile UI
wlanutil.dll 6.1.7600.16385 Windows Wireless LAN 802.11 Utility DLL
wldap32.dll 6.1.7601.17514 Win32 LDAP API DLL
wlgpclnt.dll 6.1.7600.16385 802.11 Group Policy Client
wls0wndh.dll 6.1.7600.16385 Session0 Viewer Window Hook DLL
wmadmod.dll 6.1.7601.17514 Windows Media Audio Decoder
wmadmoe.dll 6.1.7600.16385 Windows Media Audio 10 Encoder/Transcoder
wmasf.dll 12.0.7600.16385 Windows Media ASF DLL
wmcodecdspps.dll 6.1.7600.16385 Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll 12.0.7600.16385 Windows Media Device Manager Logger
wmdmps.dll 12.0.7600.16385 Windows Media Device Manager Proxy Stub
wmdrmdev.dll 12.0.7601.17514 Windows Media DRM for Network Devices Registration DLL
wmdrmnet.dll 12.0.7601.17514 Windows Media DRM for Network Devices DLL
wmdrmsdk.dll 11.0.7601.17514 Windows Media DRM SDK DLL
wmerror.dll 12.0.7600.16385 Windows Media Error Definitions (English)
wmi.dll 6.1.7600.16385 WMI DC and DP functionality
wmidx.dll 12.0.7600.16385 Windows Media Indexer DLL
wmiprop.dll 6.1.7600.16385 WDM Provider Dynamic Property Page CoInstaller
wmnetmgr.dll 12.0.7601.17514 Windows Media Network Plugin Manager DLL
wmp.dll 12.0.7601.17514 Windows Media Player
wmpcm.dll 12.0.7600.16385 Windows Media Player Compositing Mixer
wmpdui.dll 12.0.7600.16385 Windows Media Player UI Engine
wmpdxm.dll 12.0.7601.17514 Windows Media Player Extension
wmpeffects.dll 12.0.7601.17514 Windows Media Player Effects
wmpencen.dll 12.0.7601.17514 Windows Media Player Encoding Module
wmphoto.dll 6.1.7601.17514 Windows Media Photo Codec
wmploc.dll 12.0.7601.17514 Windows Media Player Resources
wmpmde.dll 12.0.7601.17514 WMPMDE DLL
wmpps.dll 12.0.7601.17514 Windows Media Player Proxy Stub Dll
wmpshell.dll 12.0.7601.17514 Windows Media Player Launcher
wmpsrcwp.dll 12.0.7601.17514 WMPSrcWp Module
wmsgapi.dll 6.1.7600.16385 WinLogon IPC Client
wmspdmod.dll 6.1.7601.17514 Windows Media Audio Voice Decoder
wmspdmoe.dll 6.1.7600.16385 Windows Media Audio Voice Encoder
wmvcore.dll 12.0.7601.17514 Windows Media Playback/Authoring DLL
wmvdecod.dll 6.1.7601.17514 Windows Media Video Decoder
wmvdspa.dll 6.1.7600.16385 Windows Media Video DSP Components - Advanced
wmvencod.dll 6.1.7600.16385 Windows Media Video 9 Encoder
wmvsdecd.dll 6.1.7601.17514 Windows Media Screen Decoder
wmvsencd.dll 6.1.7600.16385 Windows Media Screen Encoder
wmvxencd.dll 6.1.7600.16385 Windows Media Video Encoder
wow32.dll 6.1.7600.16385 Wow32
wpc.dll 1.0.0.1 WPC Settings Library
wpcao.dll 6.1.7600.16385 WPC Administrator Override
wpcsvc.dll 1.0.0.1 WPC Filtering Service
wpdshext.dll 6.1.7601.17514 Portable Devices Shell Extension
wpdshserviceobj.dll 6.1.7601.17514 Windows Portable Device Shell Service Object
wpdsp.dll 6.1.7601.17514 WMDM Service Provider for Windows Portable Devices
wpdwcn.dll 6.1.7601.17514 Windows Portable Device WCN Wizard
wrap_oal.dll 2.2.0.5 OpenAL32
ws2_32.dll 6.1.7601.17514 Windows Socket 2.0 32-Bit DLL
ws2help.dll 6.1.7600.16385 Windows Socket 2.0 Helper for Windows NT
wscapi.dll 6.1.7601.17514 Windows Security Center API
wscinterop.dll 6.1.7600.16385 Windows Health Center WSC Interop
wscisvif.dll 6.1.7600.16385 Windows Security Center ISV API
wscmisetup.dll 6.1.7600.16385 Installers for Winsock Transport and Name Space Providers
wscproxystub.dll 6.1.7600.16385 Windows Security Center ISV Proxy Stub
wsdapi.dll 6.1.7601.17514 Web Services for Devices API DLL
wsdchngr.dll 6.1.7601.17514 WSD Challenge Component
wsecedit.dll 6.1.7600.16385 Security Configuration UI Module
wshbth.dll 6.1.7601.17514 Windows Sockets Helper DLL
wshcon.dll 5.8.7600.16385 Microsoft ® Windows Script Controller
wshelper.dll 6.1.7600.16385 Winsock Net shell helper DLL for winsock
wshext.dll 5.8.7600.16385 Microsoft ® Shell Extension for Windows Script Host
wship6.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv6)
wshirda.dll 6.1.7601.17514 Windows Sockets Helper DLL
wshqos.dll 6.1.7600.16385 QoS Winsock2 Helper DLL
wshrm.dll 6.1.7600.16385 Windows Sockets Helper DLL for PGM
wshtcpip.dll 6.1.7600.16385 Winsock2 Helper DLL (TL/IPv4)
wsmanmigrationplugin.dll 6.1.7600.16385 WinRM Migration Plugin
wsmauto.dll 6.1.7600.16385 WSMAN Automation
wsmplpxy.dll 6.1.7600.16385 wsmplpxy
wsmres.dll 6.1.7600.16385 WSMan Resource DLL
wsmsvc.dll 6.1.7601.17514 WSMan Service
wsmwmipl.dll 6.1.7600.16385 WSMAN WMI Provider
wsnmp32.dll 6.1.7601.17514 Microsoft WinSNMP v2.0 Manager API
wsock32.dll 6.1.7600.16385 Windows Socket 32-Bit DLL
wtsapi32.dll 6.1.7601.17514 Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll 7.5.7601.17514 Windows Update Client API
wudriver.dll 7.5.7601.17514 Windows Update WUDriver Stub
wups.dll 7.5.7601.17514 Windows Update client proxy stub
wuwebv.dll 7.5.7601.17514 Windows Update Vista Web Control
wvc.dll 6.1.7601.17514 Windows Visual Components
wwanapi.dll 6.1.7600.16385 Mbnapi
wwapi.dll 8.1.2.0 WWAN API
wzcdlg.dll 6.1.7600.16385 Windows Connect Now - Flash Config Enrollee
x3daudio1_0.dll 9.11.519.0 X3DAudio
x3daudio1_1.dll 9.15.779.0 X3DAudio
x3daudio1_2.dll 9.21.1148.0 X3DAudio
x3daudio1_3.dll 9.22.1284.0 X3DAudio
x3daudio1_4.dll 9.23.1350.0 X3DAudio
x3daudio1_5.dll 9.25.1476.0 X3DAudio
x3daudio1_6.dll 9.26.1590.0 3D Audio Library
x3daudio1_7.dll 9.28.1886.0 3D Audio Library
xactengine2_0.dll 9.11.519.0 XACT Engine API
xactengine2_1.dll 9.12.589.0 XACT Engine API
xactengine2_10.dll 9.21.1148.0 XACT Engine API
xactengine2_2.dll 9.13.644.0 XACT Engine API
xactengine2_3.dll 9.14.701.0 XACT Engine API
xactengine2_4.dll 9.15.779.0 XACT Engine API
xactengine2_5.dll 9.16.857.0 XACT Engine API
xactengine2_6.dll 9.17.892.0 XACT Engine API
xactengine2_7.dll 9.18.944.0 XACT Engine API
xactengine2_8.dll 9.19.1007.0 XACT Engine API
xactengine2_9.dll 9.20.1057.0 XACT Engine API
xactengine3_0.dll 9.22.1284.0 XACT Engine API
xactengine3_1.dll 9.23.1350.0 XACT Engine API
xactengine3_2.dll 9.24.1400.0 XACT Engine API
xactengine3_3.dll 9.25.1476.0 XACT Engine API
xactengine3_4.dll 9.26.1590.0 XACT Engine API
xactengine3_5.dll 9.27.1734.0 XACT Engine API
xactengine3_6.dll 9.28.1886.0 XACT Engine API
xactengine3_7.dll 9.29.1962.0 XACT Engine API
xapofx1_0.dll 9.23.1350.0 XAPOFX
xapofx1_1.dll 9.24.1400.0 XAPOFX
xapofx1_2.dll 9.25.1476.0 XAPOFX
xapofx1_3.dll 9.26.1590.0 Audio Effect Library
xapofx1_4.dll 9.28.1886.0 Audio Effect Library
xapofx1_5.dll 9.29.1962.0 Audio Effect Library
xaudio2_0.dll 9.22.1284.0 XAudio2 Game Audio API
xaudio2_1.dll 9.23.1350.0 XAudio2 Game Audio API
xaudio2_2.dll 9.24.1400.0 XAudio2 Game Audio API
xaudio2_3.dll 9.25.1476.0 XAudio2 Game Audio API
xaudio2_4.dll 9.26.1590.0 XAudio2 Game Audio API
xaudio2_5.dll 9.27.1734.0 XAudio2 Game Audio API
xaudio2_6.dll 9.28.1886.0 XAudio2 Game Audio API
xaudio2_7.dll 9.29.1962.0 XAudio2 Game Audio API
xinput1_1.dll 9.12.589.0 Microsoft Common Controller API
xinput1_2.dll 9.14.701.0 Microsoft Common Controller API
xinput1_3.dll 9.18.944.0 Microsoft Common Controller API
xinput9_1_0.dll 6.1.7600.16385 XNA Common Controller
xlive.dll 3.5.88.0 Games for Windows - LIVE DLL
xlivefnt.dll 3.5.88.0 XLive Fonts DLL
xliveinstall.dll 3.2.6.0 XLiveInstall DLL
xmlfilter.dll 2008.0.7600.16385 XML Filter
xmllite.dll 1.3.1000.0 Microsoft XmlLite Library
xmlprovi.dll 6.1.7600.16385 Network Provisioning Service Client API
xolehlp.dll 2001.12.8530.16385 Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsfilt.dll 6.1.7600.16385 XML Paper Specification Document IFilter
xpsgdiconverter.dll 6.1.7601.17566 XPS to GDI Converter
xpsprint.dll 6.1.7601.17578 XPS Printing DLL
xpsrasterservice.dll 6.1.7601.17514 XPS Rasterization Service Component
xpsservices.dll 6.1.7601.17514 Xps Object Model in memory creation and deserialization
xpsshhdr.dll 6.1.7600.16385 Package Document Shell Extension Handler
xpssvcs.dll 6.1.7600.16385 Native Code Xps Services Library
xvidcore.dll
xwizards.dll 6.1.7600.16385 Extensible Wizards Manager Module
xwreg.dll 6.1.7600.16385 Extensible Wizard Registration Manager Module
xwtpdui.dll 6.1.7600.16385 Extensible Wizard Type Plugin for DUI
xwtpw32.dll 6.1.7600.16385 Extensible Wizard Type Plugin for Win32
zipfldr.dll 6.1.7601.17514 Compressed (zipped) Folders
UpTime
Current Session:
Last Shutdown Time 14/06/2011 00:09:32
Last Boot Time 14/06/2011 20:12:22
Current Time 14/06/2011 21:35:53
UpTime 5036 sec (0 days, 1 hours, 23 min, 56 sec)
UpTime Statistics:
First Boot Time 03/04/2011 09:38:42
First Shutdown Time 03/04/2011 10:20:24
Total UpTime 1516941 sec (17 days, 13 hours, 22 min, 21 sec)
Total DownTime 5174916 sec (59 days, 21 hours, 28 min, 36 sec)
Longest UpTime 1180025 sec (13 days, 15 hours, 47 min, 5 sec)
Longest DownTime 2808238 sec (32 days, 12 hours, 3 min, 58 sec)
Total Reboots 160
System Availability 22.67%
Bluescreen Statistics:
Total Bluescreens 0
Information:
Information The above statistics are based on System Event Log entries
Share
Share Name Type Remark Local Path
C Folder C:\
Users Folder C:\Users
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
C$ Folder Default share C:\
IPC$ IPC Remote IPC
Account Security
Account Security Properties:
Computer Role Primary
Domain Name muggz-PC
Primary Domain Controller Not Specified
Forced Logoff Time Disabled
Min / Max Password Age 0 / 42 days
Minimum Password Length 0 chars
Password History Length Disabled
Lockout Threshold Disabled
Lockout Duration 30 min
Lockout Observation Window 30 min
Logon
User Full Name Logon Server Logon Domain
muggz MUGGZ-PC muggz-PC
Users
[ Administrator ]
User Properties:
User Name Administrator
Full Name Administrator
Comment Built-in account for administering the computer/domain
Member Of Groups HomeUsers; Administrators
Logon Count 1
Disk Quota -
User Features:
Logon Script Executed Yes
Account Disabled Yes
Locked Out User No
Home Folder Required No
Password Required Yes
Read-Only Password No
Password Never Expires Yes
[ Guest ]
User Properties:
User Name Guest
Full Name Guest
Comment Built-in account for guest access to the computer/domain
Member Of Groups Guests
Logon Count 0
Disk Quota -
User Features:
Logon Script Executed Yes
Account Disabled Yes
Locked Out User No
Home Folder Required No
Password Required No
Read-Only Password Yes
Password Never Expires Yes
[ HomeGroupUser$ ]
User Properties:
User Name HomeGroupUser$
Full Name HomeGroupUser$
Comment Built-in account for homegroup access to the computer
Member Of Groups HomeUsers
Logon Count 0
Disk Quota -
User Features:
Logon Script Executed Yes
Account Disabled No
Locked Out User No
Home Folder Required No
Password Required Yes
Read-Only Password No
Password Never Expires Yes
[ muggz ]
User Properties:
User Name muggz
Full Name muggz
Member Of Groups HomeUsers; Administrators
Logon Count 175
Disk Quota -
User Features:
Logon Script Executed Yes
Account Disabled No
Locked Out User No
Home Folder Required No
Password Required No
Read-Only Password No
Password Never Expires Yes
Local Groups
[ Administrators ]
Local Group Properties:
Comment Administrators have complete and unrestricted access to the computer/domain
Group Members:
Administrator
muggz
[ Backup Operators ]
Local Group Properties:
Comment Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
[ Cryptographic Operators ]
Local Group Properties:
Comment Members are authorized to perform cryptographic operations.
[ Distributed COM Users ]
Local Group Properties:
Comment Members are allowed to launch, activate and use Distributed COM objects on this machine.
[ Event Log Readers ]
Local Group Properties:
Comment Members of this group can read event logs from local machine
[ Guests ]
Local Group Properties:
Comment Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
Group Members:
Guest
[ HomeUsers ]
Local Group Properties:
Comment HomeUsers Security Group
Group Members:
Administrator
HomeGroupUser$ HomeGroupUser$
muggz
[ IIS_IUSRS ]
Local Group Properties:
Comment Built-in group used by Internet Information Services.
Group Members:
IUSR
[ Network Configuration Operators ]
Local Group Properties:
Comment Members in this group can have some administrative privileges to manage configuration of networking features
[ Performance Log Users ]
Local Group Properties:
Comment Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer
[ Performance Monitor Users ]
Local Group Properties:
Comment Members of this group can access performance counter data locally and remotely
[ Power Users ]
Local Group Properties:
Comment Power Users are included for backwards compatibility and possess limited administrative powers
[ Remote Desktop Users ]
Local Group Properties:
Comment Members in this group are granted the right to logon remotely
[ Replicator ]
Local Group Properties:
Comment Supports file replication in a domain
[ Users ]
Local Group Properties:
Comment Users are prevented from making accidental or intentional system-wide changes and can run most applications
Group Members:
Authenticated Users
INTERACTIVE
Global Groups
[ None ]
Global Group Properties:
Comment Ordinary users
Group Members:
Administrator
Guest
HomeGroupUser$ HomeGroupUser$
muggz
Windows Video
[ AMD Radeon HD 6900 Series ]
Video Adapter Properties:
Device Description AMD Radeon HD 6900 Series
Adapter String AMD Radeon HD 6900 Series
BIOS String 113-C2160100-106
Chip Type ATI display adapter (0x6719)
DAC Type Internal DAC(400MHz)
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
Memory Size 2048 MB
Installed Drivers:
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
atiumd64 7.14.10.0833
atidxx64 8.17.10.0355
atidxx64 8.17.10.0355
atiumdag 7.14.10.0833 - ATI Catalyst 11.5
atidxx32 8.17.10.0355
atidxx32 8.17.10.0355
atiumdva 8.14.10.0308
atiumd6a 8.14.10.0308
atitmm64 6.14.11.23
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
[ AMD Radeon HD 6900 Series ]
Video Adapter Properties:
Device Description AMD Radeon HD 6900 Series
Adapter String AMD Radeon HD 6900 Series
BIOS String 113-C2160100-106
Chip Type ATI display adapter (0x6719)
DAC Type Internal DAC(400MHz)
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
Memory Size 2048 MB
Installed Drivers:
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
atiumd64 7.14.10.0833
atidxx64 8.17.10.0355
atidxx64 8.17.10.0355
atiumdag 7.14.10.0833 - ATI Catalyst 11.5
atidxx32 8.17.10.0355
atidxx32 8.17.10.0355
atiumdva 8.14.10.0308
atiumd6a 8.14.10.0308
atitmm64 6.14.11.23
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
[ AMD Radeon HD 6900 Series ]
Video Adapter Properties:
Device Description AMD Radeon HD 6900 Series
Adapter String AMD Radeon HD 6900 Series
BIOS String 113-C2160100-106
Chip Type ATI display adapter (0x6719)
DAC Type Internal DAC(400MHz)
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
Memory Size 2048 MB
Installed Drivers:
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
atiumd64 7.14.10.0833
atidxx64 8.17.10.0355
atidxx64 8.17.10.0355
atiumdag 7.14.10.0833 - ATI Catalyst 11.5
atidxx32 8.17.10.0355
atidxx32 8.17.10.0355
atiumdva 8.14.10.0308
atiumd6a 8.14.10.0308
atitmm64 6.14.11.23
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
[ AMD Radeon HD 6900 Series ]
Video Adapter Properties:
Device Description AMD Radeon HD 6900 Series
Adapter String AMD Radeon HD 6900 Series
BIOS String 113-C2160100-106
Chip Type ATI display adapter (0x6719)
DAC Type Internal DAC(400MHz)
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
Memory Size 2048 MB
Installed Drivers:
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx64 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
aticfx32 8.17.10.1077
atiumd64 7.14.10.0833
atidxx64 8.17.10.0355
atidxx64 8.17.10.0355
atiumdag 7.14.10.0833 - ATI Catalyst 11.5
atidxx32 8.17.10.0355
atidxx32 8.17.10.0355
atiumdva 8.14.10.0308
atiumd6a 8.14.10.0308
atitmm64 6.14.11.23
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
PCI / AGP Video
Device Description Device Type
AMD Radeon HD 6950 (Cayman) Video Adapter
AMD Radeon HD 6950 (Cayman) 3D Accelerator
GPU
[ PCI Express 2.0 x16: Asus EAH6950 ]
Graphics Processor Properties:
Video Adapter Asus EAH6950
BIOS Version 013.008.000.009.039285
BIOS Date 12/06/10 03:28
GPU Code Name Cayman Pro
Part Number 113-C2160100-106
PCI Device 1002-6719 / 1043-03BA (Rev 00)
Transistors 2640 million
Process Technology 40 nm
Die Size 389 mm2
Bus Type PCI Express 2.0 x16 @ x8
Memory Size 2 GB
GPU Clock 450 MHz (original: 810 MHz)
RAMDAC Clock 400 MHz
Pixel Pipelines 32
Texture Mapping Units 96
Unified Shaders 1536 (v5.0)
DirectX Hardware Support DirectX v11
Pixel Fillrate 14400 MPixel/s
Texel Fillrate [ TRIAL VERSION ]
Memory Bus Properties:
Bus Type GDDR5
Bus Width 256-bit
Real Clock 1300 MHz (DDR) (original: 1250 MHz, overclock: 4%)
Effective Clock 2600 MHz
Bandwidth [ TRIAL VERSION ]
Utilization:
GPU 3%
ATI PowerPlay (BIOS):
State #1 GPU: 800 MHz, Memory: 1250 MHz (Boot)
State #2 GPU: 810 MHz, Memory: 1250 MHz
State #3 GPU: 725 MHz, Memory: 1250 MHz (UVD)
State #4 GPU: 725 MHz, Memory: 1250 MHz
Graphics Processor Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
ATI GPU Registers:
ati-$0600 00300000
ati-$0604 00002002
ati-$0608 100C8000
ati-$061C 03001810
ati-$0624 8C620034
ati-$0628 0304FFFF
ati-$062C 8C620034
ati-$0660 01324400
ati-$0668 000101E0
ati-$06D0 00006978
ati-$0710 00000010
ati-$0730 00004C3A
ati-$073C 00000011
ati-$0740 007501BF
ati-$0760 000001BF
ati-$0764 000001C4
ati-$0768 000001D0
ati-$0770 002A1E87
ati-$078C 00125B87
ati-$1600 11030302
ati-$2004 00003210
ati-$2760 0000025A
ati-$5428 00000800
ati-$8950 F000F001
ati-$8954 00000000
ati-$98F0 00000001
ati-$98F8 12111003
[ PCI Express 2.0 x16: Asus EAH6950 ]
Graphics Processor Properties:
Video Adapter Asus EAH6950
BIOS Version 013.008.000.009.039285
BIOS Date 12/06/10 03:28
GPU Code Name Cayman Pro
Part Number 113-C2160100-106
PCI Device 1002-6719 / 1043-03BA (Rev 00)
Transistors 2640 million
Process Technology 40 nm
Die Size 389 mm2
Bus Type PCI Express 2.0 x16 @ x8
Memory Size 2 GB
GPU Clock 250 MHz (original: 810 MHz)
RAMDAC Clock 400 MHz
Pixel Pipelines 32
Texture Mapping Units 96
Unified Shaders 1536 (v5.0)
DirectX Hardware Support DirectX v11
Pixel Fillrate 8000 MPixel/s
Texel Fillrate [ TRIAL VERSION ]
Memory Bus Properties:
Bus Type GDDR5
Bus Width 256-bit
Real Clock 150 MHz (QDR) (original: 1250 MHz)
Effective Clock 600 MHz
Bandwidth [ TRIAL VERSION ]
Utilization:
GPU 0%
ATI PowerPlay (BIOS):
State #1 GPU: 800 MHz, Memory: 1250 MHz (Boot)
State #2 GPU: 810 MHz, Memory: 1250 MHz
State #3 GPU: 725 MHz, Memory: 1250 MHz (UVD)
State #4 GPU: 725 MHz, Memory: 1250 MHz
Graphics Processor Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
ATI GPU Registers:
ati-$0600 00600000
ati-$0604 00002004
ati-$0608 100DE38E
ati-$061C 03003C10
ati-$0624 85B40018
ati-$0628 2304FFFF
ati-$062C 05B40018
ati-$0660 01324400
ati-$0668 00010000
ati-$06D0 0004A4CB
ati-$0710 00000010
ati-$0730 0000401F
ati-$073C 00000011
ati-$0740 003E0188
ati-$0760 00000188
ati-$0764 00000187
ati-$0768 003C018A
ati-$0770 002A1E87
ati-$078C 00161F34
ati-$1600 11030302
ati-$2004 00003210
ati-$2760 0000025A
ati-$5428 00000800
ati-$8950 F000F001
ati-$8954 00000000
ati-$98F0 00000001
ati-$98F8 12011003
Monitor
[ Hannstar HZ281H ]
Monitor Properties:
Monitor Name Hannstar HZ281H
Monitor ID HSD6735
Model HZ281H
Monitor Type 28" LCD (WUXGA)
Manufacture Date Week 26 / 2010
Serial Number 026LM3AY00332
Max. Visible Display Size 59 cm x 37 cm (27.4")
Picture Aspect Ratio 16:10
Horizontal Frequency 30 - 85 kHz
Vertical Frequency 50 - 75 Hz
Maximum Pixel Clock 170 MHz
Maximum Resolution 1920 x 1200
Gamma 2.20
DPMS Mode Support Active-Off
Supported Video Modes:
640 x 480 75 Hz
800 x 480 75 Hz
800 x 600 75 Hz
1024 x 600 75 Hz
1024 x 768 75 Hz
1152 x 864 75 Hz
1280 x 720 75 Hz
1280 x 768 75 Hz
1280 x 800 75 Hz
1280 x 1024 75 Hz
1366 x 768 75 Hz
1400 x 1050 75 Hz
1440 x 900 75 Hz
1600 x 1200 65 Hz
1680 x 1050 75 Hz
1920 x 1080 70 Hz
1920 x 1200 65 Hz
[ Hannstar HZ281H ]
Monitor Properties:
Monitor Name Hannstar HZ281H
Monitor ID HSD6735
Model HZ281H
Monitor Type 28" LCD (WUXGA)
Manufacture Date Week 26 / 2010
Serial Number 026LM3AY00347
Max. Visible Display Size 59 cm x 37 cm (27.4")
Picture Aspect Ratio 16:10
Horizontal Frequency 30 - 85 kHz
Vertical Frequency 50 - 75 Hz
Maximum Pixel Clock 170 MHz
Maximum Resolution 1920 x 1200
Gamma 2.20
DPMS Mode Support Active-Off
Supported Video Modes:
640 x 480 75 Hz
800 x 480 75 Hz
800 x 600 75 Hz
1024 x 600 75 Hz
1024 x 768 75 Hz
1152 x 864 75 Hz
1280 x 720 75 Hz
1280 x 768 75 Hz
1280 x 800 75 Hz
1280 x 1024 75 Hz
1366 x 768 75 Hz
1400 x 1050 75 Hz
1440 x 900 75 Hz
1600 x 1200 65 Hz
1680 x 1050 75 Hz
1920 x 1080 70 Hz
1920 x 1200 65 Hz
[ Hannstar HZ281H ]
Monitor Properties:
Monitor Name Hannstar HZ281H
Monitor ID HSD6735
Model HZ281H
Monitor Type 28" LCD (WUXGA)
Manufacture Date Week 26 / 2010
Serial Number 026LM3AY00359
Max. Visible Display Size 59 cm x 37 cm (27.4")
Picture Aspect Ratio 16:10
Horizontal Frequency 30 - 85 kHz
Vertical Frequency 50 - 75 Hz
Maximum Pixel Clock 170 MHz
Maximum Resolution 1920 x 1200
Gamma 2.20
DPMS Mode Support Active-Off
Supported Video Modes:
640 x 480 75 Hz
800 x 480 75 Hz
800 x 600 75 Hz
1024 x 600 75 Hz
1024 x 768 75 Hz
1152 x 864 75 Hz
1280 x 720 75 Hz
1280 x 768 75 Hz
1280 x 800 75 Hz
1280 x 1024 75 Hz
1366 x 768 75 Hz
1400 x 1050 75 Hz
1440 x 900 75 Hz
1600 x 1200 65 Hz
1680 x 1050 75 Hz
1920 x 1080 70 Hz
1920 x 1200 65 Hz
Desktop
Desktop Properties:
Device Technology Raster Display
Resolution 5760 x 1200
Color Depth 32-bit
Color Planes 1
Font Resolution 96 dpi
Pixel Width / Height 36 / 36
Pixel Diagonal 51
Vertical Refresh Rate 60 Hz
Desktop Wallpaper C:\Windows\Web\Wallpaper\Landscapes\img7.jpg
Desktop Effects:
Combo-Box Animation Enabled
Drop Shadow Effect Enabled
Flat Menu Effect Enabled
Font Smoothing Enabled
ClearType Enabled
Full Window Dragging Enabled
Gradient Window Title Bars Enabled
Hide Menu Access Keys Enabled
Hot Tracking Effect Enabled
Icon Title Wrapping Enabled
List-Box Smooth Scrolling Enabled
Menu Animation Enabled
Menu Fade Effect Enabled
Minimize/Restore Animation Enabled
Mouse Cursor Shadow Enabled
Selection Fade Effect Enabled
ShowSounds Accessibility Feature Disabled
ToolTip Animation Enabled
ToolTip Fade Effect Enabled
Windows Aero Enabled
Windows Plus! Extension Disabled
Multi-Monitor
Device ID Primary Upper Left Corner Bottom Right Corner
\\.\DISPLAY10 Yes (0,0) (5760,1200)
Video Modes
Resolution Color Depth Refresh Rate
640 x 480 8-bit 60 Hz
640 x 480 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 480 8-bit 60 Hz
720 x 480 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 480 16-bit 60 Hz
720 x 480 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 480 32-bit 60 Hz
720 x 480 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 576 8-bit 60 Hz
720 x 576 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 576 16-bit 60 Hz
720 x 576 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
720 x 576 32-bit 60 Hz
720 x 576 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
800 x 600 8-bit 60 Hz
800 x 600 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1024 x 768 8-bit 60 Hz
1024 x 768 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 720 8-bit 60 Hz
1280 x 720 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 720 16-bit 60 Hz
1280 x 720 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 720 32-bit 60 Hz
1280 x 720 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 800 8-bit 60 Hz
1280 x 800 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 800 16-bit 60 Hz
1280 x 800 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 800 32-bit 60 Hz
1280 x 800 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1280 x 1024 8-bit 60 Hz
1280 x 1024 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1600 x 1200 8-bit 60 Hz
1600 x 1200 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1680 x 1050 8-bit 60 Hz
1680 x 1050 8-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1680 x 1050 16-bit 60 Hz
1680 x 1050 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1680 x 1050 32-bit 60 Hz
1680 x 1050 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
1920 x 1200 8-bit 60 Hz
1920 x 1200 16-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
2400 x 600 32-bit 60 Hz
2400 x 600 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
2532 x 600 32-bit 60 Hz
5040 x 1050 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
5320 x 1050 32-bit 60 Hz
5320 x 1050 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
5760 x 1200 32-bit 60 Hz
6080 x 1200 32-bit 60 Hz
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
OpenGL
OpenGL Properties:
Vendor ATI Technologies Inc.
Renderer AMD Radeon HD 6900 Series
Version 4.1.10767 Compatibility Profile Context
Shading Language Version 4.10
OpenGL DLL 6.1.7600.16385(win7_rtm.090713-1255)
Multitexture Texture Units 8
Occlusion Query Counter Bits 32
Sub-Pixel Precision 8-bit
Max Viewport Size 16384 x 16384
Max Cube Map Texture Size 16384 x 16384
Max Rectangle Texture Size 16384 x 16384
Max 3D Texture Size 8192 x 8192 x 8192
Max Anisotropy 16
Max Clipping Planes 8
Max Display-List Nesting Level 64
Max Draw Buffers 8
Max Evaluator Order 40
Max Light Sources 8
Max Pixel Map Table Size 256
Min / Max Program Texel Offset -8 / 7
Max Texture Array Layers 8192
Max Texture LOD Bias 16
OpenGL Compliancy:
OpenGL 1.1 Yes (100%)
OpenGL 1.2 Yes (100%)
OpenGL 1.3 Yes (100%)
OpenGL 1.4 Yes (100%)
OpenGL 1.5 Yes (100%)
OpenGL 2.0 Yes (100%)
OpenGL 2.1 Yes (100%)
OpenGL 3.0 Yes (100%)
OpenGL 3.1 Yes (100%)
OpenGL 3.2 Yes (100%)
OpenGL 3.3 Yes (100%)
OpenGL 4.0 Yes (100%)
OpenGL 4.1 Yes (100%)
Max Stack Depth:
Attribute Stack 16
Client Attribute Stack 16
Modelview Matrix Stack 32
Name Stack 64
Projection Matrix Stack 10
Texture Matrix Stack 10
Draw Range Elements:
Max Index Count 16777215
Max Vertex Count 2147483647
Transform Feedback:
Max Interleaved Components 64
Max Separate Attributes 4
Max Separate Components 4
Framebuffer Object:
Max Color Attachments 8
Max Render Buffer Size 16384 x 16384
Imaging:
Max Color Matrix Stack Depth 10
Max Convolution Width / Height 11 / 11
Vertex Shader:
Max Uniform Vertex Components 16384
Max Varying Floats 128
Max Vertex Texture Image Units 16
Max Combined Texture Image Units 32
Geometry Shader:
Max Geometry Texture Units 16
Max Varying Components 128
Max Geometry Varying Components 128
Max Vertex Varying Components 128
Max Geometry Uniform Components 16384
Max Geometry Output Vertices 1024
Max Geometry Total Output Components 16384
Fragment Shader:
Max Uniform Fragment Components 16384
Max Fragment Registers 6
Max Fragment Constants 8
Max Passes 2
Max Instructions Per Pass 8
Max Total Instructions 16
Max Input Interpolator Components 3
Max Loopback Components 3
Vertex Program:
Max Local Parameters 256
Max Environment Parameters 256
Max Program Matrices 32
Max Program Matrix Stack Depth 32
Max Vertex Attributes 29
Max Instructions 2147483647
Max Native Instructions 2147483647
Max Temporaries 320
Max Native Temporaries 256
Max Parameters 256
Max Native Parameters 256
Max Attributes 29
Max Native Attributes 32
Max Address Registers 1
Max Native Address Registers 1
Fragment Program:
Max Local Parameters 256
Max Environment Parameters 256
Max Texture Coordinates 16
Max Texture Image Units 16
Max Instructions 2147483647
Max Native Instructions 2147483647
Max Temporaries 320
Max Native Temporaries 256
Max Parameters 256
Max Native Parameters 256
Max Attributes 29
Max Native Attributes 16
Max Address Registers 0
Max Native Address Registers 0
Max ALU Instructions 2147483647
Max Native ALU Instructions 2147483647
Max Texture Instructions 2147483647
Max Native Texture Instructions 2147483647
Max Texture Indirections 2147483647
Max Native Texture Indirections 2147483647
OpenGL Extensions:
GL_3DFX_multisample Not Supported
GL_3DFX_tbuffer Not Supported
GL_3DFX_texture_compression_FXT1 Not Supported
GL_3DL_direct_texture_access2 Not Supported
GL_3Dlabs_multisample_transparency_id Not Supported
GL_3Dlabs_multisample_transparency_range Not Supported
GL_AMD_blend_minmax_factor Supported
GL_AMD_conservative_depth Supported
GL_AMD_debug_output Supported
GL_AMD_depth_clamp_separate Supported
GL_AMD_draw_buffers_blend Supported
GL_AMD_multi_draw_indirect Supported
GL_AMD_name_gen_delete Supported
GL_AMD_performance_monitor Supported
GL_AMD_pinned_memory Supported
GL_AMD_sample_positions Supported
GL_AMD_seamless_cubemap_per_texture Supported
GL_AMD_shader_stencil_export Supported
GL_AMD_shader_trace Supported
GL_AMD_texture_compression_dxt6 Not Supported
GL_AMD_texture_compression_dxt7 Not Supported
GL_AMD_texture_cube_map_array Supported
GL_AMD_texture_texture4 Supported
GL_AMD_transform_feedback3_lines_triangles Supported
GL_AMD_vertex_shader_tessellator Supported
GL_AMDX_debug_output Supported
GL_AMDX_name_gen_delete Not Supported
GL_AMDX_random_access_target Not Supported
GL_AMDX_vertex_shader_tessellator Supported
GL_APPLE_aux_depth_stencil Not Supported
GL_APPLE_client_storage Not Supported
GL_APPLE_element_array Not Supported
GL_APPLE_fence Not Supported
GL_APPLE_float_pixels Not Supported
GL_APPLE_flush_buffer_range Not Supported
GL_APPLE_flush_render Not Supported
GL_APPLE_object_purgeable Not Supported
GL_APPLE_packed_pixel Not Supported
GL_APPLE_packed_pixels Not Supported
GL_APPLE_pixel_buffer Not Supported
GL_APPLE_rgb_422 Not Supported
GL_APPLE_specular_vector Not Supported
GL_APPLE_texture_range Not Supported
GL_APPLE_transform_hint Not Supported
GL_APPLE_vertex_array_object Not Supported
GL_APPLE_vertex_array_range Not Supported
GL_APPLE_vertex_program_evaluators Not Supported
GL_APPLE_ycbcr_422 Not Supported
GL_ARB_blend_func_extended Supported
GL_ARB_color_buffer_float Supported
GL_ARB_compatibility Not Supported
GL_ARB_copy_buffer Supported
GL_ARB_debug_output Not Supported
GL_ARB_depth_buffer_float Supported
GL_ARB_depth_clamp Supported
GL_ARB_depth_texture Supported
GL_ARB_draw_buffers Supported
GL_ARB_draw_buffers_blend Supported
GL_ARB_draw_elements_base_vertex Supported
GL_ARB_draw_indirect Supported
GL_ARB_draw_instanced Supported
GL_ARB_ES2_compatibility Supported
GL_ARB_explicit_attrib_location Supported
GL_ARB_fragment_coord_conventions Supported
GL_ARB_fragment_program Supported
GL_ARB_fragment_program_shadow Supported
GL_ARB_fragment_shader Supported
GL_ARB_framebuffer_object Supported
GL_ARB_framebuffer_sRGB Supported
GL_ARB_geometry_shader4 Supported
GL_ARB_get_program_binary Supported
GL_ARB_gpu_shader_fp64 Supported
GL_ARB_gpu_shader5 Supported
GL_ARB_half_float_pixel Supported
GL_ARB_half_float_vertex Supported
GL_ARB_imaging Supported
GL_ARB_instanced_arrays Supported
GL_ARB_make_current_read Not Supported
GL_ARB_map_buffer_range Supported
GL_ARB_matrix_palette Not Supported
GL_ARB_multisample Supported
GL_ARB_multitexture Supported
GL_ARB_occlusion_query Supported
GL_ARB_occlusion_query2 Supported
GL_ARB_pixel_buffer_object Supported
GL_ARB_point_parameters Supported
GL_ARB_point_sprite Supported
GL_ARB_provoking_vertex Supported
GL_ARB_robustness Not Supported
GL_ARB_sample_shading Supported
GL_ARB_sampler_objects Supported
GL_ARB_seamless_cube_map Supported
GL_ARB_separate_shader_objects Supported
GL_ARB_shader_atomic_counters Not Supported
GL_ARB_shader_bit_encoding Supported
GL_ARB_shader_objects Supported
GL_ARB_shader_precision Supported
GL_ARB_shader_stencil_export Supported
GL_ARB_shader_subroutine Supported
GL_ARB_shader_texture_lod Supported
GL_ARB_shading_language_100 Supported
GL_ARB_shading_language_120 Not Supported
GL_ARB_shading_language_include Not Supported
GL_ARB_shadow Supported
GL_ARB_shadow_ambient Supported
GL_ARB_swap_buffers Not Supported
GL_ARB_sync Supported
GL_ARB_tessellation_shader Supported
GL_ARB_texture_border_clamp Supported
GL_ARB_texture_buffer_object Supported
GL_ARB_texture_buffer_object_rgb32 Supported
GL_ARB_texture_compression Supported
GL_ARB_texture_compression_bptc Supported
GL_ARB_texture_compression_rgtc Supported
GL_ARB_texture_cube_map Supported
GL_ARB_texture_cube_map_array Supported
GL_ARB_texture_env_add Supported
GL_ARB_texture_env_combine Supported
GL_ARB_texture_env_crossbar Supported
GL_ARB_texture_env_dot3 Supported
GL_ARB_texture_float Supported
GL_ARB_texture_gather Supported
GL_ARB_texture_mirrored_repeat Supported
GL_ARB_texture_multisample Supported
GL_ARB_texture_non_power_of_two Supported
GL_ARB_texture_query_lod Supported
GL_ARB_texture_rectangle Supported
GL_ARB_texture_rg Supported
GL_ARB_texture_rgb10_a2ui Supported
GL_ARB_texture_snorm Supported
GL_ARB_texture_swizzle Not Supported
GL_ARB_timer_query Supported
GL_ARB_transform_feedback2 Supported
GL_ARB_transform_feedback3 Supported
GL_ARB_transpose_matrix Supported
GL_ARB_uber_buffers Not Supported
GL_ARB_uber_mem_image Not Supported
GL_ARB_uber_vertex_array Not Supported
GL_ARB_uniform_buffer_object Supported
GL_ARB_vertex_array_bgra Supported
GL_ARB_vertex_array_object Supported
GL_ARB_vertex_attrib_64bit Supported
GL_ARB_vertex_blend Not Supported
GL_ARB_vertex_buffer_object Supported
GL_ARB_vertex_program Supported
GL_ARB_vertex_shader Supported
GL_ARB_vertex_type_2_10_10_10_rev Supported
GL_ARB_viewport_array Supported
GL_ARB_window_pos Supported
GL_ATI_array_rev_comps_in_4_bytes Not Supported
GL_ATI_blend_equation_separate Not Supported
GL_ATI_blend_weighted_minmax Not Supported
GL_ATI_draw_buffers Supported
GL_ATI_element_array Not Supported
GL_ATI_envmap_bumpmap Supported
GL_ATI_fragment_shader Supported
GL_ATI_lock_texture Not Supported
GL_ATI_map_object_buffer Not Supported
GL_ATI_meminfo Supported
GL_ATI_pixel_format_float Not Supported
GL_ATI_pn_triangles Not Supported
GL_ATI_point_cull_mode Not Supported
GL_ATI_separate_stencil Supported
GL_ATI_shader_texture_lod Not Supported
GL_ATI_text_fragment_shader Not Supported
GL_ATI_texture_compression_3dc Supported
GL_ATI_texture_env_combine3 Supported
GL_ATI_texture_float Supported
GL_ATI_texture_mirror_once Supported
GL_ATI_vertex_array_object Not Supported
GL_ATI_vertex_attrib_array_object Not Supported
GL_ATI_vertex_blend Not Supported
GL_ATI_vertex_shader Not Supported
GL_ATI_vertex_streams Not Supported
GL_ATIX_pn_triangles Not Supported
GL_ATIX_texture_env_combine3 Not Supported
GL_ATIX_texture_env_route Not Supported
GL_ATIX_vertex_shader_output_point_size Not Supported
GL_Autodesk_facet_normal Not Supported
GL_Autodesk_valid_back_buffer_hint Not Supported
GL_DIMD_YUV Not Supported
GL_EXT_422_pixels Not Supported
GL_EXT_abgr Supported
GL_EXT_bgra Supported
GL_EXT_bindable_uniform Supported
GL_EXT_blend_color Supported
GL_EXT_blend_equation_separate Supported
GL_EXT_blend_func_separate Supported
GL_EXT_blend_logic_op Not Supported
GL_EXT_blend_minmax Supported
GL_EXT_blend_subtract Supported
GL_EXT_Cg_shader Not Supported
GL_EXT_clip_volume_hint Not Supported
GL_EXT_cmyka Not Supported
GL_EXT_color_matrix Not Supported
GL_EXT_color_subtable Not Supported
GL_EXT_color_table Not Supported
GL_EXT_compiled_vertex_array Supported
GL_EXT_convolution Not Supported
GL_EXT_convolution_border_modes Not Supported
GL_EXT_coordinate_frame Not Supported
GL_EXT_copy_buffer Supported
GL_EXT_copy_texture Supported
GL_EXT_cull_vertex Not Supported
GL_EXT_depth_bounds_test Not Supported
GL_EXT_depth_buffer_float Not Supported
GL_EXT_direct_state_access Supported
GL_EXT_draw_buffers2 Supported
GL_EXT_draw_indirect Not Supported
GL_EXT_draw_instanced Supported
GL_EXT_draw_range_elements Supported
GL_EXT_fog_coord Supported
GL_EXT_fog_function Not Supported
GL_EXT_fog_offset Not Supported
GL_EXT_fragment_lighting Not Supported
GL_EXT_framebuffer_blit Supported
GL_EXT_framebuffer_multisample Supported
GL_EXT_framebuffer_object Supported
GL_EXT_framebuffer_sRGB Supported
GL_EXT_generate_mipmap Not Supported
GL_EXT_geometry_shader4 Supported
GL_EXT_gpu_program_parameters Supported
GL_EXT_gpu_shader_fp64 Not Supported
GL_EXT_gpu_shader4 Supported
GL_EXT_gpu_shader5 Not Supported
GL_EXT_histogram Supported
GL_EXT_index_array_formats Not Supported
GL_EXT_index_func Not Supported
GL_EXT_index_material Not Supported
GL_EXT_index_texture Not Supported
GL_EXT_interlace Not Supported
GL_EXT_light_texture Not Supported
GL_EXT_misc_attribute Not Supported
GL_EXT_multi_draw_arrays Supported
GL_EXT_multisample Not Supported
GL_EXT_packed_depth_stencil Supported
GL_EXT_packed_float Supported
GL_EXT_packed_pixels Supported
GL_EXT_packed_pixels_12 Not Supported
GL_EXT_paletted_texture Not Supported
GL_EXT_pixel_buffer_object Supported
GL_EXT_pixel_format Not Supported
GL_EXT_pixel_texture Not Supported
GL_EXT_pixel_transform Not Supported
GL_EXT_pixel_transform_color_table Not Supported
GL_EXT_point_parameters Supported
GL_EXT_polygon_offset Not Supported
GL_EXT_provoking_vertex Supported
GL_EXT_rescale_normal Supported
GL_EXT_scene_marker Not Supported
GL_EXT_secondary_color Supported
GL_EXT_separate_shader_objects Not Supported
GL_EXT_separate_specular_color Supported
GL_EXT_shader_atomic_counters Not Supported
GL_EXT_shader_image_load_store Supported
GL_EXT_shader_subroutine Not Supported
GL_EXT_shadow_funcs Supported
GL_EXT_shared_texture_palette Not Supported
GL_EXT_stencil_clear_tag Not Supported
GL_EXT_stencil_two_side Not Supported
GL_EXT_stencil_wrap Supported
GL_EXT_subtexture Supported
GL_EXT_swap_control Not Supported
GL_EXT_tessellation_shader Not Supported
GL_EXT_texgen_reflection Supported
GL_EXT_texture Not Supported
GL_EXT_texture_array Supported
GL_EXT_texture_border_clamp Not Supported
GL_EXT_texture_buffer_object Supported
GL_EXT_texture_buffer_object_rgb32 Not Supported
GL_EXT_texture_color_table Not Supported
GL_EXT_texture_compression_bptc Supported
GL_EXT_texture_compression_dxt1 Not Supported
GL_EXT_texture_compression_latc Supported
GL_EXT_texture_compression_rgtc Supported
GL_EXT_texture_compression_s3tc Supported
GL_EXT_texture_cube_map Supported
GL_EXT_texture_edge_clamp Supported
GL_EXT_texture_env Not Supported
GL_EXT_texture_env_add Supported
GL_EXT_texture_env_combine Supported
GL_EXT_texture_env_dot3 Supported
GL_EXT_texture_filter_anisotropic Supported
GL_EXT_texture_integer Supported
GL_EXT_texture_lod Supported
GL_EXT_texture_lod_bias Supported
GL_EXT_texture_mirror_clamp Supported
GL_EXT_texture_object Supported
GL_EXT_texture_perturb_normal Not Supported
GL_EXT_texture_rectangle Supported
GL_EXT_texture_shared_exponent Supported
GL_EXT_texture_snorm Supported
GL_EXT_texture_sRGB Supported
GL_EXT_texture_swizzle Supported
GL_EXT_texture3D Supported
GL_EXT_texture4D Not Supported
GL_EXT_timer_query Supported
GL_EXT_transform_feedback Supported
GL_EXT_transform_feedback2 Not Supported
GL_EXT_transform_feedback3 Not Supported
GL_EXT_vertex_array Supported
GL_EXT_vertex_array_bgra Supported
GL_EXT_vertex_attrib_64bit Supported
GL_EXT_vertex_shader Not Supported
GL_EXT_vertex_weighting Not Supported
GL_EXTX_framebuffer_mixed_formats Not Supported
GL_EXTX_packed_depth_stencil Not Supported
GL_FGL_lock_texture Not Supported
GL_GL2_geometry_shader Not Supported
GL_GREMEDY_frame_terminator Not Supported
GL_GREMEDY_string_marker Not Supported
GL_HP_convolution_border_modes Not Supported
GL_HP_image_transform Not Supported
GL_HP_occlusion_test Not Supported
GL_HP_texture_lighting Not Supported
GL_I3D_argb Not Supported
GL_I3D_color_clamp Not Supported
GL_I3D_interlace_read Not Supported
GL_IBM_clip_check Not Supported
GL_IBM_cull_vertex Not Supported
GL_IBM_load_named_matrix Not Supported
GL_IBM_multi_draw_arrays Not Supported
GL_IBM_multimode_draw_arrays Not Supported
GL_IBM_occlusion_cull Not Supported
GL_IBM_pixel_filter_hint Not Supported
GL_IBM_rasterpos_clip Not Supported
GL_IBM_rescale_normal Not Supported
GL_IBM_static_data Not Supported
GL_IBM_texture_clamp_nodraw Not Supported
GL_IBM_texture_mirrored_repeat Supported
GL_IBM_vertex_array_lists Not Supported
GL_IBM_YCbCr Not Supported
GL_IMG_read_format Not Supported
GL_IMG_texture_compression_pvrtc Not Supported
GL_IMG_texture_env_enhanced_fixed_function Not Supported
GL_IMG_texture_format_BGRA8888 Not Supported
GL_IMG_user_clip_planes Not Supported
GL_IMG_vertex_program Not Supported
GL_INGR_blend_func_separate Not Supported
GL_INGR_color_clamp Not Supported
GL_INGR_interlace_read Not Supported
GL_INGR_multiple_palette Not Supported
GL_INTEL_parallel_arrays Not Supported
GL_INTEL_texture_scissor Not Supported
GL_KTX_buffer_region Supported
GL_MESA_pack_invert Not Supported
GL_MESA_program_debug Not Supported
GL_MESA_resize_buffers Not Supported
GL_MESA_window_pos Not Supported
GL_MESA_ycbcr_texture Not Supported
GL_MESAX_texture_stack Not Supported
GL_MTX_fragment_shader Not Supported
GL_MTX_precision_dpi Not Supported
GL_NV_blend_square Supported
GL_NV_centroid_sample Not Supported
GL_NV_conditional_render Supported
GL_NV_copy_depth_to_color Supported
GL_NV_copy_image Not Supported
GL_NV_depth_buffer_float Not Supported
GL_NV_depth_clamp Not Supported
GL_NV_depth_range_unclamped Not Supported
GL_NV_evaluators Not Supported
GL_NV_explicit_multisample Supported
GL_NV_fence Not Supported
GL_NV_float_buffer Supported
GL_NV_fog_distance Not Supported
GL_NV_fragment_program Not Supported
GL_NV_fragment_program_option Not Supported
GL_NV_fragment_program2 Not Supported
GL_NV_fragment_program4 Not Supported
GL_NV_framebuffer_multisample_coverage Not Supported
GL_NV_framebuffer_multisample_ex Not Supported
GL_NV_geometry_program4 Not Supported
GL_NV_geometry_shader4 Not Supported
GL_NV_gpu_program_fp64 Not Supported
GL_NV_gpu_program4 Not Supported
GL_NV_gpu_program4_1 Not Supported
GL_NV_gpu_program5 Not Supported
GL_NV_gpu_shader5 Not Supported
GL_NV_half_float Supported
GL_NV_light_max_exponent Not Supported
GL_NV_multisample_coverage Not Supported
GL_NV_multisample_filter_hint Not Supported
GL_NV_occlusion_query Not Supported
GL_NV_packed_depth_stencil Not Supported
GL_NV_parameter_buffer_object Not Supported
GL_NV_parameter_buffer_object2 Not Supported
GL_NV_pixel_buffer_object Not Supported
GL_NV_pixel_data_range Not Supported
GL_NV_point_sprite Not Supported
GL_NV_present_video Not Supported
GL_NV_primitive_restart Supported
GL_NV_register_combiners Not Supported
GL_NV_register_combiners2 Not Supported
GL_NV_shader_buffer_load Not Supported
GL_NV_shader_buffer_store Not Supported
GL_NV_tessellation_program5 Not Supported
GL_NV_texgen_emboss Not Supported
GL_NV_texgen_reflection Supported
GL_NV_texture_barrier Supported
GL_NV_texture_compression_latc Not Supported
GL_NV_texture_compression_vtc Not Supported
GL_NV_texture_env_combine4 Not Supported
GL_NV_texture_expand_normal Not Supported
GL_NV_texture_multisample Not Supported
GL_NV_texture_rectangle Not Supported
GL_NV_texture_shader Not Supported
GL_NV_texture_shader2 Not Supported
GL_NV_texture_shader3 Not Supported
GL_NV_timer_query Not Supported
GL_NV_transform_feedback Not Supported
GL_NV_transform_feedback2 Not Supported
GL_NV_vdpau_interop Not Supported
GL_NV_vertex_array_range Not Supported
GL_NV_vertex_array_range2 Not Supported
GL_NV_vertex_attrib_64bit Not Supported
GL_NV_vertex_attrib_integer_64bit Not Supported
GL_NV_vertex_buffer_unified_memory Not Supported
GL_NV_vertex_program Not Supported
GL_NV_vertex_program1_1 Not Supported
GL_NV_vertex_program2 Not Supported
GL_NV_vertex_program2_option Not Supported
GL_NV_vertex_program3 Not Supported
GL_NV_vertex_program4 Not Supported
GL_NVX_conditional_render Not Supported
GL_NVX_flush_hold Not Supported
GL_NVX_gpu_memory_info Not Supported
GL_NVX_instanced_arrays Not Supported
GL_NVX_ycrcb Not Supported
GL_OES_blend_subtract Not Supported
GL_OES_byte_coordinates Not Supported
GL_OES_compressed_paletted_texture Not Supported
GL_OES_conditional_query Not Supported
GL_OES_depth24 Not Supported
GL_OES_draw_texture Not Supported
GL_OES_fixed_point Not Supported
GL_OES_framebuffer_object Not Supported
GL_OES_mapbuffer Not Supported
GL_OES_matrix_get Not Supported
GL_OES_matrix_palette Not Supported
GL_OES_point_size_array Not Supported
GL_OES_point_sprite Not Supported
GL_OES_query_matrix Not Supported
GL_OES_read_format Not Supported
GL_OES_rgb8_rgba8 Not Supported
GL_OES_single_precision Not Supported
GL_OES_texture_mirrored_repeat Not Supported
GL_OML_interlace Not Supported
GL_OML_resample Not Supported
GL_OML_subsample Not Supported
GL_PGI_misc_hints Not Supported
GL_PGI_vertex_hints Not Supported
GL_REND_screen_coordinates Not Supported
GL_S3_performance_analyzer Not Supported
GL_S3_s3tc Not Supported
GL_SGI_color_matrix Not Supported
GL_SGI_color_table Not Supported
GL_SGI_compiled_vertex_array Not Supported
GL_SGI_cull_vertex Not Supported
GL_SGI_index_array_formats Not Supported
GL_SGI_index_func Not Supported
GL_SGI_index_material Not Supported
GL_SGI_index_texture Not Supported
GL_SGI_make_current_read Not Supported
GL_SGI_texture_add_env Not Supported
GL_SGI_texture_color_table Not Supported
GL_SGI_texture_edge_clamp Not Supported
GL_SGI_texture_lod Not Supported
GL_SGIS_color_range Not Supported
GL_SGIS_detail_texture Not Supported
GL_SGIS_fog_function Not Supported
GL_SGIS_generate_mipmap Supported
GL_SGIS_multisample Not Supported
GL_SGIS_multitexture Not Supported
GL_SGIS_pixel_texture Not Supported
GL_SGIS_point_line_texgen Not Supported
GL_SGIS_sharpen_texture Not Supported
GL_SGIS_texture_border_clamp Not Supported
GL_SGIS_texture_color_mask Not Supported
GL_SGIS_texture_edge_clamp Supported
GL_SGIS_texture_filter4 Not Supported
GL_SGIS_texture_lod Supported
GL_SGIS_texture_select Not Supported
GL_SGIS_texture4D Not Supported
GL_SGIX_async Not Supported
GL_SGIX_async_histogram Not Supported
GL_SGIX_async_pixel Not Supported
GL_SGIX_blend_alpha_minmax Not Supported
GL_SGIX_clipmap Not Supported
GL_SGIX_convolution_accuracy Not Supported
GL_SGIX_depth_pass_instrument Not Supported
GL_SGIX_depth_texture Not Supported
GL_SGIX_flush_raster Not Supported
GL_SGIX_fog_offset Not Supported
GL_SGIX_fog_texture Not Supported
GL_SGIX_fragment_specular_lighting Not Supported
GL_SGIX_framezoom Not Supported
GL_SGIX_instruments Not Supported
GL_SGIX_interlace Not Supported
GL_SGIX_ir_instrument1 Not Supported
GL_SGIX_list_priority Not Supported
GL_SGIX_pbuffer Not Supported
GL_SGIX_pixel_texture Not Supported
GL_SGIX_pixel_texture_bits Not Supported
GL_SGIX_reference_plane Not Supported
GL_SGIX_resample Not Supported
GL_SGIX_shadow Not Supported
GL_SGIX_shadow_ambient Not Supported
GL_SGIX_sprite Not Supported
GL_SGIX_subsample Not Supported
GL_SGIX_tag_sample_buffer Not Supported
GL_SGIX_texture_add_env Not Supported
GL_SGIX_texture_coordinate_clamp Not Supported
GL_SGIX_texture_lod_bias Not Supported
GL_SGIX_texture_multi_buffer Not Supported
GL_SGIX_texture_range Not Supported
GL_SGIX_texture_scale_bias Not Supported
GL_SGIX_vertex_preclip Not Supported
GL_SGIX_vertex_preclip_hint Not Supported
GL_SGIX_ycrcb Not Supported
GL_SGIX_ycrcb_subsample Not Supported
GL_SUN_convolution_border_modes Not Supported
GL_SUN_global_alpha Not Supported
GL_SUN_mesh_array Not Supported
GL_SUN_multi_draw_arrays Supported
GL_SUN_read_video_pixels Not Supported
GL_SUN_slice_accum Not Supported
GL_SUN_triangle_list Not Supported
GL_SUN_vertex Not Supported
GL_SUNX_constant_data Not Supported
GL_WGL_ARB_extensions_string Not Supported
GL_WGL_EXT_extensions_string Not Supported
GL_WGL_EXT_swap_control Not Supported
GL_WIN_phong_shading Not Supported
GL_WIN_specular_fog Not Supported
GL_WIN_swap_hint Supported
GLU_EXT_nurbs_tessellator Not Supported
GLU_EXT_object_space_tess Not Supported
GLU_SGI_filter4_parameters Not Supported
GLX_ARB_create_context Not Supported
GLX_ARB_fbconfig_float Not Supported
GLX_ARB_framebuffer_sRGB Not Supported
GLX_ARB_get_proc_address Not Supported
GLX_ARB_multisample Not Supported
GLX_EXT_fbconfig_packed_float Not Supported
GLX_EXT_framebuffer_sRGB Not Supported
GLX_EXT_import_context Not Supported
GLX_EXT_scene_marker Not Supported
GLX_EXT_texture_from_pixmap Not Supported
GLX_EXT_visual_info Not Supported
GLX_EXT_visual_rating Not Supported
GLX_MESA_agp_offset Not Supported
GLX_MESA_copy_sub_buffer Not Supported
GLX_MESA_pixmap_colormap Not Supported
GLX_MESA_release_buffers Not Supported
GLX_MESA_set_3dfx_mode Not Supported
GLX_NV_present_video Not Supported
GLX_NV_swap_group Not Supported
GLX_NV_video_output Not Supported
GLX_OML_swap_method Not Supported
GLX_OML_sync_control Not Supported
GLX_SGI_cushion Not Supported
GLX_SGI_make_current_read Not Supported
GLX_SGI_swap_control Not Supported
GLX_SGI_video_sync Not Supported
GLX_SGIS_blended_overlay Not Supported
GLX_SGIS_color_range Not Supported
GLX_SGIS_multisample Not Supported
GLX_SGIX_dm_buffer Not Supported
GLX_SGIX_fbconfig Not Supported
GLX_SGIX_hyperpipe Not Supported
GLX_SGIX_pbuffer Not Supported
GLX_SGIX_swap_barrier Not Supported
GLX_SGIX_swap_group Not Supported
GLX_SGIX_video_resize Not Supported
GLX_SGIX_video_source Not Supported
GLX_SGIX_visual_select_group Not Supported
GLX_SUN_get_transparent_index Not Supported
GLX_SUN_video_resize Not Supported
WGL_3DFX_gamma_control Not Supported
WGL_3DFX_multisample Not Supported
WGL_3DL_stereo_control Not Supported
WGL_AMD_gpu_association Supported
WGL_AMDX_gpu_association Supported
WGL_ARB_buffer_region Supported
WGL_ARB_create_context Supported
WGL_ARB_create_context_profile Supported
WGL_ARB_create_context_robustness Not Supported
WGL_ARB_extensions_string Supported
WGL_ARB_framebuffer_sRGB Not Supported
WGL_ARB_make_current_read Supported
WGL_ARB_multisample Supported
WGL_ARB_pbuffer Supported
WGL_ARB_pixel_format Supported
WGL_ARB_pixel_format_float Supported
WGL_ARB_render_texture Supported
WGL_ATI_pbuffer_memory_hint Not Supported
WGL_ATI_pixel_format_float Supported
WGL_ATI_render_texture_rectangle Supported
WGL_EXT_buffer_region Not Supported
WGL_EXT_create_context_es2_profile Not Supported
WGL_EXT_depth_float Not Supported
WGL_EXT_display_color_table Not Supported
WGL_EXT_extensions_string Supported
WGL_EXT_framebuffer_sRGB Supported
WGL_EXT_framebuffer_sRGBWGL_ARB_create_context Not Supported
WGL_EXT_gamma_control Not Supported
WGL_EXT_make_current_read Not Supported
WGL_EXT_multisample Not Supported
WGL_EXT_pbuffer Not Supported
WGL_EXT_pixel_format Not Supported
WGL_EXT_pixel_format_packed_float Supported
WGL_EXT_render_texture Not Supported
WGL_EXT_swap_control Supported
WGL_EXT_swap_interval Not Supported
WGL_I3D_digital_video_control Not Supported
WGL_I3D_gamma Not Supported
WGL_I3D_genlock Supported
WGL_I3D_image_buffer Not Supported
WGL_I3D_swap_frame_lock Not Supported
WGL_I3D_swap_frame_usage Not Supported
WGL_MTX_video_preview Not Supported
WGL_NV_copy_image Not Supported
WGL_NV_DX_interop Not Supported
WGL_NV_float_buffer Supported
WGL_NV_gpu_affinity Not Supported
WGL_NV_multisample_coverage Not Supported
WGL_NV_present_video Not Supported
WGL_NV_render_depth_texture Not Supported
WGL_NV_render_texture_rectangle Not Supported
WGL_NV_swap_group Supported
WGL_NV_vertex_array_range Not Supported
WGL_NV_video_output Not Supported
WGL_NVX_DX_interop Not Supported
WGL_OML_sync_control Not Supported
Supported Compressed Texture Formats:
RGB DXT1 Not Supported
RGBA DXT1 Not Supported
RGBA DXT3 Not Supported
RGBA DXT5 Not Supported
RGB FXT1 Not Supported
RGBA FXT1 Not Supported
3Dc Supported
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
GPGPU
[ Stream: Cayman ]
Device Properties:
Device Name Cayman
GPU Clock 810 MHz
SIMDs 24
UAVs 12
Shader Engines 2
Max Resource 1D Width 16384
Max Resource 2D Width / Height 16384 / 16384
Wavefront Size 64
Pitch Alignment 256 elements
Surface Alignment 4096 bytes
CAL Version 1.4.1385
CAL DLL aticalrt.dll (6.14.10.1385)
Memory Properties:
Memory Clock 1302 MHz
Total / Free Local Memory 2048 MB / 2016 MB
Total / Free Uncached Remote Memory 1844 MB / 1827 MB
Total / Free Cached Remote Memory 1844 MB / 1827 MB
Device Features:
Compute Shader Supported
3D ProgramGrid Supported
Double-Precision Floating-Point Supported
Global Data Share Supported
Global GPR Supported
Local Data Share Supported
Memory Export Supported
CAL Extensions:
CAL/D3D9 Interaction Supported
CAL/D3D10 Interaction Supported
CAL/OpenGL Interaction Not Supported
CAL Counters Supported
Compute Shader Supported
Create Resource Supported
Domain Parameters Supported
Sampler Supported
[ Stream: Cayman ]
Device Properties:
Device Name Cayman
GPU Clock 810 MHz
SIMDs 24
UAVs 12
Shader Engines 2
Max Resource 1D Width 16384
Max Resource 2D Width / Height 16384 / 16384
Wavefront Size 64
Pitch Alignment 256 elements
Surface Alignment 4096 bytes
CAL Version 1.4.1385
CAL DLL aticalrt.dll (6.14.10.1385)
Memory Properties:
Memory Clock 1302 MHz
Total / Free Local Memory 2048 MB / 2016 MB
Total / Free Uncached Remote Memory 1844 MB / 1827 MB
Total / Free Cached Remote Memory 1844 MB / 1827 MB
Device Features:
Compute Shader Supported
3D ProgramGrid Supported
Double-Precision Floating-Point Supported
Global Data Share Supported
Global GPR Supported
Local Data Share Supported
Memory Export Supported
CAL Extensions:
CAL/D3D9 Interaction Supported
CAL/D3D10 Interaction Supported
CAL/OpenGL Interaction Not Supported
CAL Counters Supported
Compute Shader Supported
Create Resource Supported
Domain Parameters Supported
Sampler Supported
[ Direct3D: AMD Radeon HD 6900 Series ]
Device Properties:
Device Name AMD Radeon HD 6900 Series
Driver Name aticfx32.dll
Driver Version 8.17.10.1077
Shader Model SM 5.0
Max Threads 1024
Multiple UAV Access 8 UAVs
Thread Dispatch 3D
Thread Local Storage 32 KB
Device Features:
Append/Consume Buffers Supported
Atomic Operations Supported
Double-Precision Floating-Point Supported
Gather4 Supported
Indirect Compute Dispatch Supported
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
Fonts
Font Family Type Style Character Set Char. Size Char. Weight
@Batang Roman Regular Baltic 16 x 32 40 %
@Batang Roman Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Batang Roman Regular Greek 16 x 32 40 %
@Batang Roman Regular Hangul 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Batang Roman Regular Western 16 x 32 40 %
@BatangChe Modern Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@BatangChe Modern Regular Cyrillic 16 x 32 40 %
@BatangChe Modern Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@BatangChe Modern Regular Turkish 16 x 32 40 %
@BatangChe Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@DFKai-SB Script Regular Western 16 x 32 40 %
@Dotum Swiss Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Dotum Swiss Regular Cyrillic 16 x 32 40 %
@Dotum Swiss Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Dotum Swiss Regular Turkish 16 x 32 40 %
@Dotum Swiss Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@DotumChe Modern Regular Central European 16 x 32 40 %
@DotumChe Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@DotumChe Modern Regular Hangul 16 x 32 40 %
@DotumChe Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@FangSong Modern Regular CHINESE_GB2312 16 x 32 40 %
@FangSong Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Gulim Swiss Regular Central European 16 x 32 40 %
@Gulim Swiss Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Gulim Swiss Regular Hangul 16 x 32 40 %
@Gulim Swiss Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GulimChe Modern Regular Baltic 16 x 32 40 %
@GulimChe Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GulimChe Modern Regular Greek 16 x 32 40 %
@GulimChe Modern Regular Hangul 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GulimChe Modern Regular Western 16 x 32 40 %
@Gungsuh Roman Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Gungsuh Roman Regular Cyrillic 16 x 32 40 %
@Gungsuh Roman Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@Gungsuh Roman Regular Turkish 16 x 32 40 %
@Gungsuh Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GungsuhChe Modern Regular Central European 16 x 32 40 %
@GungsuhChe Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@GungsuhChe Modern Regular Hangul 16 x 32 40 %
@GungsuhChe Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@KaiTi Modern Regular CHINESE_GB2312 16 x 32 40 %
@KaiTi Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 %
@Malgun Gothic Swiss Regular Western 15 x 43 40 %
@Meiryo UI Swiss Regular Baltic 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 %
@Meiryo UI Swiss Regular Cyrillic 17 x 41 40 %
@Meiryo UI Swiss Regular Greek 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 %
@Meiryo UI Swiss Regular Turkish 17 x 41 40 %
@Meiryo UI Swiss Regular Western 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
@Meiryo Swiss Regular Central European 31 x 48 40 %
@Meiryo Swiss Regular Cyrillic 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
@Meiryo Swiss Regular Japanese 31 x 48 40 %
@Meiryo Swiss Regular Turkish 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
@Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 %
@Microsoft JhengHei Swiss Regular Greek 15 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 %
@Microsoft YaHei Swiss Regular Central European 15 x 42 40 %
@Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 %
@Microsoft YaHei Swiss Regular Greek 15 x 42 40 %
@Microsoft YaHei Swiss Regular Turkish 15 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 %
@MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 %
@MingLiU Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MingLiU_HKSCS Roman Regular Western 16 x 32 40 %
@MingLiU_HKSCS-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 %
@MingLiU-ExtB Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Gothic Modern Regular Central European 16 x 32 40 %
@MS Gothic Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Gothic Modern Regular Japanese 16 x 32 40 %
@MS Gothic Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Mincho Modern Regular Baltic 16 x 32 40 %
@MS Mincho Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Mincho Modern Regular Greek 16 x 32 40 %
@MS Mincho Modern Regular Japanese 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@MS Mincho Modern Regular Western 16 x 32 40 %
@MS PGothic Swiss Regular Baltic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS PGothic Swiss Regular Cyrillic 13 x 32 40 %
@MS PGothic Swiss Regular Greek 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS PGothic Swiss Regular Turkish 13 x 32 40 %
@MS PGothic Swiss Regular Western 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS PMincho Roman Regular Central European 13 x 32 40 %
@MS PMincho Roman Regular Cyrillic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS PMincho Roman Regular Japanese 13 x 32 40 %
@MS PMincho Roman Regular Turkish 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS UI Gothic Swiss Regular Baltic 13 x 32 40 %
@MS UI Gothic Swiss Regular Central European 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS UI Gothic Swiss Regular Greek 13 x 32 40 %
@MS UI Gothic Swiss Regular Japanese 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
@MS UI Gothic Swiss Regular Western 13 x 32 40 %
@NSimSun Modern Regular CHINESE_GB2312 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 %
@PMingLiU Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@PMingLiU-ExtB Roman Regular Western 16 x 32 40 %
@SimHei Modern Regular CHINESE_GB2312 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@SimSun Special Regular CHINESE_GB2312 16 x 32 40 %
@SimSun Special Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
@SimSun-ExtB Modern Regular Western 16 x 32 40 %
Aharoni Special Bold Hebrew 15 x 32 70 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 49 40 %
Andalus Roman Regular Western 15 x 49 40 %
Angsana New Roman Regular Thai 8 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 43 40 %
AngsanaUPC Roman Regular Thai 8 x 43 40 %
AngsanaUPC Roman Regular Western 8 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 38 40 %
Arabic Typesetting Script Regular Arabic 9 x 36 40 %
Arabic Typesetting Script Regular Baltic 9 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 36 40 %
Arabic Typesetting Script Regular Turkish 9 x 36 40 %
Arabic Typesetting Script Regular Western 9 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 45 90 %
Arial Black Swiss Regular Central European 18 x 45 90 %
Arial Black Swiss Regular Cyrillic 18 x 45 90 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 45 90 %
Arial Black Swiss Regular Turkish 18 x 45 90 %
Arial Black Swiss Regular Western 18 x 45 90 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Arial Swiss Regular Baltic 14 x 36 40 %
Arial Swiss Regular Central European 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Arial Swiss Regular Greek 14 x 36 40 %
Arial Swiss Regular Hebrew 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Arial Swiss Regular Vietnamese 14 x 36 40 %
Arial Swiss Regular Western 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Batang Roman Regular Central European 16 x 32 40 %
Batang Roman Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Batang Roman Regular Hangul 16 x 32 40 %
Batang Roman Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
BatangChe Modern Regular Baltic 16 x 32 40 %
BatangChe Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
BatangChe Modern Regular Greek 16 x 32 40 %
BatangChe Modern Regular Hangul 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
BatangChe Modern Regular Western 16 x 32 40 %
Browallia New Swiss Regular Thai 9 x 40 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 40 40 %
BrowalliaUPC Swiss Regular Thai 9 x 40 40 %
BrowalliaUPC Swiss Regular Western 9 x 40 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Calibri Swiss Regular Central European 17 x 39 40 %
Calibri Swiss Regular Cyrillic 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Calibri Swiss Regular Turkish 17 x 39 40 %
Calibri Swiss Regular Vietnamese 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Cambria Math Roman Regular Baltic 20 x 179 40 %
Cambria Math Roman Regular Central European 20 x 179 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 179 40 %
Cambria Math Roman Regular Greek 20 x 179 40 %
Cambria Math Roman Regular Turkish 20 x 179 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 179 40 %
Cambria Math Roman Regular Western 20 x 179 40 %
Cambria Roman Regular Baltic 20 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 38 40 %
Cambria Roman Regular Cyrillic 20 x 38 40 %
Cambria Roman Regular Greek 20 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 20 x 38 40 %
Cambria Roman Regular Vietnamese 20 x 38 40 %
Cambria Roman Regular Western 20 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Candara Swiss Regular Central European 17 x 39 40 %
Candara Swiss Regular Cyrillic 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Candara Swiss Regular Turkish 17 x 39 40 %
Candara Swiss Regular Vietnamese 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Comic Sans MS Script Regular Baltic 15 x 45 40 %
Comic Sans MS Script Regular Central European 15 x 45 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 45 40 %
Comic Sans MS Script Regular Greek 15 x 45 40 %
Comic Sans MS Script Regular Turkish 15 x 45 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 45 40 %
Consolas Modern Regular Baltic 18 x 37 40 %
Consolas Modern Regular Central European 18 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 37 40 %
Consolas Modern Regular Greek 18 x 37 40 %
Consolas Modern Regular Turkish 18 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 37 40 %
Consolas Modern Regular Western 18 x 37 40 %
Constantia Roman Regular Baltic 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Constantia Roman Regular Cyrillic 17 x 39 40 %
Constantia Roman Regular Greek 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Constantia Roman Regular Vietnamese 17 x 39 40 %
Constantia Roman Regular Western 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Corbel Swiss Regular Central European 17 x 39 40 %
Corbel Swiss Regular Cyrillic 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Corbel Swiss Regular Turkish 17 x 39 40 %
Corbel Swiss Regular Vietnamese 17 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 39 40 %
Cordia New Swiss Regular Thai 9 x 44 40 %
Cordia New Swiss Regular Western 9 x 44 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 44 40 %
CordiaUPC Swiss Regular Western 9 x 44 40 %
Courier New Modern Regular Arabic 19 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 %
Courier New Modern Regular Central European 19 x 36 40 %
Courier New Modern Regular Cyrillic 19 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 %
Courier New Modern Regular Hebrew 19 x 36 40 %
Courier New Modern Regular Turkish 19 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 36 40 %
Courier New Modern Regular Western 19 x 36 40 %
Courier Modern Western 8 x 13 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 12 x 43 40 %
David Swiss Regular Hebrew 13 x 31 40 %
DFKai-SB Script Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
DilleniaUPC Roman Regular Thai 9 x 42 40 %
DilleniaUPC Roman Regular Western 9 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 62 40 %
DokChampa Swiss Regular Western 19 x 62 40 %
Dotum Swiss Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Dotum Swiss Regular Cyrillic 16 x 32 40 %
Dotum Swiss Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Dotum Swiss Regular Turkish 16 x 32 40 %
Dotum Swiss Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
DotumChe Modern Regular Central European 16 x 32 40 %
DotumChe Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
DotumChe Modern Regular Hangul 16 x 32 40 %
DotumChe Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Ebrima Special Regular Baltic 19 x 43 40 %
Ebrima Special Regular Central European 19 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 43 40 %
Ebrima Special Regular Western 19 x 43 40 %
Estrangelo Edessa Script Regular Western 16 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 39 40 %
EucrosiaUPC Roman Regular Western 9 x 39 40 %
Euphemia Swiss Regular Western 22 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
FangSong Modern Regular Western 16 x 32 40 %
Fixedsys Modern Western 8 x 15 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Franklin Gothic Medium Swiss Regular Central European 14 x 36 40 %
Franklin Gothic Medium Swiss Regular Cyrillic 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Franklin Gothic Medium Swiss Regular Turkish 14 x 36 40 %
Franklin Gothic Medium Swiss Regular Western 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 30 40 %
FreesiaUPC Swiss Regular Thai 9 x 38 40 %
FreesiaUPC Swiss Regular Western 9 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 59 40 %
Gabriola Decorative Regular Central European 16 x 59 40 %
Gabriola Decorative Regular Cyrillic 16 x 59 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 59 40 %
Gabriola Decorative Regular Turkish 16 x 59 40 %
Gabriola Decorative Regular Western 16 x 59 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 56 40 %
Georgia Roman Regular Baltic 14 x 36 40 %
Georgia Roman Regular Central European 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Georgia Roman Regular Greek 14 x 36 40 %
Georgia Roman Regular Turkish 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Gisha Swiss Regular Hebrew 16 x 38 40 %
Gisha Swiss Regular Western 16 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Gulim Swiss Regular Central European 16 x 32 40 %
Gulim Swiss Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Gulim Swiss Regular Hangul 16 x 32 40 %
Gulim Swiss Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GulimChe Modern Regular Baltic 16 x 32 40 %
GulimChe Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GulimChe Modern Regular Greek 16 x 32 40 %
GulimChe Modern Regular Hangul 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GulimChe Modern Regular Western 16 x 32 40 %
Gungsuh Roman Regular Baltic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Gungsuh Roman Regular Cyrillic 16 x 32 40 %
Gungsuh Roman Regular Greek 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Gungsuh Roman Regular Turkish 16 x 32 40 %
Gungsuh Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GungsuhChe Modern Regular Central European 16 x 32 40 %
GungsuhChe Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
GungsuhChe Modern Regular Hangul 16 x 32 40 %
GungsuhChe Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Impact Swiss Regular Baltic 13 x 39 40 %
Impact Swiss Regular Central European 13 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 39 40 %
Impact Swiss Regular Greek 13 x 39 40 %
Impact Swiss Regular Turkish 13 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 39 40 %
IrisUPC Swiss Regular Thai 9 x 40 40 %
IrisUPC Swiss Regular Western 9 x 40 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 22 x 36 40 %
JasmineUPC Roman Regular Thai 9 x 34 40 %
JasmineUPC Roman Regular Western 9 x 34 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
KaiTi Modern Regular Western 16 x 32 40 %
Kalinga Swiss Regular Western 19 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 27 x 46 40 %
Khmer UI Swiss Regular Western 21 x 36 40 %
KodchiangUPC Roman Regular Thai 9 x 31 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 9 x 31 40 %
Kokila Swiss Regular Western 13 x 37 40 %
Lao UI Swiss Regular Western 18 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 23 x 44 40 %
Leelawadee Swiss Regular Thai 17 x 38 40 %
Leelawadee Swiss Regular Western 17 x 38 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 42 40 %
LilyUPC Swiss Regular Thai 9 x 30 40 %
LilyUPC Swiss Regular Western 9 x 30 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 32 40 %
Lucida Console Modern Regular Cyrillic 19 x 32 40 %
Lucida Console Modern Regular Greek 19 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 32 40 %
Lucida Console Modern Regular Western 19 x 32 40 %
Lucida Sans Unicode Swiss Regular Baltic 16 x 49 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 49 40 %
Lucida Sans Unicode Swiss Regular Cyrillic 16 x 49 40 %
Lucida Sans Unicode Swiss Regular Greek 16 x 49 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 49 40 %
Lucida Sans Unicode Swiss Regular Turkish 16 x 49 40 %
Lucida Sans Unicode Swiss Regular Western 16 x 49 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 %
Malgun Gothic Swiss Regular Western 15 x 43 40 %
Mangal Roman Regular Western 19 x 54 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 32 50 %
Meiryo UI Swiss Regular Baltic 17 x 41 40 %
Meiryo UI Swiss Regular Central European 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 %
Meiryo UI Swiss Regular Greek 17 x 41 40 %
Meiryo UI Swiss Regular Japanese 17 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 41 40 %
Meiryo UI Swiss Regular Western 17 x 41 40 %
Meiryo Swiss Regular Baltic 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
Meiryo Swiss Regular Cyrillic 31 x 48 40 %
Meiryo Swiss Regular Greek 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 48 40 %
Meiryo Swiss Regular Turkish 31 x 48 40 %
Meiryo Swiss Regular Western 31 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
Microsoft JhengHei Swiss Regular CHINESE_BIG5 15 x 43 40 %
Microsoft JhengHei Swiss Regular Greek 15 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 43 40 %
Microsoft New Tai Lue Swiss Regular Western 19 x 42 40 %
Microsoft PhagsPa Swiss Regular Western 24 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Baltic 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Central European 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Greek 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Hebrew 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Turkish 14 x 36 40 %
Microsoft Sans Serif Swiss Regular Vietnamese 14 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 36 40 %
Microsoft Tai Le Swiss Regular Western 19 x 41 40 %
Microsoft Uighur Special Regular Arabic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
Microsoft YaHei Swiss Regular Central European 15 x 42 40 %
Microsoft YaHei Swiss Regular CHINESE_GB2312 15 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 %
Microsoft YaHei Swiss Regular Greek 15 x 42 40 %
Microsoft YaHei Swiss Regular Turkish 15 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 42 40 %
Microsoft Yi Baiti Script Regular Western 21 x 32 40 %
MingLiU Modern Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MingLiU_HKSCS Roman Regular CHINESE_BIG5 16 x 32 40 %
MingLiU_HKSCS Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MingLiU_HKSCS-ExtB Roman Regular Western 16 x 32 40 %
MingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
Miriam Fixed Modern Regular Hebrew 19 x 32 40 %
Miriam Swiss Regular Hebrew 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 37 40 %
Mongolian Baiti Script Regular Western 14 x 34 40 %
MoolBoran Swiss Regular Western 13 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Gothic Modern Regular Central European 16 x 32 40 %
MS Gothic Modern Regular Cyrillic 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Gothic Modern Regular Japanese 16 x 32 40 %
MS Gothic Modern Regular Turkish 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Mincho Modern Regular Baltic 16 x 32 40 %
MS Mincho Modern Regular Central European 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Mincho Modern Regular Greek 16 x 32 40 %
MS Mincho Modern Regular Japanese 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
MS Mincho Modern Regular Western 16 x 32 40 %
MS PGothic Swiss Regular Baltic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS PGothic Swiss Regular Cyrillic 13 x 32 40 %
MS PGothic Swiss Regular Greek 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS PGothic Swiss Regular Turkish 13 x 32 40 %
MS PGothic Swiss Regular Western 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS PMincho Roman Regular Central European 13 x 32 40 %
MS PMincho Roman Regular Cyrillic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS PMincho Roman Regular Japanese 13 x 32 40 %
MS PMincho Roman Regular Turkish 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS Sans Serif Swiss Western 5 x 13 40 %
MS Serif Roman Western 5 x 13 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS UI Gothic Swiss Regular Central European 13 x 32 40 %
MS UI Gothic Swiss Regular Cyrillic 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MS UI Gothic Swiss Regular Japanese 13 x 32 40 %
MS UI Gothic Swiss Regular Turkish 13 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 32 40 %
MV Boli Special Regular Western 18 x 52 40 %
Narkisim Swiss Regular Hebrew 12 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
NSimSun Modern Regular Western 16 x 32 40 %
Nyala Special Regular Baltic 18 x 33 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 33 40 %
Nyala Special Regular Turkish 18 x 33 40 %
Nyala Special Regular Western 18 x 33 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 %
Palatino Linotype Roman Regular Central European 14 x 43 40 %
Palatino Linotype Roman Regular Cyrillic 14 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 %
Palatino Linotype Roman Regular Turkish 14 x 43 40 %
Palatino Linotype Roman Regular Vietnamese 14 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 43 40 %
Plantagenet Cherokee Roman Regular Western 14 x 41 40 %
PMingLiU Roman Regular CHINESE_BIG5 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
PMingLiU-ExtB Roman Regular CHINESE_BIG5 16 x 32 40 %
PMingLiU-ExtB Roman Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 53 40 %
Rod Modern Regular Hebrew 19 x 31 40 %
Roman Roman OEM/DOS 22 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 45 40 %
Sakkal Majalla Special Regular Baltic 16 x 45 40 %
Sakkal Majalla Special Regular Central European 16 x 45 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 45 40 %
Sakkal Majalla Special Regular Western 16 x 45 40 %
Script Script OEM/DOS 16 x 36 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 21 x 56 40 %
Segoe Print Special Regular Central European 21 x 56 40 %
Segoe Print Special Regular Cyrillic 21 x 56 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 21 x 56 40 %
Segoe Print Special Regular Turkish 21 x 56 40 %
Segoe Print Special Regular Western 21 x 56 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 22 x 51 40 %
Segoe Script Swiss Regular Central European 22 x 51 40 %
Segoe Script Swiss Regular Cyrillic 22 x 51 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 22 x 51 40 %
Segoe Script Swiss Regular Turkish 22 x 51 40 %
Segoe Script Swiss Regular Western 22 x 51 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 %
Segoe UI Light Swiss Regular Central European 17 x 43 30 %
Segoe UI Light Swiss Regular Cyrillic 17 x 43 30 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 %
Segoe UI Light Swiss Regular Turkish 17 x 43 30 %
Segoe UI Light Swiss Regular Vietnamese 17 x 43 30 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 30 %
Segoe UI Semibold Swiss Regular Baltic 18 x 43 60 %
Segoe UI Semibold Swiss Regular Central European 18 x 43 60 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 43 60 %
Segoe UI Semibold Swiss Regular Greek 18 x 43 60 %
Segoe UI Semibold Swiss Regular Turkish 18 x 43 60 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 43 60 %
Segoe UI Semibold Swiss Regular Western 18 x 43 60 %
Segoe UI Symbol Swiss Regular Western 23 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 %
Segoe UI Swiss Regular Baltic 17 x 43 40 %
Segoe UI Swiss Regular Central European 17 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 %
Segoe UI Swiss Regular Greek 17 x 43 40 %
Segoe UI Swiss Regular Turkish 17 x 43 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 17 x 43 40 %
Segoe UI Swiss Regular Western 17 x 43 40 %
Shonar Bangla Swiss Regular Western 16 x 41 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 54 40 %
SimHei Modern Regular CHINESE_GB2312 16 x 32 40 %
SimHei Modern Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 35 40 %
Simplified Arabic Fixed Modern Regular Western 19 x 35 40 %
Simplified Arabic Roman Regular Arabic 13 x 53 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 53 40 %
SimSun Special Regular CHINESE_GB2312 16 x 32 40 %
SimSun Special Regular Western 16 x 32 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 32 40 %
SimSun-ExtB Modern Regular Western 16 x 32 40 %
Small Fonts Swiss Western 1 x 3 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 42 40 %
Sylfaen Roman Regular Central European 13 x 42 40 %
Sylfaen Roman Regular Cyrillic 13 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 42 40 %
Sylfaen Roman Regular Turkish 13 x 42 40 %
Sylfaen Roman Regular Western 13 x 42 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 19 x 39 40 %
System Swiss Western 7 x 16 70 %
Tahoma Swiss Regular Arabic 14 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 %
Tahoma Swiss Regular Central European 14 x 39 40 %
Tahoma Swiss Regular Cyrillic 14 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 %
Tahoma Swiss Regular Hebrew 14 x 39 40 %
Tahoma Swiss Regular Thai 14 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 14 x 39 40 %
Tahoma Swiss Regular Vietnamese 14 x 39 40 %
Tahoma Swiss Regular Western 14 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 8 x 12 40 %
Times New Roman Roman Regular Arabic 13 x 35 40 %
Times New Roman Roman Regular Baltic 13 x 35 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 %
Times New Roman Roman Regular Cyrillic 13 x 35 40 %
Times New Roman Roman Regular Greek 13 x 35 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 %
Times New Roman Roman Regular Turkish 13 x 35 40 %
Times New Roman Roman Regular Vietnamese 13 x 35 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 13 x 35 40 %
Traditional Arabic Roman Regular Arabic 15 x 48 40 %
Traditional Arabic Roman Regular Western 15 x 48 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 37 40 %
Trebuchet MS Swiss Regular Central European 15 x 37 40 %
Trebuchet MS Swiss Regular Cyrillic 15 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 15 x 37 40 %
Trebuchet MS Swiss Regular Turkish 15 x 37 40 %
Trebuchet MS Swiss Regular Western 15 x 37 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 18 x 53 40 %
Utsaah Swiss Regular Western 13 x 36 40 %
Vani Swiss Regular Western 23 x 54 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 %
Verdana Swiss Regular Central European 16 x 39 40 %
Verdana Swiss Regular Cyrillic 16 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 %
Verdana Swiss Regular Turkish 16 x 39 40 %
Verdana Swiss Regular Vietnamese 16 x 39 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 16 x 39 40 %
Vijaya Swiss Regular Western 19 x 32 40 %
Vrinda Swiss Regular Western 20 x 44 40 %
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 31 x 32 40 %
Wingdings Special Regular Symbol 28 x 36 40 %
Windows Audio
Device Identifier Device Description
midi-out.0 0001 001B Microsoft GS Wavetable Synth
mixer.0 0001 FFFF Speakers (High Definition Audio
mixer.1 0001 FFFF Digital Audio (S/PDIF) (High De
mixer.2 0001 0068 AMD DP Output (2- AMD High De
mixer.3 0001 FFFF Digital Audio (S/PDIF) (High De
mixer.4 0001 FFFF Microphone (High Definition Aud
wave-in.0 0001 FFFF Microphone (High Definition Aud
wave-out.0 0001 FFFF Speakers (High Definition Audio
wave-out.1 0001 FFFF Digital Audio (S/PDIF) (High De
wave-out.2 0001 0064 AMD DP Output (2- AMD High De
wave-out.3 0001 FFFF Digital Audio (S/PDIF) (High De
PCI / PnP Audio
Device Description Type
ATI Radeon HDMI @ AMD Cayman/Antilles - High Definition Audio Controller PCI
ATI Radeon HDMI @ AMD Cayman/Antilles - High Definition Audio Controller PCI
Realtek ALC889 @ Intel Cougar Point PCH - High Definition Audio Controller [B-3] PCI
HD Audio
[ AMD Cayman/Antilles - High Definition Audio Controller ]
Device Properties:
Device Description AMD Cayman/Antilles - High Definition Audio Controller
Device Description (Windows) High Definition Audio Controller
Bus Type PCI
Bus / Device / Function 1 / 0 / 1
Device ID 1002-AA80
Subsystem ID 1043-AA80
Revision 00
Hardware ID PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us-en/Processors/DevelopWithAMD/0,,30_2252_873,00.html
Driver Download http://www.amd.com/us-en/Processors/TechnicalResources/0,,30_182_871_2336,00.html
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
[ ATI Radeon HDMI ]
Device Properties:
Device Description ATI Radeon HDMI
Device Description (Windows) AMD High Definition Audio Device
Device Type Audio
Bus Type HDAUDIO
Device ID 1002-AA01
Subsystem ID 00AA-0100
Revision 1002
Hardware ID HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://ati.amd.com/products/integrated.html
Driver Download http://ati.amd.com/support/driver.html
Driver Update http://www.aida64.com/driver-updates
[ AMD Cayman/Antilles - High Definition Audio Controller ]
Device Properties:
Device Description AMD Cayman/Antilles - High Definition Audio Controller
Device Description (Windows) High Definition Audio Controller
Bus Type PCI
Bus / Device / Function 2 / 0 / 1
Device ID 1002-AA80
Subsystem ID 1043-AA80
Revision 00
Hardware ID PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us-en/Processors/DevelopWithAMD/0,,30_2252_873,00.html
Driver Download http://www.amd.com/us-en/Processors/TechnicalResources/0,,30_182_871_2336,00.html
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
[ ATI Radeon HDMI ]
Device Properties:
Device Description ATI Radeon HDMI
Device Description (Windows) AMD High Definition Audio Device
Device Type Audio
Bus Type HDAUDIO
Device ID 1002-AA01
Subsystem ID 00AA-0100
Revision 1002
Hardware ID HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002
Device Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://ati.amd.com/products/integrated.html
Driver Download http://ati.amd.com/support/driver.html
Driver Update http://www.aida64.com/driver-updates
[ Intel Cougar Point PCH - High Definition Audio Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Device Description (Windows) High Definition Audio Controller
Bus Type PCI
Bus / Device / Function 0 / 27 / 0
Device ID 8086-1C20
Subsystem ID 1043-840F
Revision 05
Hardware ID PCI\VEN_8086&DEV_1C20&SUBSYS_840F1043&REV_05
Device Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/products/chipsets
Driver Download http://support.intel.com/support/chipsets
BIOS Upgrades http://www.aida64.com/bios-updates
Driver Update http://www.aida64.com/driver-updates
[ Realtek ALC889 ]
Device Properties:
Device Description Realtek ALC889
Device Description (Windows) Realtek High Definition Audio
Device Type Audio
Bus Type HDAUDIO
Device ID 10EC-0889
Subsystem ID 1043-840F
Revision 1000
Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_1043840F&REV_1000
Device Manufacturer:
Company Name Realtek Semiconductor Corp.
Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
Driver Download http://www.realtek.com.tw/downloads
Driver Update http://www.aida64.com/driver-updates
OpenAL
OpenAL Properties:
Vendor Creative Labs Inc.
Renderer Software
Version 1.1
Device Name Generic Software
OpenAL DLL 6.14.0357.24
Creative OpenAL DLL Not Present
Wrapper DLL 2.2.0.5
Hardware Sound Buffers 0
X-RAM Not Present
OpenAL Extensions:
AL_EXT_EXPONENT_DISTANCE Supported
AL_EXT_LINEAR_DISTANCE Supported
AL_EXT_OFFSET Supported
ALC_ENUMERATE_ALL_EXT Supported
ALC_ENUMERATION_EXT Supported
ALC_EXT_CAPTURE Supported
ALC_EXT_EFX Supported
EAX Supported
EAX2.0 Supported
EAX3.0 Not Supported
EAX3.0EMULATED Supported
EAX4.0 Not Supported
EAX4.0EMULATED Supported
EAX5.0 Not Supported
EAX-RAM Not Supported
Audio Codecs
[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]
ACM Driver Properties:
Driver Description Fraunhofer IIS MPEG Layer-3 Codec (decode only)
Copyright Notice Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
Driver Features decoder only version
Driver Version 1.09
[ Microsoft ADPCM CODEC ]
ACM Driver Properties:
Driver Description Microsoft ADPCM CODEC
Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation
Driver Features Compresses and decompresses Microsoft ADPCM audio data.
Driver Version 4.00
[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]
ACM Driver Properties:
Driver Description Microsoft CCITT G.711 A-Law and u-Law CODEC
Copyright Notice Copyright (c) 1993-1996 Microsoft Corporation
Driver Features Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
Driver Version 4.00
[ Microsoft GSM 6.10 Audio CODEC ]
ACM Driver Properties:
Driver Description Microsoft GSM 6.10 Audio CODEC
Copyright Notice Copyright (C) 1993-1996 Microsoft Corporation
Driver Features Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
Driver Version 4.00
[ Microsoft IMA ADPCM CODEC ]
ACM Driver Properties:
Driver Description Microsoft IMA ADPCM CODEC
Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation
Driver Features Compresses and decompresses IMA ADPCM audio data.
Driver Version 4.00
[ Microsoft PCM Converter ]
ACM Driver Properties:
Driver Description Microsoft PCM Converter
Copyright Notice Copyright (C) 1992-1996 Microsoft Corporation
Driver Features Converts frequency and bits per sample of PCM audio data.
Driver Version 5.00
Video Codecs
Driver Version Description
frapsvid.dll 3.2.6.12176 Fraps Video Decompressor
iccvid.dll 1.10.0.11 Cinepak® Codec
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
msrle32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft RLE Compressor
msvidc32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Video 1 Compressor
[ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
rtvcvfw32.dll RivaTuner Video Codec
tsbyuv.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Toshiba Video Codec
MCI
[ AVIVideo ]
MCI Device Properties:
Device AVIVideo
Name Video for Windows
Description Video For Windows MCI driver
Type Digital Video Device
Driver mciavi32.dll
Status Enabled
MCI Device Features:
Compound Device Yes
File Based Device Yes
Can Eject No
Can Play Yes
Can Play In Reverse Yes
Can Record No
Can Save Data No
Can Freeze Data No
Can Lock Data No
Can Stretch Frame Yes
Can Stretch Input No
Can Test Yes
Audio Capable Yes
Video Capable Yes
Still Image Capable No
[ CDAudio ]
MCI Device Properties:
Device CDAudio
Name CD Audio
Description MCI driver for cdaudio devices
Type CD Audio Device
Driver mcicda.dll
Status Enabled
MCI Device Features:
Compound Device No
File Based Device No
Can Eject Yes
Can Play Yes
Can Record No
Can Save Data No
Audio Capable Yes
Video Capable No
[ MPEGVideo ]
MCI Device Properties:
Device MPEGVideo
Name DirectShow
Description DirectShow MCI Driver
Type Digital Video Device
Driver mciqtz32.dll
Status Enabled
MCI Device Features:
Compound Device Yes
File Based Device Yes
Can Eject No
Can Play Yes
Can Play In Reverse No
Can Record No
Can Save Data No
Can Freeze Data No
Can Lock Data No
Can Stretch Frame Yes
Can Stretch Input No
Can Test Yes
Audio Capable Yes
Video Capable Yes
Still Image Capable No
[ Sequencer ]
MCI Device Properties:
Device Sequencer
Name MIDI Sequencer
Description MCI driver for MIDI sequencer
Type Sequencer Device
Driver mciseq.dll
Status Enabled
MCI Device Features:
Compound Device Yes
File Based Device Yes
Can Eject No
Can Play Yes
Can Record No
Can Save Data No
Audio Capable Yes
Video Capable No
[ WaveAudio ]
MCI Device Properties:
Device WaveAudio
Name Sound
Description MCI driver for waveform audio
Type Waveform Audio Device
Driver mciwave.dll
Status Enabled
MCI Device Features:
Compound Device Yes
File Based Device Yes
Can Eject No
Can Play Yes
Can Record Yes
Can Save Data Yes
Audio Capable Yes
Video Capable No
Windows Storage
[ SAMSUNG HD103SJ ATA Device ]
Device Properties:
Driver Description SAMSUNG HD103SJ ATA Device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File disk.inf
Disk Device Physical Info:
Manufacturer Samsung
Hard Disk Family SpinPoint F3
Form Factor 3.5"
Formatted Capacity 1000 GB
Disks 2
Recording Surfaces 4
Physical Dimensions 147.0 x 101.5 x 26.1 mm
Max. Weight 625 g
Average Rotational Latency 4.17 ms
Rotational Speed 7200 RPM
Average Seek 8.9 ms
Interface SATA-II
Buffer-to-Host Data Rate 300 MB/s
Buffer Size 32 MB
Spin-Up Time 11 sec
Device Manufacturer:
Company Name Samsung
Product Information http://www.samsung.com/global/business/hdd
[ SanDisk Cruzer Blade USB Device ]
Device Properties:
Driver Description SanDisk Cruzer Blade USB Device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File disk.inf
Device Manufacturer:
Company Name SanDisk Corporation
Product Information http://www.sandisk.com/business-solutions/ssd/landing
[ PIONEER DVD-RW DVR-216D ATA Device ]
Device Properties:
Driver Description PIONEER DVD-RW DVR-216D ATA Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File cdrom.inf
Optical Drive Properties:
Manufacturer Pioneer
Device Type DVD+RW/DVD-RW
Interface SATA
Writing Speeds:
DVD+R9 Dual Layer 12x
DVD+R 20x
DVD+RW 8x
DVD-R9 Dual Layer 12x
DVD-R 20x
DVD-RW 6x
CD-R 40x
CD-RW 32x
Reading Speeds:
DVD-ROM 16x
CD-ROM 40x
Device Manufacturer:
Company Name Pioneer Corporation
Product Information http://www.pioneer-eur.com/eur/productgroups.jsp
Firmware Download http://www.pioneer.eu/eur/support/
[ ATA Channel 0 ]
Device Properties:
Driver Description ATA Channel 0
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ ATA Channel 0 ]
Device Properties:
Driver Description ATA Channel 0
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ ATA Channel 1 ]
Device Properties:
Driver Description ATA Channel 1
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ ATA Channel 1 ]
Device Properties:
Driver Description ATA Channel 1
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ ATA Channel 4 ]
Device Properties:
Driver Description ATA Channel 4
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
[ Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Driver Date 26/04/2011
Driver Version 10.5.0.1026
Driver Provider Intel
INF File oem43.inf
Device Resources:
IRQ 20
Memory FBF25000-FBF257FF
Port F020-F03F
Port F060-F063
Port F070-F077
Port F080-F083
Port F090-F097
[ Standard AHCI 1.0 Serial ATA Controller ]
Device Properties:
Driver Description Standard AHCI 1.0 Serial ATA Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Device Resources:
IRQ 16
Memory FB810000-FB8101FF
Port B000-B00F
Port B010-B013
Port B020-B027
Port B030-B033
Port B040-B047
[ Standard Dual Channel PCI IDE Controller ]
Device Properties:
Driver Description Standard Dual Channel PCI IDE Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Device Resources:
IRQ 19
Memory FB910000-FB9101FF
Port C000-C00F
Port C010-C013
Port C020-C027
Port C030-C033
Port C040-C047
Logical Drives
Drive Drive Type File System Total Size Used Space Free Space % Free Volume Serial
[ TRIAL VERSION ] Local Disk NTFS [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ]
D: Optical Drive
E: Removable Disk FAT32 15251 MB 0 MB 15251 MB 100 % C011-8E7B
F: Optical Drive
Physical Drives
[ Drive #1 - SAMSUNG HD103SJ (931 GB) ]
Partition Partition Type Drive Start Offset Partition Length
#1 (Active) NTFS 1 MB 100 MB
#2 NTFS C: 101 MB 953767 MB
[ Drive #2 - SanDiskCruzer Blade (14 GB) ]
Partition Partition Type Drive Start Offset Partition Length
#1 FAT32 E: 0 MB 15258 MB
Optical Drives
[ D:\ PIONEER DVD-RW DVR-216D ATA Device ]
Optical Drive Properties:
Device Description PIONEER DVD-RW DVR-216D ATA Device
Serial Number HHDP115930WL
Firmware Revision 1.07
Firmware Date 25/07/2008
Buffer Size 2000 KB
Manufacturer Pioneer
Device Type DVD+RW/DVD-RW
Interface SATA
Region Code 2
Remaining User Changes 4
Remaining Vendor Changes 4
Writing Speeds:
DVD+R9 Dual Layer 12x
DVD+R 20x
DVD+RW 8x
DVD-R9 Dual Layer 12x
DVD-R 20x
DVD-RW 6x
CD-R 40x
CD-RW 32x
Reading Speeds:
DVD-ROM 16x
CD-ROM 40x
Supported Disk Types:
BD-ROM Not Supported
BD-R Not Supported
BD-RE Not Supported
HD DVD-ROM Not Supported
HD DVD-R Not Supported
HD DVD-RW Not Supported
DVD-ROM Read
DVD+R9 Dual Layer Read + Write
DVD+R Read + Write
DVD+RW Read + Write
DVD-R9 Dual Layer Read + Write
DVD-R Read + Write
DVD-RW Read + Write
DVD-RAM Read
CD-ROM Read
CD-R Read + Write
CD-RW Read + Write
Optical Drive Features:
Buffer Underrun Protection Supported
C2 Error Pointers Supported
CD+G Not Supported
CD-Text Supported
Hybrid Disc Not Supported
JustLink Not Supported
LabelFlash Not Supported
Layer-Jump Recording Supported
LightScribe Not Supported
Mount Rainier Not Supported
SMART Not Supported
CSS Supported
CPRM Supported
AACS Not Supported
VCPS Not Supported
BD CPS Not Supported
Device Manufacturer:
Company Name Pioneer Corporation
Product Information http://www.pioneer-eur.com/eur/productgroups.jsp
Firmware Download http://www.pioneer.eu/eur/support/
Driver Update http://www.aida64.com/driver-updates
ATA
[ SAMSUNG HD103SJ (S246JR0ZC00154) ]
ATA Device Properties:
Model ID SAMSUNG HD103SJ
Serial Number S246JR0ZC00154
Revision 1AJ10001
World Wide Name 5-0000F0-0C00A5401
Device Type SATA-II
Parameters 1938021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
LBA Sectors 1953525168
Buffer 32767 KB
Multiple Sectors 16
ECC Bytes 4
Unformatted Capacity 953870 MB
ATA Standard ATA8-ACS
ATA Device Features:
48-bit LBA Supported
Advanced Power Management Supported, Disabled
Automatic Acoustic Management Supported, Disabled
Device Configuration Overlay Supported
DMA Setup Auto-Activate Supported, Disabled
General Purpose Logging Supported
Host Protected Area Supported, Enabled
In-Order Data Delivery Not Supported
Native Command Queuing Supported
Phy Event Counters Supported
Power Management Supported, Enabled
Power-Up In Standby Supported, Disabled
Read Look-Ahead Supported, Enabled
Release Interrupt Not Supported
Security Mode Supported, Disabled
SMART Supported, Enabled
SMART Error Logging Supported
SMART Self-Test Supported
Software Settings Preservation Supported, Enabled
Streaming Not Supported
Tagged Command Queuing Not Supported
Write Cache Supported, Enabled
SSD Features:
Data Set Management Not Supported
Deterministic Read After TRIM Not Supported
TRIM Command Not Supported
ATA Device Physical Info:
Manufacturer Samsung
Hard Disk Family SpinPoint F3
Form Factor 3.5"
Formatted Capacity 1000 GB
Disks 2
Recording Surfaces 4
Physical Dimensions 147.0 x 101.5 x 26.1 mm
Max. Weight 625 g
Average Rotational Latency 4.17 ms
Rotational Speed 7200 RPM
Average Seek 8.9 ms
Interface SATA-II
Buffer-to-Host Data Rate 300 MB/s
Buffer Size 32 MB
Spin-Up Time 11 sec
ATA Device Manufacturer:
Company Name Samsung
Product Information http://www.samsung.com/global/business/hdd
Driver Update http://www.aida64.com/driver-updates
SMART
[ SAMSUNG HD103SJ (S246JR0ZC00154) ]
ID Attribute Description Threshold Value Worst Data Status
01 Raw Read Error Rate 51 100 100 1 OK: Value is normal
02 Throughput Performance 0 252 252 0 OK: Always passes
03 Spinup Time 25 73 73 8228 OK: Value is normal
04 Start/Stop Count 0 100 100 107 OK: Always passes
05 Reallocated Sector Count 10 252 252 0 OK: Value is normal
07 Seek Error Rate 51 252 252 0 OK: Value is normal
08 Seek Time Performance 15 252 252 0 OK: Value is normal
09 Power-On Time Count 0 100 100 145 OK: Always passes
0A Spinup Retry Count 51 252 252 0 OK: Value is normal
0B Calibration Retry Count 0 252 252 0 OK: Always passes
0C Power Cycle Count 0 100 100 144 OK: Always passes
BF Mechanical Shock 0 100 100 2 OK: Always passes
C0 Power-Off Retract Count 0 252 252 0 OK: Always passes
C2 Temperature 0 64 64 36, 14, 29 OK: Always passes
C3 Hardware ECC Recovered 0 100 100 0 OK: Always passes
C4 Reallocation Event Count 0 252 252 0 OK: Always passes
C5 Current Pending Sector Count 0 252 252 0 OK: Always passes
C6 Offline Uncorrectable Sector Count 0 252 252 0 OK: Always passes
C7 Ultra ATA CRC Error Rate 0 100 100 1 OK: Always passes
C8 Write Error Rate 0 100 100 98 OK: Always passes
DF Load/Unload Retry Count 0 252 252 0 OK: Always passes
E1 Load/Unload Cycle Count 0 100 100 150 OK: Always passes
Windows Network
[ Intel(R) 82579V Gigabit Network Connection ]
Network Adapter Properties:
Network Adapter Intel(R) 82579V Gigabit Network Connection
Interface Type Gigabit Ethernet
Hardware Address F4-6D-04-11-A0-5E
Connection Name Local Area Connection 3
Connection Speed 1000 Mbps
MTU 1500 bytes
DHCP Lease Obtained 14/06/2011 21:29:13
DHCP Lease Expires 14/06/2011 22:29:13
Bytes Received 582343299 (555.4 MB)
Bytes Sent 26909478 (25.7 MB)
Network Adapter Addresses:
IP / Subnet Mask [ TRIAL VERSION ]
Gateway [ TRIAL VERSION ]
DHCP [ TRIAL VERSION ]
DNS [ TRIAL VERSION ]
DNS [ TRIAL VERSION ]
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Intel(R) 82583V Gigabit Network Connection ]
Network Adapter Properties:
Network Adapter Intel(R) 82583V Gigabit Network Connection
Interface Type Gigabit Ethernet
Hardware Address F4-6D-04-11-9F-A2
Connection Name Local Area Connection 2
MTU 1500 bytes
Bytes Received 0
Bytes Sent 0
Network Adapter Addresses:
DNS [ TRIAL VERSION ]
DNS [ TRIAL VERSION ]
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
PCI / PnP Network
Device Description Type
Intel 82579V Gigabit Network Connection PCI
Intel 82583V Gigabit Network Connection PCI
IAM
[ Microsoft Communities ]
Account Properties:
Account Name Microsoft Communities
Account ID account{8EFE2CA4-8E1B-4DB0-A9E2-42B33335C4A4}.oeaccount
Account Type News (Default)
Connection Name Not Specified (IE Default)
NNTP Server msnews.microsoft.com
Account Features:
NNTP Prompt For Password No
NNTP Secure Authentication No
NNTP Secure Connection No
NNTP Use Group Descriptions No
NNTP Post Using Plain Text Format No
NNTP Post Using HTML Format No
[ Active Directory ]
Account Properties:
Account Name Active Directory
Account ID account{0A6162E2-ED66-422B-9AAC-E4DF4CBFAF92}.oeaccount
Account Type LDAP
Connection Name Not Specified (IE Default)
LDAP Server NULL:3268
LDAP User Name NULL
LDAP Search Base NULL
LDAP Search Timeout 1 min
Account Features:
LDAP Authentication Required Yes
LDAP Secure Authentication Yes
LDAP Secure Connection No
LDAP Simple Search Filter No
[ VeriSign Internet Directory Service ]
Account Properties:
Account Name VeriSign Internet Directory Service
Account ID account{46B4416A-5800-4884-AB52-D9FAB5E64938}.oeaccount
Account Type LDAP
Connection Name Not Specified (IE Default)
LDAP Server directory.verisign.com
LDAP URL http://www.verisign.com
LDAP Search Base NULL
LDAP Search Timeout 1 min
Account Features:
LDAP Authentication Required No
LDAP Secure Authentication No
LDAP Secure Connection No
LDAP Simple Search Filter Yes
Internet
Internet Settings:
Start Page http://go.microsoft.com/fwlink/?LinkId=69157
Search Page http://go.microsoft.com/fwlink/?LinkId=54896
Download Folder C:\Users\muggz\Downloads
Current Proxy:
Proxy Status Disabled
LAN Proxy:
Proxy Status Disabled
Routes
Type Net Destination Netmask Gateway Metric Interface
Active 0.0.0.0 0.0.0.0 192.168.0.1 10 192.168.0.8 (Intel(R) 82579V Gigabit Network Connection #2)
Active 127.0.0.0 255.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1)
Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 306 [ TRIAL VERSION ]
Active 127.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1)
Active 192.168.0.0 255.255.255.0 192.168.0.8 266 192.168.0.8 (Intel(R) 82579V Gigabit Network Connection #2)
Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 266 [ TRIAL VERSION ]
Active 192.168.0.255 255.255.255.255 192.168.0.8 266 192.168.0.8 (Intel(R) 82579V Gigabit Network Connection #2)
Active 224.0.0.0 240.0.0.0 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1)
Active [ TRIAL VERSION ] [ TRIAL VERSION ] [ TRIAL VERSION ] 266 [ TRIAL VERSION ]
Active 255.255.255.255 255.255.255.255 127.0.0.1 306 127.0.0.1 (Software Loopback Interface 1)
Active 255.255.255.255 255.255.255.255 192.168.0.8 266 192.168.0.8 (Intel(R) 82579V Gigabit Network Connection #2)
IE Cookie
Last Access URL
2011-06-10 07:02:02 muggz@onlinestores.metaservices.microsoft.com/serviceswitching/
2011-06-13 18:48:54 muggz@atdmt.com/
2011-06-13 18:48:54 muggz@bing.com/
2011-06-13 18:48:54 muggz@live.com/
2011-06-13 18:48:54 muggz@msn.com/
2011-06-13 18:48:54 muggz@windowsmarketplace.com/
2011-06-13 18:48:54 muggz@workspace.office.live.com/
2011-06-13 18:48:54 muggz@zune.net/
2011-06-14 20:13:43 muggz@amd.com/
Browser History
Last Access URL
2011-06-08 00:42:53 muggz@file:///C:/Users/muggz/Downloads/Realtek_Audio_V51006254_Xp_V6016254_VistaWin7.zip
2011-06-08 17:03:24 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=14
2011-06-08 17:03:24 [ TRIAL VERSION ]
2011-06-09 00:24:01 muggz@file:///C:/Users/muggz/Downloads/The.Apprentice.S11E12.HDTV.XviD-2HD
2011-06-09 00:37:19 muggz@file:///C:/Users/muggz/Downloads/The.Apprentice.UK.S07E04.HDTV.XviD-BARGE/the.apprentice.uk.s0...
2011-06-09 00:37:22 [ TRIAL VERSION ]
2011-06-09 18:12:41 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=40
2011-06-09 18:39:37 muggz@file:///C:/Users/muggz/Downloads/NEC_USB_3_V2040_WindowsXP_Vista_7.zip
2011-06-09 20:53:10 [ TRIAL VERSION ]
2011-06-10 07:08:37 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=26
2011-06-10 07:08:38 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=37
2011-06-10 21:33:53 [ TRIAL VERSION ]
2011-06-10 21:34:10 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Chris%20Cole%20P...
2011-06-10 21:39:47 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Coliseum%20-%20T...
2011-06-10 21:58:30 [ TRIAL VERSION ]
2011-06-10 22:48:08 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=8
2011-06-11 11:32:31 muggz@file:///C:/Users/muggz/AppData/Local/Temp/tmpD690.tmp
2011-06-11 14:54:05 [ TRIAL VERSION ]
2011-06-11 15:00:01 muggz@file:///C:/ProgramData/Futuremark/3DMark%20Vantage/systeminfo/systeminfo.xml
2011-06-11 15:19:30 muggz@file:///C:/Users/muggz/Desktop/local.txt
2011-06-11 16:08:45 [ TRIAL VERSION ]
2011-06-11 16:59:26 muggz@file:///C:/Users/muggz/Downloads/Duke_Nukem_Forever-Razor1911/rzr-dnfr.nfo
2011-06-11 17:00:07 muggz@file:///C:/Users/muggz/Downloads/Duke_Nukem_Forever-Razor1911/rzr-dnfr.001
2011-06-11 17:17:08 [ TRIAL VERSION ]
2011-06-11 17:20:19 muggz@file:///F:/Duke%20Nukem%20Forever_disk1_2.sid
2011-06-11 20:50:47 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Digital%20-%20Ev...
2011-06-11 23:39:59 [ TRIAL VERSION ]
2011-06-12 21:49:13 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=22
2011-06-12 21:49:17 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=13
2011-06-12 22:20:27 [ TRIAL VERSION ]
2011-06-12 22:24:57 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Chomp%20On%20Thi...
2011-06-12 22:25:21 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/Digital%20Skateb...
2011-06-12 22:25:23 [ TRIAL VERSION ]
2011-06-12 22:26:37 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/PUZZLE%20-%20Iss...
2011-06-12 22:29:25 muggz@file:///C:/Users/muggz/Desktop/Super%20Ultra%20Mega%20Skate%20Video%20Torrent/ZERO%20-%20Dying...
2011-06-13 17:03:59 [ TRIAL VERSION ]
2011-06-13 17:07:43 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=59
2011-06-13 17:26:43 muggz@file:///C:/Users/muggz/Downloads/Game.Call%20of%20Duty%206%20MP.7z
2011-06-13 18:11:52 [ TRIAL VERSION ]
2011-06-13 18:25:33 muggz@file:///C:/Users/muggz/Downloads/p95v266.zip
2011-06-13 18:29:04 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=57
2011-06-13 18:29:25 [ TRIAL VERSION ]
2011-06-13 18:34:52 muggz@file:///C:/Users/muggz/Downloads/Widescreen%20Fixer%20(2011-05-27).7z
2011-06-13 20:35:22 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=2
2011-06-13 21:39:56 [ TRIAL VERSION ]
2011-06-13 21:44:35 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=56
2011-06-13 22:00:19 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=19
2011-06-13 22:00:19 [ TRIAL VERSION ]
2011-06-13 23:03:59 muggz@file:///C:/Users/muggz/Downloads/The.Apprentice.UK.S07E05.HDTV.XviD-BARGE/the.apprentice.uk.s0...
2011-06-14 17:10:52 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=15
2011-06-14 17:10:52 [ TRIAL VERSION ]
2011-06-14 18:24:50 muggz@file:///C:/Users/muggz/Downloads/3d-hentai-03.mpg
2011-06-14 18:25:12 muggz@file:///C:/Users/muggz/Downloads/3d-hentai-04.mpg
2011-06-14 18:25:29 [ TRIAL VERSION ]
2011-06-14 18:25:43 muggz@file:///C:/Users/muggz/Downloads/3d-anime-movie-05.mpg
2011-06-14 18:25:57 muggz@file:///C:/Users/muggz/Downloads/3d-anime-movie-06.mpg
2011-06-14 18:26:10 [ TRIAL VERSION ]
2011-06-14 18:27:36 muggz@file:///C:/Users/muggz/Downloads/3d-hentai-2.mpg
2011-06-14 18:28:41 muggz@file:///C:/Users/muggz/Downloads/3d-porn-movie-01.mpg
2011-06-14 19:17:07 [ TRIAL VERSION ]
2011-06-14 19:17:09 muggz@file:///C:/Users/muggz/Downloads/Shift.2.Unleashed-RELOADED/reloaded.nfo
2011-06-14 20:13:45 muggz@http://support.amd.com/us/ccc/Pages/index.aspx?lang=en&cache=43
2011-06-14 21:00:03 [ TRIAL VERSION ]
2011-06-14 21:22:51 muggz@file:///C:/Users/muggz/Downloads/Big.Naturals.20.XXX.DVDRip.XviD-Jiggly/Covers/jiggly-bnatural...
![muggz@file:///C:/Users/muggz/Downloads/Big.Naturals.20.XXX.DVDRip.XviD-Jiggly/Covers/jiggly-bnatural...](mailto:"muggz@file:///C:/Users/muggz/Downloads/Big.Naturals.20.XXX.DVDRip.XviD-Jiggly/Covers/jiggly-bnaturals20-back.jpg"){kind=link}
2011-06-14 21:23:00 muggz@file:///C:/Users/muggz/Downloads/Big.Naturals.20.XXX.DVDRip.XviD-Jiggly/Sample/jiggly-bnatural...
2011-06-14 21:23:49 [ TRIAL VERSION ]
2011-06-14 21:25:10 muggz@file:///C:/Users/muggz/Downloads/Latin.Girl.Booty.Battle.XXX.NTSC.DVDR-CRYMXXX/Sample/crym-lgb...
DirectX Files
Name Version Type Language Size Date
amstream.dll 6.06.7601.17514 Final Retail English 70656 20/11/2010 13:18:03
bdaplgin.ax 6.01.7600.16385 Final Retail English 74240 14/07/2009 02:14:10
d3d8.dll 6.01.7600.16385 Final Retail English 1036800 14/07/2009 02:15:08
d3d8thk.dll 6.01.7600.16385 Final Retail English 11264 14/07/2009 02:15:08
d3d9.dll 6.01.7601.17514 Final Retail English 1828352 20/11/2010 13:18:25
d3dim.dll 6.01.7600.16385 Final Retail English 386048 14/07/2009 02:15:08
d3dim700.dll 6.01.7600.16385 Final Retail English 817664 14/07/2009 02:15:08
d3dramp.dll 6.01.7600.16385 Final Retail English 593920 14/07/2009 02:15:08
d3dxof.dll 6.01.7600.16385 Final Retail English 53760 14/07/2009 02:15:08
ddraw.dll 6.01.7600.16385 Final Retail English 531968 14/07/2009 02:15:10
ddrawex.dll 6.01.7600.16385 Final Retail English 30208 14/07/2009 02:15:10
devenum.dll 6.06.7600.16385 Final Retail English 66560 14/07/2009 02:15:10
dinput.dll 6.01.7600.16385 Final Retail English 136704 14/07/2009 02:15:11
dinput8.dll 6.01.7600.16385 Final Retail English 145408 14/07/2009 02:15:11
dmband.dll 6.01.7600.16385 Final Retail English 30720 14/07/2009 02:15:12
dmcompos.dll 6.01.7600.16385 Final Retail English 63488 14/07/2009 02:15:12
dmime.dll 6.01.7600.16385 Final Retail English 179712 14/07/2009 02:15:12
dmloader.dll 6.01.7600.16385 Final Retail English 38400 14/07/2009 02:15:12
dmscript.dll 6.01.7600.16385 Final Retail English 86016 14/07/2009 02:15:12
dmstyle.dll 6.01.7600.16385 Final Retail English 105984 14/07/2009 02:15:12
dmsynth.dll 6.01.7600.16385 Final Retail English 105472 14/07/2009 02:15:12
dmusic.dll 6.01.7600.16385 Final Retail English 101376 14/07/2009 02:15:12
dplaysvr.exe 6.01.7600.16385 Final Retail English 29184 14/07/2009 02:14:18
dplayx.dll 6.01.7600.16385 Final Retail English 213504 14/07/2009 02:15:12
dpmodemx.dll 6.01.7600.16385 Final Retail English 23040 14/07/2009 02:15:12
dpnaddr.dll 6.01.7601.17514 Final Retail English 2560 20/11/2010 12:57:57
dpnet.dll 6.01.7600.16385 Final Retail English 376832 14/07/2009 02:15:12
dpnhpast.dll 6.01.7600.16385 Final Retail English 7168 14/07/2009 02:15:12
dpnhupnp.dll 6.01.7600.16385 Final Retail English 7168 14/07/2009 02:15:12
dpnlobby.dll 6.01.7600.16385 Final Retail English 2560 14/07/2009 02:04:52
dpnsvr.exe 6.01.7600.16385 Final Retail English 33280 14/07/2009 02:14:18
dpwsockx.dll 6.01.7600.16385 Final Retail English 44032 14/07/2009 02:15:12
dsdmo.dll 6.01.7600.16385 Final Retail English 173568 14/07/2009 02:15:13
dsound.dll 6.01.7600.16385 Final Retail English 453632 14/07/2009 02:15:13
dswave.dll 6.01.7600.16385 Final Retail English 20992 14/07/2009 02:15:13
dxdiagn.dll 6.01.7601.17514 Final Retail English 210432 20/11/2010 13:18:36
dxmasf.dll 12.00.7601.17514 Final Retail English 4096 20/11/2010 13:21:22
encapi.dll 6.01.7600.16385 Final Retail English 20992 14/07/2009 02:15:14
gcdef.dll 6.01.7600.16385 Final Retail English 120832 14/07/2009 02:15:22
iac25_32.ax 2.00.0005.0053 Final Retail English 197632 14/07/2009 02:14:10
ir41_32.ax 4.51.0016.0003 Final Retail English 839680 14/07/2009 02:14:10
ir41_qc.dll 4.30.0062.0002 Final Retail English 120320 14/07/2009 02:15:34
ir41_qcx.dll 4.30.0062.0002 Final Retail English 120320 14/07/2009 02:15:34
ir50_32.dll 5.2562.0015.0055 Final Retail English 746496 14/07/2009 02:15:34
ir50_qc.dll 5.00.0063.0048 Final Retail English 200192 14/07/2009 02:15:34
ir50_qcx.dll 5.00.0063.0048 Final Retail English 200192 14/07/2009 02:15:34
ivfsrc.ax 5.10.0002.0051 Final Retail English 146944 14/07/2009 02:14:10
joy.cpl 6.01.7600.16385 Final Retail English 138240 14/07/2009 02:14:09
ksproxy.ax 6.01.7601.17514 Final Retail English 193536 20/11/2010 13:16:52
kstvtune.ax 6.01.7601.17514 Final Retail English 84480 20/11/2010 13:16:52
ksuser.dll 6.01.7600.16385 Final Retail English 4608 14/07/2009 02:15:35
kswdmcap.ax 6.01.7601.17514 Final Retail English 107008 20/11/2010 13:16:52
ksxbar.ax 6.01.7601.17514 Final Retail English 48640 20/11/2010 13:16:52
mciqtz32.dll 6.06.7601.17514 Final Retail English 36352 20/11/2010 13:19:32
mfc40.dll 4.01.0000.6151 Beta Retail English 954752 20/11/2010 13:19:33
mfc42.dll 6.06.8064.0000 Beta Retail English 1137664 11/03/2011 06:33:59
Microsoft.DirectX.AudioVideoPlayback.dll 5.04.0000.2904 Final Retail English 53248 14/06/2011 19:18:26
Microsoft.DirectX.Diagnostics.dll 5.04.0000.2904 Final Retail English 12800 14/06/2011 19:18:26
Microsoft.DirectX.Direct3D.dll 9.05.0132.0000 Final Retail English 473600 14/06/2011 19:18:26
Microsoft.DirectX.Direct3DX.dll 5.04.0000.3900 Final Retail English 2676224 14/06/2011 19:18:21
Microsoft.DirectX.Direct3DX.dll 9.04.0091.0000 Final Retail English 2846720 14/06/2011 19:18:22
Microsoft.DirectX.Direct3DX.dll 9.05.0132.0000 Final Retail English 563712 14/06/2011 19:18:23
Microsoft.DirectX.Direct3DX.dll 9.06.0168.0000 Final Retail English 567296 14/06/2011 19:18:23
Microsoft.DirectX.Direct3DX.dll 9.07.0239.0000 Final Retail English 576000 14/06/2011 19:18:23
Microsoft.DirectX.Direct3DX.dll 9.08.0299.0000 Final Retail English 577024 14/06/2011 19:18:23
Microsoft.DirectX.Direct3DX.dll 9.09.0376.0000 Final Retail English 577536 14/06/2011 19:18:24
Microsoft.DirectX.Direct3DX.dll 9.10.0455.0000 Final Retail English 577536 14/06/2011 19:18:24
Microsoft.DirectX.Direct3DX.dll 9.11.0519.0000 Final Retail English 578560 14/06/2011 19:18:24
Microsoft.DirectX.Direct3DX.dll 9.12.0589.0000 Final Retail English 578560 14/06/2011 19:18:26
Microsoft.DirectX.DirectDraw.dll 5.04.0000.2904 Final Retail English 145920 14/06/2011 19:18:26
Microsoft.DirectX.DirectInput.dll 5.04.0000.2904 Final Retail English 159232 14/06/2011 19:18:26
Microsoft.DirectX.DirectPlay.dll 5.04.0000.2904 Final Retail English 364544 14/06/2011 19:18:26
Microsoft.DirectX.DirectSound.dll 5.04.0000.2904 Final Retail English 178176 14/06/2011 19:18:26
Microsoft.DirectX.dll 5.04.0000.2904 Final Retail English 223232 14/06/2011 19:18:25
mpeg2data.ax 6.06.7601.17514 Final Retail English 72704 20/11/2010 13:16:52
mpg2splt.ax 6.06.7601.17528 Final Retail English 199680 23/12/2010 06:50:23
msdmo.dll 6.06.7601.17514 Final Retail English 30720 20/11/2010 13:19:46
msdvbnp.ax 6.06.7601.17514 Final Retail English 59904 20/11/2010 13:16:52
msvidctl.dll 6.05.7601.17514 Final Retail English 2291712 20/11/2010 13:19:55
msyuv.dll 6.01.7601.17514 Final Retail English 22528 20/11/2010 13:19:56
pid.dll 6.01.7600.16385 Final Retail English 36352 14/07/2009 02:16:12
psisdecd.dll 6.06.7600.16385 Final Retail English 465408 14/07/2009 02:16:12
psisrndr.ax 6.06.7601.17514 Final Retail English 75776 20/11/2010 13:16:52
qasf.dll 12.00.7601.17514 Final Retail English 206848 20/11/2010 13:20:57
qcap.dll 6.06.7601.17514 Final Retail English 190976 20/11/2010 13:20:57
qdv.dll 6.06.7601.17514 Final Retail English 283136 20/11/2010 13:20:57
qdvd.dll 6.06.7601.17514 Final Retail English 514560 20/11/2010 13:20:57
qedit.dll 6.06.7601.17514 Final Retail English 509440 20/11/2010 13:20:57
qedwipes.dll 6.06.7600.16385 Final Retail English 733184 14/07/2009 02:09:35
quartz.dll 6.06.7601.17514 Final Retail English 1328128 20/11/2010 13:20:59
vbisurf.ax 6.01.7601.17514 Final Retail English 33792 20/11/2010 13:16:52
vfwwdm32.dll 6.01.7601.17514 Final Retail English 56832 20/11/2010 13:21:34
wsock32.dll 6.01.7600.16385 Final Retail English 15360 14/07/2009 02:16:20
DirectX Video
[ Primary Display Driver ]
DirectDraw Device Properties:
DirectDraw Driver Name display
DirectDraw Driver Description Primary Display Driver
Hardware Driver aticfx32.dll (8.17.10.1077)
Hardware Description AMD Radeon HD 6900 Series
Direct3D Device Properties:
Rendering Bit Depths 16, 32
Z-Buffer Bit Depths 16, 24, 32
Multisample Anti-Aliasing Modes MSAA 2x, MSAA 4x, MSAA 8x
Min Texture Size 1 x 1
Max Texture Size 4096 x 4096
Unified Shader Version 5.0
DirectX Hardware Support DirectX v11.0
Direct3D Device Features:
Additive Texture Blending Supported
AGP Texturing Supported
Anisotropic Filtering Supported
Automatic Mipmap Generation Supported
Bilinear Filtering Supported
Compute Shader Supported
Cubic Environment Mapping Supported
Cubic Filtering Not Supported
Decal-Alpha Texture Blending Supported
Decal Texture Blending Supported
Directional Lights Supported
DirectX Texture Compression Supported
DirectX Volumetric Texture Compression Not Supported
Dithering Supported
Dot3 Texture Blending Supported
Double-Precision Floating-Point Supported
Driver Concurrent Creates Supported
Driver Command Lists Not Supported
Dynamic Textures Supported
Edge Anti-Aliasing Not Supported
Environmental Bump Mapping Supported
Environmental Bump Mapping + Luminance Supported
Factor Alpha Blending Supported
Geometric Hidden-Surface Removal Not Supported
Geometry Shader Supported
Guard Band Supported
Hardware Scene Rasterization Supported
Hardware Transform & Lighting Supported
Legacy Depth Bias Supported
Mipmap LOD Bias Adjustments Supported
Mipmapped Cube Textures Supported
Mipmapped Volume Textures Supported
Modulate-Alpha Texture Blending Supported
Modulate Texture Blending Supported
Non-Square Textures Supported
N-Patches Not Supported
Perspective Texture Correction Supported
Point Lights Supported
Point Sampling Supported
Projective Textures Supported
Quintic Bezier Curves & B-Splines Not Supported
Range-Based Fog Supported
Rectangular & Triangular Patches Not Supported
Rendering In Windowed Mode Supported
Scissor Test Supported
Slope-Scale Based Depth Bias Supported
Specular Flat Shading Supported
Specular Gouraud Shading Supported
Specular Phong Shading Not Supported
Spherical Mapping Supported
Spot Lights Supported
Stencil Buffers Supported
Sub-Pixel Accuracy Supported
Subtractive Texture Blending Supported
Table Fog Supported
Texture Alpha Blending Supported
Texture Clamping Supported
Texture Mirroring Supported
Texture Transparency Supported
Texture Wrapping Supported
Triangle Culling Not Supported
Trilinear Filtering Supported
Two-Sided Stencil Test Supported
Vertex Alpha Blending Supported
Vertex Fog Supported
Vertex Tweening Supported
Volume Textures Supported
W-Based Fog Supported
W-Buffering Not Supported
Z-Based Fog Supported
Z-Bias Supported
Z-Test Supported
Supported FourCC Codes:
ATIC Supported
AYUV Supported
DXT1 Supported
DXT2 Supported
DXT3 Supported
DXT4 Supported
DXT5 Supported
GET4 Supported
INST Supported
M2IA Supported
NULL Supported
NV12 Supported
NV21 Supported
R2VB Supported
RESZ Supported
SYV2 Supported
TES1 Supported
TESS Supported
UYVY Supported
YUY2 Supported
YV12 Supported
Video Adapter Manufacturer:
Company Name Advanced Micro Devices, Inc.
Product Information http://www.amd.com/us/products/Pages/graphics.aspx
Driver Download http://sites.amd.com/us/game/downloads/Pages/downloads.aspx
Driver Update http://www.aida64.com/driver-updates
DirectX Sound
[ Primary Sound Driver ]
DirectSound Device Properties:
Device Description Primary Sound Driver
Driver Module
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
[ Speakers (High Definition Audio Device) ]
DirectSound Device Properties:
Device Description Speakers (High Definition Audio Device)
Driver Module {0.0.0.00000000}.{8982b6c8-e53c-4675-b5a3-8fb794f6133a}
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
[ Digital Audio (S/PDIF) (High Definition Audio Device) ]
DirectSound Device Properties:
Device Description Digital Audio (S/PDIF) (High Definition Audio Device)
Driver Module {0.0.0.00000000}.{0c0c9ebd-e655-4e74-8bd2-88c756ba5a0e}
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
[ AMD DP Output (2- AMD High Definition Audio Device) ]
DirectSound Device Properties:
Device Description AMD DP Output (2- AMD High Definition Audio Device)
Driver Module {0.0.0.00000000}.{95981a80-e37f-4b87-8bc7-b2266038d16c}
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
[ Digital Audio (S/PDIF) (High Definition Audio Device) ]
DirectSound Device Properties:
Device Description Digital Audio (S/PDIF) (High Definition Audio Device)
Driver Module {0.0.0.00000000}.{e4ae6f85-39e8-4de1-a60a-a23a363db3bb}
Primary Buffers 1
Min / Max Secondary Buffers Sample Rate 100 / 200000 Hz
Primary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Secondary Buffers Sound Formats 8-bit, 16-bit, Mono, Stereo
Total / Free Sound Buffers 1 / 0
Total / Free Static Sound Buffers 1 / 0
Total / Free Streaming Sound Buffers 1 / 0
Total / Free 3D Sound Buffers 0 / 0
Total / Free 3D Static Sound Buffers 0 / 0
Total / Free 3D Streaming Sound Buffers 0 / 0
DirectSound Device Features:
Certified Driver No
Emulated Device No
Precise Sample Rate Supported
DirectSound3D Not Supported
Creative EAX 1.0 Not Supported
Creative EAX 2.0 Not Supported
Creative EAX 3.0 Not Supported
Creative EAX 4.0 Not Supported
Creative EAX 5.0 Not Supported
I3DL2 Not Supported
Sensaura ZoomFX Not Supported
DirectX Input
[ Mouse ]
DirectInput Device Properties:
Device Description Mouse
Device Type Unknown
Device Subtype Unknown
Axes 3
Buttons/Keys 8
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ Keyboard ]
DirectInput Device Properties:
Device Description Keyboard
Device Type Unknown
Device Subtype Unknown
Buttons/Keys 128
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ G9x Laser Mouse ]
DirectInput Device Properties:
Device Description G9x Laser Mouse
Device Type Unknown
Device Subtype Unknown
Buttons/Keys 652
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ G9x Laser Mouse ]
DirectInput Device Properties:
Device Description G9x Laser Mouse
Device Type Unknown
Device Subtype Unknown
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ G9x Laser Mouse ]
DirectInput Device Properties:
Device Description G9x Laser Mouse
Device Type Unknown
Device Subtype Unknown
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ Ideazon Merc Stealth MM USB Human Interface Device ]
DirectInput Device Properties:
Device Description Ideazon Merc Stealth MM USB Human Interface Device
Device Type Unknown
Device Subtype Unknown
Buttons/Keys 18
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
[ Ideazon Merc Stealth MM USB Human Interface Device ]
DirectInput Device Properties:
Device Description Ideazon Merc Stealth MM USB Human Interface Device
Device Type Unknown
Device Subtype Unknown
DirectInput Device Features:
Emulated Device Yes
Alias Device No
Polled Device No
Polled Data Format No
Attack Force Feedback Not Supported
Deadband Force Feedback Not Supported
Fade Force Feedback Not Supported
Force Feedback Not Supported
Saturation Force Feedback Not Supported
+/- Force Feedback Coefficients Not Supported
+/- Force Feedback Saturation Not Supported
Windows Devices
[ Devices ]
AsusOtherDevices:
EIO Driver 1.9.7.0
Computer:
ACPI x64-based PC 6.1.7600.16385
Disk drives:
SAMSUNG HD103SJ ATA Device 6.1.7600.16385
SanDisk Cruzer Blade USB Device 6.1.7600.16385
Display adapters:
AMD Radeon HD 6900 Series 8.850.6.0
AMD Radeon HD 6900 Series 8.850.6.0
DVD/CD-ROM drives:
PIONEER DVD-RW DVR-216D ATA Device 6.1.7601.17514
Human Interface Devices:
HID-compliant consumer control device 6.1.7600.16385
HID-compliant consumer control device 6.1.7600.16385
HID-compliant device 6.1.7601.17514
HID-compliant device 6.1.7601.17514
HID-compliant device 6.1.7601.17514
Ideazon Merc Stealth MM USB Human Interface Device 1.0.14.1
Ideazon Merc Stealth USB Human Interface Device 1.0.14.1
USB Input Device 6.1.7601.17514
USB Input Device 6.1.7601.17514
IDE ATA/ATAPI controllers:
ATA Channel 0 6.1.7601.17514
ATA Channel 0 6.1.7601.17514
ATA Channel 1 6.1.7601.17514
ATA Channel 1 6.1.7601.17514
ATA Channel 4 6.1.7601.17514
Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02 10.5.0.1026
Standard AHCI 1.0 Serial ATA Controller 6.1.7601.17514
Standard Dual Channel PCI IDE Controller 6.1.7601.17514
Keyboards:
HID Keyboard Device 6.1.7601.17514
HID Keyboard Device 6.1.7601.17514
Mice and other pointing devices:
HID-compliant mouse 6.1.7600.16385
Microsoft Common Controller For Windows Class:
Xbox 360 Wireless Receiver for Windows 2.1.0.1349
Monitors:
Generic PnP Monitor 6.1.7600.16385
Generic PnP Monitor 6.1.7600.16385
Generic PnP Monitor 6.1.7600.16385
Network adapters:
Intel(R) 82579V Gigabit Network Connection #2 11.8.74.0
Intel(R) 82583V Gigabit Network Connection 11.7.32.0
Microsoft ISATAP Adapter #2 6.1.7600.16385
Microsoft ISATAP Adapter 6.1.7600.16385
Teredo Tunneling Pseudo-Interface 6.1.7600.16385
WAN Miniport (IKEv2) 6.1.7601.17514
WAN Miniport (IP) 6.1.7600.16385
WAN Miniport (IPv6) 6.1.7600.16385
WAN Miniport (L2TP) 6.1.7600.16385
WAN Miniport (Network Monitor) 6.1.7600.16385
WAN Miniport (PPPOE) 6.1.7600.16385
WAN Miniport (PPTP) 6.1.7600.16385
WAN Miniport (SSTP) 6.1.7600.16385
Non-Plug and Play Drivers:
ALSysIO
amdkmdag
Ancillary Function Driver for Winsock
AsIO
AsUpIO
Beep
Bitlocker Drive Encryption Filter Driver
CNG
Common Log (CLFS)
cpuz135
Disk Virtual Machine Bus Acceleration Filter Driver
Dynamic Volume Manager
ENTECH64
Hardware Policy Driver
HTTP
Intel AHCI Controller
Kernel Mode Driver Frameworks service
KSecDD
KSecPkg
LDDM Graphics Subsystem
Link-Layer Topology Discovery Mapper I/O Driver
Link-Layer Topology Discovery Responder
Mount Point Manager
msisadrv
NDIS System Driver
NDProxy
NETBT
NetIO Legacy TDI Support Driver
NSI proxy service driver.
Null
Offline Files Driver
PEAUTH
Performance Counters for Windows Driver
QoS Packet Scheduler
RDP Encoder Mirror Driver
RDPCDD
Reflector Display Driver used to gain access to graphics data
Remote Access IPv6 ARP Driver
Security Driver
Security Processor Loader Driver
Storage volumes
System Attribute Cache
TCP/IP Protocol Driver
TCP/IP Registry Compatibility
User Mode Driver Frameworks Platform Driver
VgaSave
Virtual Machine Bus
WFP Lightweight Filter
Windows Firewall Authorization Driver
Portable Devices:
E:\ 6.1.7600.16385
Processors:
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz 6.1.7600.16385
Sound, video and game controllers:
AMD High Definition Audio Device 7.12.0.7701
AMD High Definition Audio Device 7.12.0.7701
Realtek High Definition Audio 6.0.1.6235
Storage volume shadow copies:
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Generic volume shadow copy 6.1.7600.16385
Storage Volumes:
Generic volume 6.1.7601.17514
Generic volume 6.1.7601.17514
Generic volume 6.1.7601.17514
System devices:
2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0100 9.2.0.1011
2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 9.2.0.1011
2nd generation Intel® Core™ processor family PCI Express Controller - 0105 9.2.0.1011
ACPI Fixed Feature Button 6.1.7601.17514
ACPI Power Button 6.1.7601.17514
Atheros Bluetooth Bus 6.17.624.302
Composite Bus Enumerator 6.1.7601.17514
Direct memory access controller 6.1.7601.17514
File as Volume Driver 6.1.7600.16385
High Definition Audio Controller 6.1.7601.17514
High Definition Audio Controller 6.1.7601.17514
High Definition Audio Controller 6.1.7601.17514
High precision event timer 6.1.7601.17514
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C 9.2.0.1015
Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 9.2.0.1011
Intel(R) Management Engine Interface 7.0.0.1118
Intel(R) P67 Express Chipset Family LPC Interface Controller - 1C46 9.2.0.1015
Intel(R) Watchdog Timer Driver (Intel(R) WDT) 7.0.1097.0
Microsoft ACPI-Compliant Embedded Controller 6.1.7601.17514
Microsoft ACPI-Compliant System 6.1.7601.17514
Microsoft System Management BIOS Driver 6.1.7601.17514
Microsoft Virtual Drive Enumerator Driver 6.1.7601.17514
Microsoft Windows Management Interface for ACPI 6.1.7601.17514
Microsoft Windows Management Interface for ACPI 6.1.7601.17514
Motherboard resources 6.1.7601.17514
Motherboard resources 6.1.7601.17514
Motherboard resources 6.1.7601.17514
Numeric data processor 6.1.7601.17514
PCI bus 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
PCI standard PCI-to-PCI bridge 6.1.7601.17514
Plug and Play Software Device Enumerator 6.1.7601.17514
Programmable interrupt controller 6.1.7601.17514
Remote Desktop Device Redirector Bus 6.1.7600.16385
System board 6.1.7601.17514
System board 6.1.7601.17514
System board 6.1.7601.17514
System CMOS/real time clock 6.1.7601.17514
System speaker 6.1.7601.17514
System timer 6.1.7601.17514
Terminal Server Keyboard Driver 6.1.7601.17514
Terminal Server Mouse Driver 6.1.7601.17514
UMBus Enumerator 6.1.7601.17514
UMBus Enumerator 6.1.7601.17514
UMBus Root Bus Enumerator 6.1.7601.17514
Volume Manager 6.1.7601.17514
Universal Serial Bus controllers:
Generic USB Hub 6.1.7601.17514
Generic USB Hub 6.1.7601.17514
Generic USB Hub 6.1.7601.17514
Generic USB Hub 6.1.7601.17514
Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 9.2.0.1013
Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D 9.2.0.1013
Renesas Electronics USB 3.0 Host Controller 2.0.32.0
Renesas Electronics USB 3.0 Host Controller 2.0.32.0
Renesas Electronics USB 3.0 Hub 2.0.32.0
Renesas Electronics USB 3.0 Hub 2.0.32.0
Renesas Electronics USB 3.0 Root Hub 2.0.32.0
Renesas Electronics USB 3.0 Root Hub 2.0.32.0
Unknown Device 6.1.7601.17514
USB Composite Device 6.1.7601.17514
USB Composite Device 6.1.7601.17514
USB Mass Storage Device 6.1.7601.17514
USB Root Hub 6.1.7601.17514
USB Root Hub 6.1.7601.17514
[ AsusOtherDevices / EIO Driver ]
Device Properties:
Driver Description EIO Driver
Driver Date 22/07/2009
Driver Version 1.9.7.0
Driver Provider ASUSTek
INF File oem39.inf
Hardware ID SW\{AE15E82B-26EB-4471-AF71-C1893B2168B9}
[ Computer / ACPI x64-based PC ]
Device Properties:
Driver Description ACPI x64-based PC
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File hal.inf
Hardware ID acpiapic
[ Disk drives / SAMSUNG HD103SJ ATA Device ]
Device Properties:
Driver Description SAMSUNG HD103SJ ATA Device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File disk.inf
Hardware ID IDE\DiskSAMSUNG_HD103SJ_________________________1AJ10001
Location Information Channel 1, Target 0, Lun 0
Device Manufacturer:
Company Name Samsung
Product Information http://www.samsung.com/global/business/hdd
Driver Update http://www.aida64.com/driver-updates
[ Disk drives / SanDisk Cruzer Blade USB Device ]
Device Properties:
Driver Description SanDisk Cruzer Blade USB Device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File disk.inf
Hardware ID USBSTOR\DiskSanDisk_Cruzer_Blade____1.00
Device Manufacturer:
Company Name SanDisk Corporation
Product Information http://www.sandisk.com/business-solutions/ssd/landing
Driver Update http://www.aida64.com/driver-updates
[ Display adapters / AMD Radeon HD 6900 Series ]
Device Properties:
Driver Description AMD Radeon HD 6900 Series
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
INF File oem35.inf
Hardware ID PCI\VEN_1002&DEV_6719&SUBSYS_03BA1043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(1,0,0)
PCI Device Asus EAH6950 Video Adapter
Device Resources:
IRQ 65536
Memory 000A0000-000BFFFF
Memory D0000000-DFFFFFFF
Memory FBE20000-FBE3FFFF
Port 03B0-03BB
Port 03C0-03DF
Port E000-E0FF
Video Adapter Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=r3EWBZcGQvxHvrb4
Driver Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
[ Display adapters / AMD Radeon HD 6900 Series ]
Device Properties:
Driver Description AMD Radeon HD 6900 Series
Driver Date 24/05/2011
Driver Version 8.850.6.0
Driver Provider ATI Technologies Inc.
INF File oem35.inf
Hardware ID PCI\VEN_1002&DEV_6719&SUBSYS_03BA1043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(2,0,0)
PCI Device Asus EAH6950 Video Adapter
Device Resources:
IRQ 65536
Memory C0000000-CFFFFFFF
Memory FBDE0000-FBDFFFFF
Port DF00-DFFF
Video Adapter Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=r3EWBZcGQvxHvrb4
Driver Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
[ DVD/CD-ROM drives / PIONEER DVD-RW DVR-216D ATA Device ]
Device Properties:
Driver Description PIONEER DVD-RW DVR-216D ATA Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File cdrom.inf
Hardware ID IDE\CdRomPIONEER_DVD-RW__DVR-216D________________1.07____
Location Information Channel 4, Target 0, Lun 0
Device Manufacturer:
Company Name Pioneer Corporation
Product Information http://www.pioneer-eur.com/eur/productgroups.jsp
Firmware Download http://www.pioneer.eu/eur/support/
Driver Update http://www.aida64.com/driver-updates
[ Human Interface Devices / HID-compliant consumer control device ]
Device Properties:
Driver Description HID-compliant consumer control device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File hidserv.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_01&Col02
[ Human Interface Devices / HID-compliant consumer control device ]
Device Properties:
Driver Description HID-compliant consumer control device
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File hidserv.inf
Hardware ID HID\VID_1038&PID_0510&REV_0130&MI_01&Col01
[ Human Interface Devices / HID-compliant device ]
Device Properties:
Driver Description HID-compliant device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_01&Col03
[ Human Interface Devices / HID-compliant device ]
Device Properties:
Driver Description HID-compliant device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_01&Col04
[ Human Interface Devices / HID-compliant device ]
Device Properties:
Driver Description HID-compliant device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID HID\VID_1038&PID_0510&REV_0130&MI_01&Col02
[ Human Interface Devices / Ideazon Merc Stealth MM USB Human Interface Device ]
Device Properties:
Driver Description Ideazon Merc Stealth MM USB Human Interface Device
Driver Date 23/07/2007
Driver Version 1.0.14.1
Driver Provider Ideazon
INF File oem40.inf
Hardware ID USB\VID_1038&PID_0510&REV_0130&MI_01
Location Information 0000.001a.0000.001.003.001.003.000.000
[ Human Interface Devices / Ideazon Merc Stealth USB Human Interface Device ]
Device Properties:
Driver Description Ideazon Merc Stealth USB Human Interface Device
Driver Date 23/07/2007
Driver Version 1.0.14.1
Driver Provider Ideazon
INF File oem40.inf
Hardware ID USB\VID_1038&PID_0510&REV_0130&MI_00
Location Information 0000.001a.0000.001.003.001.003.000.000
[ Human Interface Devices / USB Input Device ]
Device Properties:
Driver Description USB Input Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID USB\VID_046D&PID_C066&REV_5802&MI_00
Location Information 0000.001a.0000.001.003.002.000.000.000
[ Human Interface Devices / USB Input Device ]
Device Properties:
Driver Description USB Input Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File input.inf
Hardware ID USB\VID_046D&PID_C066&REV_5802&MI_01
Location Information 0000.001a.0000.001.003.002.000.000.000
[ IDE ATA/ATAPI controllers / ATA Channel 0 ]
Device Properties:
Driver Description ATA Channel 0
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID 197b-2362
Location Information Channel 0
[ IDE ATA/ATAPI controllers / ATA Channel 0 ]
Device Properties:
Driver Description ATA Channel 0
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID 1b4b-9182
Location Information Channel 0
[ IDE ATA/ATAPI controllers / ATA Channel 1 ]
Device Properties:
Driver Description ATA Channel 1
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID 197b-2362
Location Information Channel 1
[ IDE ATA/ATAPI controllers / ATA Channel 1 ]
Device Properties:
Driver Description ATA Channel 1
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID 1b4b-9182
Location Information Channel 1
[ IDE ATA/ATAPI controllers / ATA Channel 4 ]
Device Properties:
Driver Description ATA Channel 4
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID Intel-1c02
Location Information Channel 4
[ IDE ATA/ATAPI controllers / Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Driver Date 26/04/2011
Driver Version 10.5.0.1026
Driver Provider Intel
INF File oem43.inf
Hardware ID PCI\VEN_8086&DEV_1C02&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,2)
PCI Device Intel Cougar Point PCH - SATA AHCI 6-Port Controller [B-3]
Device Resources:
IRQ 20
Memory FBF25000-FBF257FF
Port F020-F03F
Port F060-F063
Port F070-F077
Port F080-F083
Port F090-F097
[ IDE ATA/ATAPI controllers / Standard AHCI 1.0 Serial ATA Controller ]
Device Properties:
Driver Description Standard AHCI 1.0 Serial ATA Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID PCI\VEN_1B4B&DEV_9182&SUBSYS_84931043&REV_10
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(12,0,0)
PCI Device Marvell 88SE9182 SATA 6Gb/s Controller
Device Resources:
IRQ 16
Memory FB810000-FB8101FF
Port B000-B00F
Port B010-B013
Port B020-B027
Port B030-B033
Port B040-B047
[ IDE ATA/ATAPI controllers / Standard Dual Channel PCI IDE Controller ]
Device Properties:
Driver Description Standard Dual Channel PCI IDE Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File mshdc.inf
Hardware ID PCI\VEN_197B&DEV_2362&SUBSYS_84601043&REV_10
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(11,0,0)
PCI Device JMicron JMB362 SATA-II AHCI Controller
Device Resources:
IRQ 19
Memory FB910000-FB9101FF
Port C000-C00F
Port C010-C013
Port C020-C027
Port C030-C033
Port C040-C047
[ Keyboards / HID Keyboard Device ]
Device Properties:
Driver Description HID Keyboard Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File keyboard.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_01&Col01
[ Keyboards / HID Keyboard Device ]
Device Properties:
Driver Description HID Keyboard Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File keyboard.inf
Hardware ID HID\VID_1038&PID_0510&REV_0130&MI_00
[ Mice and other pointing devices / HID-compliant mouse ]
Device Properties:
Driver Description HID-compliant mouse
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File msmouse.inf
Hardware ID HID\VID_046D&PID_C066&REV_5802&MI_00
[ Microsoft Common Controller For Windows Class / Xbox 360 Wireless Receiver for Windows ]
Device Properties:
Driver Description Xbox 360 Wireless Receiver for Windows
Driver Date 13/08/2009
Driver Version 2.1.0.1349
Driver Provider Microsoft
INF File oem38.inf
Hardware ID USB\VID_045E&PID_0719&REV_0100
Location Information Port_#0003.Hub_#0005
[ Monitors / Generic PnP Monitor ]
Device Properties:
Driver Description Generic PnP Monitor
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File monitor.inf
Hardware ID MONITOR\HSD6735
[ Monitors / Generic PnP Monitor ]
Device Properties:
Driver Description Generic PnP Monitor
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File monitor.inf
Hardware ID MONITOR\HSD6735
[ Monitors / Generic PnP Monitor ]
Device Properties:
Driver Description Generic PnP Monitor
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File monitor.inf
Hardware ID MONITOR\HSD6735
[ Network adapters / Intel(R) 82579V Gigabit Network Connection #2 ]
Device Properties:
Driver Description Intel(R) 82579V Gigabit Network Connection #2
Driver Date 21/09/2010
Driver Version 11.8.74.0
Driver Provider Intel
INF File oem17.inf
Hardware ID PCI\VEN_8086&DEV_1503&SUBSYS_849C1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,25,0)
PCI Device Intel 82579V Gigabit Network Connection
Device Resources:
IRQ 65536
Memory FBF00000-FBF1FFFF
Memory FBF28000-FBF28FFF
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Network adapters / Intel(R) 82583V Gigabit Network Connection ]
Device Properties:
Driver Description Intel(R) 82583V Gigabit Network Connection
Driver Date 05/08/2010
Driver Version 11.7.32.0
Driver Provider Intel
INF File oem20.inf
Hardware ID PCI\VEN_8086&DEV_150C&SUBSYS_84571043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(13,0,0)
PCI Device Intel 82583V Gigabit Network Connection
Device Resources:
IRQ 65536
Memory FB700000-FB71FFFF
Memory FB720000-FB723FFF
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Network adapters / Microsoft ISATAP Adapter #2 ]
Device Properties:
Driver Description Microsoft ISATAP Adapter #2
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File nettun.inf
Hardware ID *ISATAP
[ Network adapters / Microsoft ISATAP Adapter ]
Device Properties:
Driver Description Microsoft ISATAP Adapter
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File nettun.inf
Hardware ID *ISATAP
[ Network adapters / Teredo Tunneling Pseudo-Interface ]
Device Properties:
Driver Description Teredo Tunneling Pseudo-Interface
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File nettun.inf
Hardware ID *TEREDO
[ Network adapters / WAN Miniport (IKEv2) ]
Device Properties:
Driver Description WAN Miniport (IKEv2)
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File netavpna.inf
Hardware ID ms_agilevpnminiport
[ Network adapters / WAN Miniport (IP) ]
Device Properties:
Driver Description WAN Miniport (IP)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_ndiswanip
[ Network adapters / WAN Miniport (IPv6) ]
Device Properties:
Driver Description WAN Miniport (IPv6)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_ndiswanipv6
[ Network adapters / WAN Miniport (L2TP) ]
Device Properties:
Driver Description WAN Miniport (L2TP)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_l2tpminiport
[ Network adapters / WAN Miniport (Network Monitor) ]
Device Properties:
Driver Description WAN Miniport (Network Monitor)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_ndiswanbh
[ Network adapters / WAN Miniport (PPPOE) ]
Device Properties:
Driver Description WAN Miniport (PPPOE)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_pppoeminiport
[ Network adapters / WAN Miniport (PPTP) ]
Device Properties:
Driver Description WAN Miniport (PPTP)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netrasa.inf
Hardware ID ms_pptpminiport
[ Network adapters / WAN Miniport (SSTP) ]
Device Properties:
Driver Description WAN Miniport (SSTP)
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File netsstpa.inf
Hardware ID ms_sstpminiport
[ Non-Plug and Play Drivers / ALSysIO ]
Device Properties:
Driver Description ALSysIO
[ Non-Plug and Play Drivers / amdkmdag ]
Device Properties:
Driver Description amdkmdag
[ Non-Plug and Play Drivers / Ancillary Function Driver for Winsock ]
Device Properties:
Driver Description Ancillary Function Driver for Winsock
[ Non-Plug and Play Drivers / AsIO ]
Device Properties:
Driver Description AsIO
[ Non-Plug and Play Drivers / AsUpIO ]
Device Properties:
Driver Description AsUpIO
[ Non-Plug and Play Drivers / Beep ]
Device Properties:
Driver Description Beep
[ Non-Plug and Play Drivers / Bitlocker Drive Encryption Filter Driver ]
Device Properties:
Driver Description Bitlocker Drive Encryption Filter Driver
[ Non-Plug and Play Drivers / CNG ]
Device Properties:
Driver Description CNG
[ Non-Plug and Play Drivers / Common Log (CLFS) ]
Device Properties:
Driver Description Common Log (CLFS)
[ Non-Plug and Play Drivers / cpuz135 ]
Device Properties:
Driver Description cpuz135
[ Non-Plug and Play Drivers / Disk Virtual Machine Bus Acceleration Filter Driver ]
Device Properties:
Driver Description Disk Virtual Machine Bus Acceleration Filter Driver
[ Non-Plug and Play Drivers / Dynamic Volume Manager ]
Device Properties:
Driver Description Dynamic Volume Manager
[ Non-Plug and Play Drivers / ENTECH64 ]
Device Properties:
Driver Description ENTECH64
[ Non-Plug and Play Drivers / Hardware Policy Driver ]
Device Properties:
Driver Description Hardware Policy Driver
[ Non-Plug and Play Drivers / HTTP ]
Device Properties:
Driver Description HTTP
[ Non-Plug and Play Drivers / Intel AHCI Controller ]
Device Properties:
Driver Description Intel AHCI Controller
[ Non-Plug and Play Drivers / Kernel Mode Driver Frameworks service ]
Device Properties:
Driver Description Kernel Mode Driver Frameworks service
[ Non-Plug and Play Drivers / KSecDD ]
Device Properties:
Driver Description KSecDD
[ Non-Plug and Play Drivers / KSecPkg ]
Device Properties:
Driver Description KSecPkg
[ Non-Plug and Play Drivers / LDDM Graphics Subsystem ]
Device Properties:
Driver Description LDDM Graphics Subsystem
[ Non-Plug and Play Drivers / Link-Layer Topology Discovery Mapper I/O Driver ]
Device Properties:
Driver Description Link-Layer Topology Discovery Mapper I/O Driver
[ Non-Plug and Play Drivers / Link-Layer Topology Discovery Responder ]
Device Properties:
Driver Description Link-Layer Topology Discovery Responder
[ Non-Plug and Play Drivers / Mount Point Manager ]
Device Properties:
Driver Description Mount Point Manager
[ Non-Plug and Play Drivers / msisadrv ]
Device Properties:
Driver Description msisadrv
[ Non-Plug and Play Drivers / NDIS System Driver ]
Device Properties:
Driver Description NDIS System Driver
[ Non-Plug and Play Drivers / NDProxy ]
Device Properties:
Driver Description NDProxy
[ Non-Plug and Play Drivers / NETBT ]
Device Properties:
Driver Description NETBT
[ Non-Plug and Play Drivers / NetIO Legacy TDI Support Driver ]
Device Properties:
Driver Description NetIO Legacy TDI Support Driver
[ Non-Plug and Play Drivers / NSI proxy service driver. ]
Device Properties:
Driver Description NSI proxy service driver.
[ Non-Plug and Play Drivers / Null ]
Device Properties:
Driver Description Null
[ Non-Plug and Play Drivers / Offline Files Driver ]
Device Properties:
Driver Description Offline Files Driver
[ Non-Plug and Play Drivers / PEAUTH ]
Device Properties:
Driver Description PEAUTH
[ Non-Plug and Play Drivers / Performance Counters for Windows Driver ]
Device Properties:
Driver Description Performance Counters for Windows Driver
[ Non-Plug and Play Drivers / QoS Packet Scheduler ]
Device Properties:
Driver Description QoS Packet Scheduler
[ Non-Plug and Play Drivers / RDP Encoder Mirror Driver ]
Device Properties:
Driver Description RDP Encoder Mirror Driver
[ Non-Plug and Play Drivers / RDPCDD ]
Device Properties:
Driver Description RDPCDD
[ Non-Plug and Play Drivers / Reflector Display Driver used to gain access to graphics data ]
Device Properties:
Driver Description Reflector Display Driver used to gain access to graphics data
[ Non-Plug and Play Drivers / Remote Access IPv6 ARP Driver ]
Device Properties:
Driver Description Remote Access IPv6 ARP Driver
[ Non-Plug and Play Drivers / Security Driver ]
Device Properties:
Driver Description Security Driver
[ Non-Plug and Play Drivers / Security Processor Loader Driver ]
Device Properties:
Driver Description Security Processor Loader Driver
[ Non-Plug and Play Drivers / Storage volumes ]
Device Properties:
Driver Description Storage volumes
[ Non-Plug and Play Drivers / System Attribute Cache ]
Device Properties:
Driver Description System Attribute Cache
[ Non-Plug and Play Drivers / TCP/IP Protocol Driver ]
Device Properties:
Driver Description TCP/IP Protocol Driver
[ Non-Plug and Play Drivers / TCP/IP Registry Compatibility ]
Device Properties:
Driver Description TCP/IP Registry Compatibility
[ Non-Plug and Play Drivers / User Mode Driver Frameworks Platform Driver ]
Device Properties:
Driver Description User Mode Driver Frameworks Platform Driver
[ Non-Plug and Play Drivers / VgaSave ]
Device Properties:
Driver Description VgaSave
[ Non-Plug and Play Drivers / Virtual Machine Bus ]
Device Properties:
Driver Description Virtual Machine Bus
[ Non-Plug and Play Drivers / WFP Lightweight Filter ]
Device Properties:
Driver Description WFP Lightweight Filter
[ Non-Plug and Play Drivers / Windows Firewall Authorization Driver ]
Device Properties:
Driver Description Windows Firewall Authorization Driver
[ Portable Devices / E:\ ]
Device Properties:
Driver Description E:\
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File wpdfs.inf
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Processors / Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz ]
Device Properties:
Driver Description Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File cpu.inf
Hardware ID ACPI\GenuineIntel_-_Intel64_Family_6_Model_42
[ Sound, video and game controllers / AMD High Definition Audio Device ]
Device Properties:
Driver Description AMD High Definition Audio Device
Driver Date 29/03/2011
Driver Version 7.12.0.7701
Driver Provider Advanced Micro Devices
INF File oem36.inf
Hardware ID HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002
Location Information Internal High Definition Audio Bus
[ Sound, video and game controllers / AMD High Definition Audio Device ]
Device Properties:
Driver Description AMD High Definition Audio Device
Driver Date 29/03/2011
Driver Version 7.12.0.7701
Driver Provider Advanced Micro Devices
INF File oem36.inf
Hardware ID HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002
Location Information Internal High Definition Audio Bus
[ Sound, video and game controllers / Realtek High Definition Audio ]
Device Properties:
Driver Description Realtek High Definition Audio
Driver Date 02/11/2010
Driver Version 6.0.1.6235
Driver Provider Realtek Semiconductor Corp.
INF File oem101.inf
Hardware ID HDAUDIO\FUNC_01&VEN_10EC&DEV_0889&SUBSYS_1043840F&REV_1000
Location Information Internal High Definition Audio Bus
Device Manufacturer:
Company Name Realtek Semiconductor Corp.
Product Information http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
Driver Download http://www.realtek.com.tw/downloads
Driver Update http://www.aida64.com/driver-updates
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage volume shadow copies / Generic volume shadow copy ]
Device Properties:
Driver Description Generic volume shadow copy
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File volsnap.inf
Hardware ID STORAGE\VolumeSnapshot
[ Storage Volumes / Generic volume ]
Device Properties:
Driver Description Generic volume
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File volume.inf
Hardware ID STORAGE\Volume
[ Storage Volumes / Generic volume ]
Device Properties:
Driver Description Generic volume
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File volume.inf
Hardware ID STORAGE\Volume
[ Storage Volumes / Generic volume ]
Device Properties:
Driver Description Generic volume
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File volume.inf
Hardware ID STORAGE\Volume
[ System devices / 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0100 ]
Device Properties:
Driver Description 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0100
Driver Date 10/09/2010
Driver Version 9.2.0.1011
Driver Provider Intel
INF File oem42.inf
Hardware ID PCI\VEN_8086&DEV_0100&SUBSYS_844D1043&REV_09
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,0,0)
PCI Device Intel Sandy Bridge-DT - Host Bridge/DRAM Controller
[ System devices / 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101 ]
Device Properties:
Driver Description 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Driver Date 10/09/2010
Driver Version 9.2.0.1011
Driver Provider Intel
INF File oem42.inf
Hardware ID PCI\VEN_8086&DEV_0101&SUBSYS_844D1043&REV_09
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,1,0)
PCI Device Intel Sandy Bridge-DT - PCI Express Graphics Root Port
Device Resources:
IRQ 16
Memory 000A0000-000BFFFF
Memory D0000000-DFFFFFFF
Memory FBE00000-FBEFFFFF
Port 03B0-03BB
Port 03C0-03DF
Port E000-EFFF
[ System devices / 2nd generation Intel® Core™ processor family PCI Express Controller - 0105 ]
Device Properties:
Driver Description 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
Driver Date 10/09/2010
Driver Version 9.2.0.1011
Driver Provider Intel
INF File oem1.inf
Hardware ID PCI\VEN_8086&DEV_0105&SUBSYS_844D1043&REV_09
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,1,1)
PCI Device Intel Sandy Bridge-MB - PCI Express Graphics Root Port
Device Resources:
IRQ 16
Memory C0000000-CFFFFFFF
Memory FBD00000-FBDFFFFF
Port D000-DFFF
[ System devices / ACPI Fixed Feature Button ]
Device Properties:
Driver Description ACPI Fixed Feature Button
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\FixedButton
[ System devices / ACPI Power Button ]
Device Properties:
Driver Description ACPI Power Button
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C0C
PnP Device Power Button
[ System devices / Atheros Bluetooth Bus ]
Device Properties:
Driver Description Atheros Bluetooth Bus
Driver Date 24/06/2010
Driver Version 6.17.624.302
Driver Provider Atheros Communications
INF File oem7.inf
Hardware ID root\BTATH_BUS
[ System devices / Composite Bus Enumerator ]
Device Properties:
Driver Description Composite Bus Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File compositebus.inf
Hardware ID ROOT\CompositeBus
[ System devices / Direct memory access controller ]
Device Properties:
Driver Description Direct memory access controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0200
PnP Device DMA Controller
Device Resources:
DMA 04
Port 0000-000F
Port 0081-0083
Port 0087-0087
Port 0089-008B
Port 008F-008F
Port 00C0-00DF
[ System devices / File as Volume Driver ]
Device Properties:
Driver Description File as Volume Driver
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File blbdrive.inf
Hardware ID ROOT\BLBDRIVE
[ System devices / High Definition Audio Controller ]
Device Properties:
Driver Description High Definition Audio Controller
Driver Date 19/11/2010
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File hdaudbus.inf
Hardware ID PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(1,0,1)
PCI Device AMD Cayman/Antilles - High Definition Audio Controller
Device Resources:
IRQ 17
Memory FBE40000-FBE43FFF
[ System devices / High Definition Audio Controller ]
Device Properties:
Driver Description High Definition Audio Controller
Driver Date 19/11/2010
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File hdaudbus.inf
Hardware ID PCI\VEN_1002&DEV_AA80&SUBSYS_AA801043&REV_00
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(2,0,1)
PCI Device AMD Cayman/Antilles - High Definition Audio Controller
Device Resources:
IRQ 18
Memory FBD40000-FBD43FFF
[ System devices / High Definition Audio Controller ]
Device Properties:
Driver Description High Definition Audio Controller
Driver Date 19/11/2010
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File hdaudbus.inf
Hardware ID PCI\VEN_8086&DEV_1C20&SUBSYS_840F1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,27,0)
PCI Device Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Device Resources:
IRQ 22
Memory FBF20000-FBF23FFF
[ System devices / High precision event timer ]
Device Properties:
Driver Description High precision event timer
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0103
PnP Device High Precision Event Timer
Device Resources:
Memory FED00000-FED003FF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C10&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,0)
PCI Device Intel Cougar Point PCH - PCI Express Port 1 [B-3]
Device Resources:
IRQ 17
Memory FBC00000-FBCFFFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C12&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,1)
PCI Device Intel Cougar Point PCH - PCI Express Port 2 [B-3]
Device Resources:
IRQ 16
Memory FBB00000-FBBFFFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C14&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,2)
PCI Device Intel Cougar Point PCH - PCI Express Port 3 [B-3]
Device Resources:
IRQ 18
Memory FBA00000-FBAFFFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C16&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,3)
PCI Device Intel Cougar Point PCH - PCI Express Port 4 [B-3]
Device Resources:
IRQ 19
Memory FB900000-FB9FFFFF
Port C000-CFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C18&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,4)
PCI Device Intel Cougar Point PCH - PCI Express Port 5 [B-3]
Device Resources:
IRQ 17
Memory FB800000-FB8FFFFF
Port B000-BFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C1C&SUBSYS_844D1043&REV_B5
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,6)
PCI Device Intel Cougar Point PCH - PCI Express Port 7 [B-3]
Device Resources:
IRQ 18
Memory FB700000-FB7FFFFF
Port A000-AFFF
[ System devices / Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Driver Date 10/09/2010
Driver Version 9.2.0.1011
Driver Provider Intel
INF File oem4.inf
Hardware ID PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,3)
PCI Device Intel Cougar Point PCH - SMBus Controller [B-3]
Device Resources:
IRQ 05
Memory FBF24000-FBF240FF
Port 1180-119F
[ System devices / Intel(R) Management Engine Interface ]
Device Properties:
Driver Description Intel(R) Management Engine Interface
Driver Date 21/09/2010
Driver Version 7.0.0.1118
Driver Provider Intel
INF File oem6.inf
Hardware ID PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,22,0)
PCI Device Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]
Device Resources:
IRQ 21
Memory FBF29000-FBF2900F
[ System devices / Intel(R) P67 Express Chipset Family LPC Interface Controller - 1C46 ]
Device Properties:
Driver Description Intel(R) P67 Express Chipset Family LPC Interface Controller - 1C46
Driver Date 04/10/2010
Driver Version 9.2.0.1015
Driver Provider Intel
INF File oem3.inf
Hardware ID PCI\VEN_8086&DEV_1C46&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,31,0)
PCI Device Intel P67 PCH - LPC Interface Controller [B-3]
[ System devices / Intel(R) Watchdog Timer Driver (Intel(R) WDT) ]
Device Properties:
Driver Description Intel(R) Watchdog Timer Driver (Intel(R) WDT)
Driver Date 18/08/2010
Driver Version 7.0.1097.0
Driver Provider Intel
INF File oem34.inf
Hardware ID ACPI\INT3F0D
PnP Device Intel Watchdog Timer
Device Resources:
Port 0454-0457
[ System devices / Microsoft ACPI-Compliant Embedded Controller ]
Device Properties:
Driver Description Microsoft ACPI-Compliant Embedded Controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C09
PnP Device Embedded Controller Device
Device Resources:
Port 0062-0062
Port 0066-0066
[ System devices / Microsoft ACPI-Compliant System ]
Device Properties:
Driver Description Microsoft ACPI-Compliant System
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File acpi.inf
Hardware ID ACPI_HAL\PNP0C08
PnP Device ACPI Driver/BIOS
Device Resources:
IRQ 100
IRQ 101
IRQ 102
IRQ 103
IRQ 104
IRQ 105
IRQ 106
IRQ 107
IRQ 108
IRQ 109
IRQ 110
IRQ 111
IRQ 112
IRQ 113
IRQ 114
IRQ 115
IRQ 116
IRQ 117
IRQ 118
IRQ 119
IRQ 120
IRQ 121
IRQ 122
IRQ 123
IRQ 124
IRQ 125
IRQ 126
IRQ 127
IRQ 128
IRQ 129
IRQ 130
IRQ 131
IRQ 132
IRQ 133
IRQ 134
IRQ 135
IRQ 136
IRQ 137
IRQ 138
IRQ 139
IRQ 140
IRQ 141
IRQ 142
IRQ 143
IRQ 144
IRQ 145
IRQ 146
IRQ 147
IRQ 148
IRQ 149
IRQ 150
IRQ 151
IRQ 152
IRQ 153
IRQ 154
IRQ 155
IRQ 156
IRQ 157
IRQ 158
IRQ 159
IRQ 160
IRQ 161
IRQ 162
IRQ 163
IRQ 164
IRQ 165
IRQ 166
IRQ 167
IRQ 168
IRQ 169
IRQ 170
IRQ 171
IRQ 172
IRQ 173
IRQ 174
IRQ 175
IRQ 176
IRQ 177
IRQ 178
IRQ 179
IRQ 180
IRQ 181
IRQ 182
IRQ 183
IRQ 184
IRQ 185
IRQ 186
IRQ 187
IRQ 188
IRQ 189
IRQ 190
IRQ 81
IRQ 82
IRQ 83
IRQ 84
IRQ 85
IRQ 86
IRQ 87
IRQ 88
IRQ 89
IRQ 90
IRQ 91
IRQ 92
IRQ 93
IRQ 94
IRQ 95
IRQ 96
IRQ 97
IRQ 98
IRQ 99
[ System devices / Microsoft System Management BIOS Driver ]
Device Properties:
Driver Description Microsoft System Management BIOS Driver
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\mssmbios
[ System devices / Microsoft Virtual Drive Enumerator Driver ]
Device Properties:
Driver Description Microsoft Virtual Drive Enumerator Driver
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\vdrvroot
[ System devices / Microsoft Windows Management Interface for ACPI ]
Device Properties:
Driver Description Microsoft Windows Management Interface for ACPI
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File acpi.inf
Hardware ID ACPI\PNP0C14
PnP Device ACPI Management Interface
[ System devices / Microsoft Windows Management Interface for ACPI ]
Device Properties:
Driver Description Microsoft Windows Management Interface for ACPI
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File acpi.inf
Hardware ID ACPI\pnp0c14
PnP Device ACPI Management Interface
[ System devices / Motherboard resources ]
Device Properties:
Driver Description Motherboard resources
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C02
PnP Device Thermal Monitoring ACPI Device
[ System devices / Motherboard resources ]
Device Properties:
Driver Description Motherboard resources
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C02
PnP Device Thermal Monitoring ACPI Device
Device Resources:
Port 0010-001F
Port 0022-003F
Port 0044-005F
Port 0063-0063
Port 0065-0065
Port 0067-006F
Port 0072-007F
Port 0080-0080
Port 0084-0086
Port 0088-0088
Port 008C-008E
Port 0090-009F
Port 00A2-00BF
Port 00E0-00EF
Port 04D0-04D1
[ System devices / Motherboard resources ]
Device Properties:
Driver Description Motherboard resources
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C02
PnP Device Thermal Monitoring ACPI Device
Device Resources:
Port 0290-029F
[ System devices / Numeric data processor ]
Device Properties:
Driver Description Numeric data processor
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C04
PnP Device Numeric Data Processor
Device Resources:
IRQ 13
Port 00F0-00FF
[ System devices / PCI bus ]
Device Properties:
Driver Description PCI bus
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0A08
PnP Device ACPI Three-wire Device Bus
Device Resources:
Memory 000A0000-000BFFFF
Memory 000C8000-000DFFFF
Memory C0000000-FFFFFFFF
Port 0000-0CF7
Port 0D00-FFFF
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(3,0,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 16
Memory FBC00000-FBC1FFFF
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(4,0,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 16
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(4,5,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 17
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(4,7,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 19
[ System devices / PCI standard PCI-to-PCI bridge ]
Device Properties:
Driver Description PCI standard PCI-to-PCI bridge
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(4,9,0)
PCI Device PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Device Resources:
IRQ 17
[ System devices / Plug and Play Software Device Enumerator ]
Device Properties:
Driver Description Plug and Play Software Device Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID root\swenum
[ System devices / Programmable interrupt controller ]
Device Properties:
Driver Description Programmable interrupt controller
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0000
PnP Device Programmable Interrupt Controller
Device Resources:
Port 0020-0021
Port 00A0-00A1
[ System devices / Remote Desktop Device Redirector Bus ]
Device Properties:
Driver Description Remote Desktop Device Redirector Bus
Driver Date 21/06/2006
Driver Version 6.1.7600.16385
Driver Provider Microsoft
INF File rdpbus.inf
Hardware ID ROOT\RDPBUS
[ System devices / System board ]
Device Properties:
Driver Description System board
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C01
PnP Device System Board Extension
[ System devices / System board ]
Device Properties:
Driver Description System board
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C01
PnP Device System Board Extension
Device Resources:
Memory FEC00000-FECFFFFF
Memory FED08000-FED08FFF
Memory FED1C000-FED1FFFF
Memory FF000000-FFFFFFFF
Port 0400-0453
Port 0458-047F
Port 0500-057F
Port 1180-119F
[ System devices / System board ]
Device Properties:
Driver Description System board
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0C01
PnP Device System Board Extension
Device Resources:
Memory E0000000-E3FFFFFF
Memory FED10000-FED19FFF
Memory FED20000-FED3FFFF
Memory FED90000-FED93FFF
Memory FEE00000-FEE0FFFF
[ System devices / System CMOS/real time clock ]
Device Properties:
Driver Description System CMOS/real time clock
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0B00
PnP Device Real-Time Clock
Device Resources:
IRQ 08
Port 0070-0071
[ System devices / System speaker ]
Device Properties:
Driver Description System speaker
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0800
PnP Device PC Speaker
Device Resources:
Port 0061-0061
[ System devices / System timer ]
Device Properties:
Driver Description System timer
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ACPI\PNP0100
PnP Device System Timer
Device Resources:
IRQ 00
Port 0040-0043
[ System devices / Terminal Server Keyboard Driver ]
Device Properties:
Driver Description Terminal Server Keyboard Driver
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\RDP_KBD
[ System devices / Terminal Server Mouse Driver ]
Device Properties:
Driver Description Terminal Server Mouse Driver
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\RDP_MOU
[ System devices / UMBus Enumerator ]
Device Properties:
Driver Description UMBus Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File umbus.inf
Hardware ID UMB\UMBUS
[ System devices / UMBus Enumerator ]
Device Properties:
Driver Description UMBus Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File umbus.inf
Hardware ID UMB\UMBUS
[ System devices / UMBus Root Bus Enumerator ]
Device Properties:
Driver Description UMBus Root Bus Enumerator
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File umbus.inf
Hardware ID root\umbus
[ System devices / Volume Manager ]
Device Properties:
Driver Description Volume Manager
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File machine.inf
Hardware ID ROOT\VOLMGR
[ Universal Serial Bus controllers / Generic USB Hub ]
Device Properties:
Driver Description Generic USB Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_8087&PID_0024&REV_0000
Location Information Port_#0001.Hub_#0002
[ Universal Serial Bus controllers / Generic USB Hub ]
Device Properties:
Driver Description Generic USB Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_8087&PID_0024&REV_0000
Location Information Port_#0001.Hub_#0001
[ Universal Serial Bus controllers / Generic USB Hub ]
Device Properties:
Driver Description Generic USB Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_2109&PID_3431&REV_0275
Location Information Port_#0003.Hub_#0003
[ Universal Serial Bus controllers / Generic USB Hub ]
Device Properties:
Driver Description Generic USB Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_0409&PID_005A&REV_0100
Location Information Port_#0001.Hub_#0005
[ Universal Serial Bus controllers / Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Driver Date 16/09/2010
Driver Version 9.2.0.1013
Driver Provider Intel
INF File oem5.inf
Hardware ID PCI\VEN_8086&DEV_1C26&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,29,0)
PCI Device Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
Device Resources:
IRQ 23
Memory FBF26000-FBF263FF
[ Universal Serial Bus controllers / Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D ]
Device Properties:
Driver Description Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Driver Date 16/09/2010
Driver Version 9.2.0.1013
Driver Provider Intel
INF File oem5.inf
Hardware ID PCI\VEN_8086&DEV_1C2D&SUBSYS_844D1043&REV_05
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,26,0)
PCI Device Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
Device Resources:
IRQ 23
Memory FBF27000-FBF273FF
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Host Controller ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Host Controller
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem32.inf
Hardware ID PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(10,0,0)
PCI Device NEC uPD720200 USB 3.0 Host Controller
Device Resources:
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
Memory FBA00000-FBA01FFF
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Host Controller ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Host Controller
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem32.inf
Hardware ID PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04
Location Information @system32\drivers\pci.sys,#65536;PCI bus %1, device %2, function %3;(9,0,0)
PCI Device NEC uPD720200 USB 3.0 Host Controller
Device Resources:
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
IRQ 65536
Memory FBB00000-FBB01FFF
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Hub ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Hub
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem33.inf
Hardware ID USB\VID_2109&PID_0810&REV_0375
Location Information Port_#0001.Hub_#0002
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Hub ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Hub
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem33.inf
Hardware ID USB\VID_2109&PID_0810&REV_0375
Location Information Port_#0001.Hub_#0001
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Root Hub ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Root Hub
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem33.inf
Hardware ID NUSB3\ROOT_HUB30
[ Universal Serial Bus controllers / Renesas Electronics USB 3.0 Root Hub ]
Device Properties:
Driver Description Renesas Electronics USB 3.0 Root Hub
Driver Date 10/12/2010
Driver Version 2.0.32.0
Driver Provider Renesas Electronics
INF File oem33.inf
Hardware ID NUSB3\ROOT_HUB30
[ Universal Serial Bus controllers / Unknown Device ]
Device Properties:
Driver Description Unknown Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\UNKNOWN
Location Information Port_#0004.Hub_#0003
[ Universal Serial Bus controllers / USB Composite Device ]
Device Properties:
Driver Description USB Composite Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_046D&PID_C066&REV_5802
Location Information Port_#0002.Hub_#0005
[ Universal Serial Bus controllers / USB Composite Device ]
Device Properties:
Driver Description USB Composite Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usb.inf
Hardware ID USB\VID_1038&PID_0510&REV_0130
Location Information Port_#0003.Hub_#0006
[ Universal Serial Bus controllers / USB Mass Storage Device ]
Device Properties:
Driver Description USB Mass Storage Device
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usbstor.inf
Hardware ID USB\VID_0781&PID_5567&REV_0100
Location Information Port_#0004.Hub_#0005
[ Universal Serial Bus controllers / USB Root Hub ]
Device Properties:
Driver Description USB Root Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usbport.inf
Hardware ID USB\ROOT_HUB20&VID8086&PID1C2D&REV0005
[ Universal Serial Bus controllers / USB Root Hub ]
Device Properties:
Driver Description USB Root Hub
Driver Date 21/06/2006
Driver Version 6.1.7601.17514
Driver Provider Microsoft
INF File usbport.inf
Hardware ID USB\ROOT_HUB20&VID8086&PID1C26&REV0005
Physical Devices
PCI Devices:
Bus 1, Device 0, Function 1 AMD Cayman/Antilles - High Definition Audio Controller
Bus 2, Device 0, Function 1 AMD Cayman/Antilles - High Definition Audio Controller
Bus 1, Device 0, Function 0 Asus EAH6950 Video Adapter
Bus 2, Device 0, Function 0 Asus EAH6950 Video Adapter
Bus 0, Device 25, Function 0 Intel 82579V Gigabit Network Connection
Bus 13, Device 0, Function 0 Intel 82583V Gigabit Network Connection
Bus 0, Device 27, Function 0 Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Bus 0, Device 22, Function 0 Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]
Bus 0, Device 28, Function 0 Intel Cougar Point PCH - PCI Express Port 1 [B-3]
Bus 0, Device 28, Function 1 Intel Cougar Point PCH - PCI Express Port 2 [B-3]
Bus 0, Device 28, Function 2 Intel Cougar Point PCH - PCI Express Port 3 [B-3]
Bus 0, Device 28, Function 3 Intel Cougar Point PCH - PCI Express Port 4 [B-3]
Bus 0, Device 28, Function 4 Intel Cougar Point PCH - PCI Express Port 5 [B-3]
Bus 0, Device 28, Function 6 Intel Cougar Point PCH - PCI Express Port 7 [B-3]
Bus 0, Device 31, Function 2 Intel Cougar Point PCH - SATA AHCI 6-Port Controller [B-3]
Bus 0, Device 31, Function 3 Intel Cougar Point PCH - SMBus Controller [B-3]
Bus 0, Device 31, Function 6 Intel Cougar Point PCH - Thermal Management Controller [B-3]
Bus 0, Device 29, Function 0 Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
Bus 0, Device 26, Function 0 Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
Bus 0, Device 31, Function 0 Intel P67 PCH - LPC Interface Controller [B-3]
Bus 0, Device 0, Function 0 Intel Sandy Bridge-DT - Host Bridge/DRAM Controller
Bus 0, Device 1, Function 0 Intel Sandy Bridge-DT - PCI Express Graphics Root Port
Bus 0, Device 1, Function 1 Intel Sandy Bridge-MB - PCI Express Graphics Root Port
Bus 11, Device 0, Function 0 JMicron JMB362 SATA-II AHCI Controller
Bus 12, Device 0, Function 0 Marvell 88SE9182 SATA 6Gb/s Controller
Bus 9, Device 0, Function 0 NEC uPD720200 USB 3.0 Host Controller
Bus 10, Device 0, Function 0 NEC uPD720200 USB 3.0 Host Controller
Bus 3, Device 0, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus 4, Device 0, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus 4, Device 5, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus 4, Device 7, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus 4, Device 9, Function 0 PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
PnP Devices:
PNP0C08 ACPI Driver/BIOS
FIXEDBUTTON ACPI Fixed Feature Button
PNP0C14 ACPI Management Interface
PNP0C14 ACPI Management Interface
PNP0A08 ACPI Three-wire Device Bus
PNP0200 DMA Controller
PNP0C09 Embedded Controller Device
PNP0103 High Precision Event Timer
INT3F0D Intel Watchdog Timer
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I7-2600K_CPU_@_3.40GHZ Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
ISATAP Microsoft ISATAP Adapter #2
ISATAP Microsoft ISATAP Adapter
PNP0C04 Numeric Data Processor
PNP0800 PC Speaker
PNP0C0C Power Button
PNP0000 Programmable Interrupt Controller
PNP0B00 Real-Time Clock
PNP0C01 System Board Extension
PNP0C01 System Board Extension
PNP0C01 System Board Extension
PNP0100 System Timer
TEREDO Teredo Tunneling Pseudo-Interface
PNP0C02 Thermal Monitoring ACPI Device
PNP0C02 Thermal Monitoring ACPI Device
PNP0C02 Thermal Monitoring ACPI Device
USB Devices:
0409 005A Generic USB Hub
2109 3431 Generic USB Hub
8087 0024 Generic USB Hub
8087 0024 Generic USB Hub
1038 0510 Ideazon Merc Stealth MM USB Human Interface Device
1038 0510 Ideazon Merc Stealth USB Human Interface Device
2109 0810 Renesas Electronics USB 3.0 Hub
2109 0810 Renesas Electronics USB 3.0 Hub
0000 0000 Unknown Device
046D C066 USB Composite Device
1038 0510 USB Composite Device
046D C066 USB Input Device
046D C066 USB Input Device
0781 5567 USB Mass Storage Device
045E 0719 Xbox 360 Wireless Receiver for Windows
PCI Devices
[ AMD Cayman/Antilles - High Definition Audio Controller ]
Device Properties:
Device Description AMD Cayman/Antilles - High Definition Audio Controller
Bus Type PCI Express 2.0 x16
Bus / Device / Function 1 / 0 / 1
Device ID 1002-AA80
Subsystem ID 1043-AA80
Device Class 0403 (High Definition Audio)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ AMD Cayman/Antilles - High Definition Audio Controller ]
Device Properties:
Device Description AMD Cayman/Antilles - High Definition Audio Controller
Bus Type PCI Express 2.0 x16
Bus / Device / Function 2 / 0 / 1
Device ID 1002-AA80
Subsystem ID 1043-AA80
Device Class 0403 (High Definition Audio)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Asus EAH6950 Video Adapter ]
Device Properties:
Device Description Asus EAH6950 Video Adapter
Bus Type PCI Express 2.0 x16
Bus / Device / Function 1 / 0 / 0
Device ID 1002-6719
Subsystem ID 1043-03BA
Device Class 0300 (VGA Display Controller)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
Video Adapter Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=r3EWBZcGQvxHvrb4
Driver Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
[ Asus EAH6950 Video Adapter ]
Device Properties:
Device Description Asus EAH6950 Video Adapter
Bus Type PCI Express 2.0 x16
Bus / Device / Function 2 / 0 / 0
Device ID 1002-6719
Subsystem ID 1043-03BA
Device Class 0300 (VGA Display Controller)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
Video Adapter Manufacturer:
Company Name ASUSTeK Computer Inc.
Product Information http://www.asus.com/ProductGroup2.aspx?PG_ID=r3EWBZcGQvxHvrb4
Driver Download http://support.asus.com/download/download.aspx?SLanguage=en-us
Driver Update http://www.aida64.com/driver-updates
[ Intel 82579V Gigabit Network Connection ]
Device Properties:
Device Description Intel 82579V Gigabit Network Connection
Bus Type PCI
Bus / Device / Function 0 / 25 / 0
Device ID 8086-1503
Subsystem ID 1043-849C
Device Class 0200 (Ethernet Controller)
Revision 05
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Intel 82583V Gigabit Network Connection ]
Device Properties:
Device Description Intel 82583V Gigabit Network Connection
Bus Type PCI Express 1.0 x1
Bus / Device / Function 13 / 0 / 0
Device ID 8086-150C
Subsystem ID 1043-8457
Device Class 0200 (Ethernet Controller)
Revision 00
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
Network Adapter Manufacturer:
Company Name Intel Corporation
Product Information http://www.intel.com/embedded
Driver Download http://www.intel.com/support/network
Driver Update http://www.aida64.com/driver-updates
[ Intel Cougar Point PCH - High Definition Audio Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - High Definition Audio Controller [B-3]
Bus Type PCI Express 1.0
Bus / Device / Function 0 / 27 / 0
Device ID 8086-1C20
Subsystem ID 1043-840F
Device Class 0403 (High Definition Audio)
Revision 05
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] ]
Device Properties:
Device Description Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]
Bus Type PCI
Bus / Device / Function 0 / 22 / 0
Device ID 8086-1C3A
Subsystem ID 1043-844D
Device Class 0780 (Communications Controller)
Revision 04
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 1 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 1 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 0
Device ID 8086-1C10
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 2 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 2 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 1
Device ID 8086-1C12
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 3 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 3 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 2
Device ID 8086-1C14
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 4 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 4 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 3
Device ID 8086-1C16
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 5 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 5 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 4
Device ID 8086-1C18
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - PCI Express Port 7 [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - PCI Express Port 7 [B-3]
Bus Type PCI
Bus / Device / Function 0 / 28 / 6
Device ID 8086-1C1C
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision B5
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - SATA AHCI 6-Port Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - SATA AHCI 6-Port Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 31 / 2
Device ID 8086-1C02
Subsystem ID 1043-844D
Device Class 0106 (SATA Controller)
Revision 05
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - SMBus Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - SMBus Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 31 / 3
Device ID 8086-1C22
Subsystem ID 1043-844D
Device Class 0C05 (SMBus Controller)
Revision 05
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Not Supported
Bus Mastering Disabled
[ Intel Cougar Point PCH - Thermal Management Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - Thermal Management Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 31 / 6
Device ID 8086-1C24
Subsystem ID 0000-0000
Device Class 1180 (Data Acquisition / Signal Processing Controller)
Revision 05
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Disabled
[ Intel Cougar Point PCH - USB EHCI #1 Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 29 / 0
Device ID 8086-1C26
Subsystem ID 1043-844D
Device Class 0C03 (USB Controller)
Revision 05
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Cougar Point PCH - USB EHCI #2 Controller [B-3] ]
Device Properties:
Device Description Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 26 / 0
Device ID 8086-1C2D
Subsystem ID 1043-844D
Device Class 0C03 (USB Controller)
Revision 05
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel P67 PCH - LPC Interface Controller [B-3] ]
Device Properties:
Device Description Intel P67 PCH - LPC Interface Controller [B-3]
Bus Type PCI
Bus / Device / Function 0 / 31 / 0
Device ID 8086-1C46
Subsystem ID 1043-844D
Device Class 0601 (PCI/ISA Bridge)
Revision 05
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Sandy Bridge-DT - Host Bridge/DRAM Controller ]
Device Properties:
Device Description Intel Sandy Bridge-DT - Host Bridge/DRAM Controller
Bus Type PCI
Bus / Device / Function 0 / 0 / 0
Device ID 8086-0100
Subsystem ID 1043-844D
Device Class 0600 (Host/PCI Bridge)
Revision 09
Fast Back-to-Back Transactions Supported, Disabled
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Sandy Bridge-DT - PCI Express Graphics Root Port ]
Device Properties:
Device Description Intel Sandy Bridge-DT - PCI Express Graphics Root Port
Bus Type PCI
Bus / Device / Function 0 / 1 / 0
Device ID 8086-0101
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision 09
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Intel Sandy Bridge-MB - PCI Express Graphics Root Port ]
Device Properties:
Device Description Intel Sandy Bridge-MB - PCI Express Graphics Root Port
Bus Type PCI
Bus / Device / Function 0 / 1 / 1
Device ID 8086-0105
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision 09
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ JMicron JMB362 SATA-II AHCI Controller ]
Device Properties:
Device Description JMicron JMB362 SATA-II AHCI Controller
Bus Type PCI Express 1.0 x1
Bus / Device / Function 11 / 0 / 0
Device ID 197B-2362
Subsystem ID 1043-8460
Device Class 0101 (IDE Controller)
Revision 10
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ Marvell 88SE9182 SATA 6Gb/s Controller ]
Device Properties:
Device Description Marvell 88SE9182 SATA 6Gb/s Controller
Bus Type PCI Express 2.0 x2
Bus / Device / Function 12 / 0 / 0
Device ID 1B4B-9182
Subsystem ID 1043-8493
Device Class 0106 (SATA Controller)
Revision 10
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ NEC uPD720200 USB 3.0 Host Controller ]
Device Properties:
Device Description NEC uPD720200 USB 3.0 Host Controller
Bus Type PCI Express 2.0 x1
Bus / Device / Function 9 / 0 / 0
Device ID 1033-0194
Subsystem ID 1043-8413
Device Class 0C03 (USB Controller)
Revision 04
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ NEC uPD720200 USB 3.0 Host Controller ]
Device Properties:
Device Description NEC uPD720200 USB 3.0 Host Controller
Bus Type PCI Express 2.0 x1
Bus / Device / Function 10 / 0 / 0
Device ID 1033-0194
Subsystem ID 1043-8413
Device Class 0C03 (USB Controller)
Revision 04
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 3 / 0 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 4 / 0 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 4 / 5 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 4 / 7 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
[ PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch ]
Device Properties:
Device Description PLX Technology ExpressLane PEX 8608 8-Lane 8-Port PCI Express 2.0 Switch
Bus Type PCI
Bus / Device / Function 4 / 9 / 0
Device ID 10B5-8608
Subsystem ID 0000-0000
Device Class 0604 (PCI/PCI Bridge)
Revision BA
Fast Back-to-Back Transactions Not Supported
Device Features:
66 MHz Operation Not Supported
Bus Mastering Enabled
USB Devices
[ Generic USB Hub ]
Device Properties:
Device Description Generic USB Hub
Device ID 8087-0024
Device Class 09 / 00 (Hi-Speed Hub with single TT)
Device Protocol 01
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ Renesas Electronics USB 3.0 Hub (4-Port USB 3.0 Hub) ]
Device Properties:
Device Description Renesas Electronics USB 3.0 Hub
Device ID 2109-0810
Device Class 09 / 00 (Hub)
Device Protocol 03
Manufacturer VIA Labs, Inc.
Product 4-Port USB 3.0 Hub
Supported USB Version 3.00
Current Speed Super (USB 3.0)
[ Generic USB Hub ]
Device Properties:
Device Description Generic USB Hub
Device ID 8087-0024
Device Class 09 / 00 (Hi-Speed Hub with single TT)
Device Protocol 01
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ Generic USB Hub (USB2.0 Hub) ]
Device Properties:
Device Description Generic USB Hub
Device ID 2109-3431
Device Class 09 / 00 (Hi-Speed Hub with single TT)
Device Protocol 01
Product USB2.0 Hub
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ Generic USB Hub ]
Device Properties:
Device Description Generic USB Hub
Device ID 0409-005A
Device Class 09 / 00 (Hi-Speed Hub with single TT)
Device Protocol 01
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ USB Composite Device (Merc Stealth) ]
Device Properties:
Device Description USB Composite Device
Device ID 1038-0510
Device Class 03 / 01 (Human Interface Device)
Device Protocol 01
Manufacturer Ideazon
Product Merc Stealth
Supported USB Version 2.00
Current Speed Low (USB 1.1)
[ USB Composite Device (G9x Laser Mouse) ]
Device Properties:
Device Description USB Composite Device
Device ID 046D-C066
Device Class 03 / 01 (Human Interface Device)
Device Protocol 02
Manufacturer Logitech
Product G9x Laser Mouse
Serial Number A4970EE7470018
Supported USB Version 2.00
Current Speed Full (USB 1.1)
[ Xbox 360 Wireless Receiver for Windows (Xbox 360 Wireless Receiver for Windows) ]
Device Properties:
Device Description Xbox 360 Wireless Receiver for Windows
Device ID 045E-0719
Device Class FF / FF
Device Protocol FF
Manufacturer ©Microsoft
Product Xbox 360 Wireless Receiver for Windows
Serial Number FD8B8BD0
Supported USB Version 2.00
Current Speed Full (USB 1.1)
[ USB Mass Storage Device (Cruzer Blade) ]
Device Properties:
Device Description USB Mass Storage Device
Device ID 0781-5567
Device Class 08 / 06 (Mass Storage)
Device Protocol 50
Manufacturer SanDisk
Product Cruzer Blade
Serial Number 200608766016A263207F
Supported USB Version 2.00
Current Speed High (USB 2.0)
[ Unknown Device ]
Device Properties:
Device Description Unknown Device
Device ID 0000-0000
Device Class 00 / 00
Device Protocol 00
Supported USB Version 0.00
Current Speed Low (USB 1.1)
[ Renesas Electronics USB 3.0 Hub (4-Port USB 3.0 Hub) ]
Device Properties:
Device Description Renesas Electronics USB 3.0 Hub
Device ID 2109-0810
Device Class 09 / 00 (Hub)
Device Protocol 03
Manufacturer VIA Labs, Inc.
Product 4-Port USB 3.0 Hub
Supported USB Version 3.00
Current Speed Super (USB 3.0)
Device Resources
Resource Share Device Description
DMA 04 Exclusive Direct memory access controller
IRQ 00 Exclusive System timer
IRQ 05 Shared Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
IRQ 08 Exclusive System CMOS/real time clock
IRQ 100 Exclusive Microsoft ACPI-Compliant System
IRQ 101 Exclusive Microsoft ACPI-Compliant System
IRQ 102 Exclusive Microsoft ACPI-Compliant System
IRQ 103 Exclusive Microsoft ACPI-Compliant System
IRQ 104 Exclusive Microsoft ACPI-Compliant System
IRQ 105 Exclusive Microsoft ACPI-Compliant System
IRQ 106 Exclusive Microsoft ACPI-Compliant System
IRQ 107 Exclusive Microsoft ACPI-Compliant System
IRQ 108 Exclusive Microsoft ACPI-Compliant System
IRQ 109 Exclusive Microsoft ACPI-Compliant System
IRQ 110 Exclusive Microsoft ACPI-Compliant System
IRQ 111 Exclusive Microsoft ACPI-Compliant System
IRQ 112 Exclusive Microsoft ACPI-Compliant System
IRQ 113 Exclusive Microsoft ACPI-Compliant System
IRQ 114 Exclusive Microsoft ACPI-Compliant System
IRQ 115 Exclusive Microsoft ACPI-Compliant System
IRQ 116 Exclusive Microsoft ACPI-Compliant System
IRQ 117 Exclusive Microsoft ACPI-Compliant System
IRQ 118 Exclusive Microsoft ACPI-Compliant System
IRQ 119 Exclusive Microsoft ACPI-Compliant System
IRQ 120 Exclusive Microsoft ACPI-Compliant System
IRQ 121 Exclusive Microsoft ACPI-Compliant System
IRQ 122 Exclusive Microsoft ACPI-Compliant System
IRQ 123 Exclusive Microsoft ACPI-Compliant System
IRQ 124 Exclusive Microsoft ACPI-Compliant System
IRQ 125 Exclusive Microsoft ACPI-Compliant System
IRQ 126 Exclusive Microsoft ACPI-Compliant System
IRQ 127 Exclusive Microsoft ACPI-Compliant System
IRQ 128 Exclusive Microsoft ACPI-Compliant System
IRQ 129 Exclusive Microsoft ACPI-Compliant System
IRQ 13 Exclusive Numeric data processor
IRQ 130 Exclusive Microsoft ACPI-Compliant System
IRQ 131 Exclusive Microsoft ACPI-Compliant System
IRQ 132 Exclusive Microsoft ACPI-Compliant System
IRQ 133 Exclusive Microsoft ACPI-Compliant System
IRQ 134 Exclusive Microsoft ACPI-Compliant System
IRQ 135 Exclusive Microsoft ACPI-Compliant System
IRQ 136 Exclusive Microsoft ACPI-Compliant System
IRQ 137 Exclusive Microsoft ACPI-Compliant System
IRQ 138 Exclusive Microsoft ACPI-Compliant System
IRQ 139 Exclusive Microsoft ACPI-Compliant System
IRQ 140 Exclusive Microsoft ACPI-Compliant System
IRQ 141 Exclusive Microsoft ACPI-Compliant System
IRQ 142 Exclusive Microsoft ACPI-Compliant System
IRQ 143 Exclusive Microsoft ACPI-Compliant System
IRQ 144 Exclusive Microsoft ACPI-Compliant System
IRQ 145 Exclusive Microsoft ACPI-Compliant System
IRQ 146 Exclusive Microsoft ACPI-Compliant System
IRQ 147 Exclusive Microsoft ACPI-Compliant System
IRQ 148 Exclusive Microsoft ACPI-Compliant System
IRQ 149 Exclusive Microsoft ACPI-Compliant System
IRQ 150 Exclusive Microsoft ACPI-Compliant System
IRQ 151 Exclusive Microsoft ACPI-Compliant System
IRQ 152 Exclusive Microsoft ACPI-Compliant System
IRQ 153 Exclusive Microsoft ACPI-Compliant System
IRQ 154 Exclusive Microsoft ACPI-Compliant System
IRQ 155 Exclusive Microsoft ACPI-Compliant System
IRQ 156 Exclusive Microsoft ACPI-Compliant System
IRQ 157 Exclusive Microsoft ACPI-Compliant System
IRQ 158 Exclusive Microsoft ACPI-Compliant System
IRQ 159 Exclusive Microsoft ACPI-Compliant System
IRQ 16 Shared 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
IRQ 16 Shared 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
IRQ 16 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
IRQ 16 Shared PCI standard PCI-to-PCI bridge
IRQ 16 Shared PCI standard PCI-to-PCI bridge
IRQ 16 Shared Standard AHCI 1.0 Serial ATA Controller
IRQ 160 Exclusive Microsoft ACPI-Compliant System
IRQ 161 Exclusive Microsoft ACPI-Compliant System
IRQ 162 Exclusive Microsoft ACPI-Compliant System
IRQ 163 Exclusive Microsoft ACPI-Compliant System
IRQ 164 Exclusive Microsoft ACPI-Compliant System
IRQ 165 Exclusive Microsoft ACPI-Compliant System
IRQ 166 Exclusive Microsoft ACPI-Compliant System
IRQ 167 Exclusive Microsoft ACPI-Compliant System
IRQ 168 Exclusive Microsoft ACPI-Compliant System
IRQ 169 Exclusive Microsoft ACPI-Compliant System
IRQ 17 Shared High Definition Audio Controller
IRQ 17 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
IRQ 17 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
IRQ 17 Shared PCI standard PCI-to-PCI bridge
IRQ 17 Shared PCI standard PCI-to-PCI bridge
IRQ 170 Exclusive Microsoft ACPI-Compliant System
IRQ 171 Exclusive Microsoft ACPI-Compliant System
IRQ 172 Exclusive Microsoft ACPI-Compliant System
IRQ 173 Exclusive Microsoft ACPI-Compliant System
IRQ 174 Exclusive Microsoft ACPI-Compliant System
IRQ 175 Exclusive Microsoft ACPI-Compliant System
IRQ 176 Exclusive Microsoft ACPI-Compliant System
IRQ 177 Exclusive Microsoft ACPI-Compliant System
IRQ 178 Exclusive Microsoft ACPI-Compliant System
IRQ 179 Exclusive Microsoft ACPI-Compliant System
IRQ 18 Shared High Definition Audio Controller
IRQ 18 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
IRQ 18 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
IRQ 180 Exclusive Microsoft ACPI-Compliant System
IRQ 181 Exclusive Microsoft ACPI-Compliant System
IRQ 182 Exclusive Microsoft ACPI-Compliant System
IRQ 183 Exclusive Microsoft ACPI-Compliant System
IRQ 184 Exclusive Microsoft ACPI-Compliant System
IRQ 185 Exclusive Microsoft ACPI-Compliant System
IRQ 186 Exclusive Microsoft ACPI-Compliant System
IRQ 187 Exclusive Microsoft ACPI-Compliant System
IRQ 188 Exclusive Microsoft ACPI-Compliant System
IRQ 189 Exclusive Microsoft ACPI-Compliant System
IRQ 19 Shared Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
IRQ 19 Shared PCI standard PCI-to-PCI bridge
IRQ 19 Shared Standard Dual Channel PCI IDE Controller
IRQ 190 Exclusive Microsoft ACPI-Compliant System
IRQ 20 Shared Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
IRQ 21 Shared Intel(R) Management Engine Interface
IRQ 22 Shared High Definition Audio Controller
IRQ 23 Shared Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
IRQ 23 Shared Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
IRQ 65536 Exclusive Intel(R) 82579V Gigabit Network Connection #2
IRQ 65536 Exclusive Intel(R) 82583V Gigabit Network Connection
IRQ 65536 Exclusive AMD Radeon HD 6900 Series
IRQ 65536 Exclusive AMD Radeon HD 6900 Series
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 65536 Exclusive Renesas Electronics USB 3.0 Host Controller
IRQ 81 Exclusive Microsoft ACPI-Compliant System
IRQ 82 Exclusive Microsoft ACPI-Compliant System
IRQ 83 Exclusive Microsoft ACPI-Compliant System
IRQ 84 Exclusive Microsoft ACPI-Compliant System
IRQ 85 Exclusive Microsoft ACPI-Compliant System
IRQ 86 Exclusive Microsoft ACPI-Compliant System
IRQ 87 Exclusive Microsoft ACPI-Compliant System
IRQ 88 Exclusive Microsoft ACPI-Compliant System
IRQ 89 Exclusive Microsoft ACPI-Compliant System
IRQ 90 Exclusive Microsoft ACPI-Compliant System
IRQ 91 Exclusive Microsoft ACPI-Compliant System
IRQ 92 Exclusive Microsoft ACPI-Compliant System
IRQ 93 Exclusive Microsoft ACPI-Compliant System
IRQ 94 Exclusive Microsoft ACPI-Compliant System
IRQ 95 Exclusive Microsoft ACPI-Compliant System
IRQ 96 Exclusive Microsoft ACPI-Compliant System
IRQ 97 Exclusive Microsoft ACPI-Compliant System
IRQ 98 Exclusive Microsoft ACPI-Compliant System
IRQ 99 Exclusive Microsoft ACPI-Compliant System
Memory 000A0000-000BFFFF Shared AMD Radeon HD 6900 Series
Memory 000A0000-000BFFFF Shared PCI bus
Memory 000A0000-000BFFFF Undetermined 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Memory 000C8000-000DFFFF Shared PCI bus
Memory C0000000-CFFFFFFF Exclusive AMD Radeon HD 6900 Series
Memory C0000000-CFFFFFFF Exclusive 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
Memory C0000000-FFFFFFFF Shared PCI bus
Memory D0000000-DFFFFFFF Exclusive AMD Radeon HD 6900 Series
Memory D0000000-DFFFFFFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Memory E0000000-E3FFFFFF Exclusive System board
Memory FB700000-FB71FFFF Exclusive Intel(R) 82583V Gigabit Network Connection
Memory FB700000-FB7FFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
Memory FB720000-FB723FFF Exclusive Intel(R) 82583V Gigabit Network Connection
Memory FB800000-FB8FFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
Memory FB810000-FB8101FF Exclusive Standard AHCI 1.0 Serial ATA Controller
Memory FB900000-FB9FFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Memory FB910000-FB9101FF Exclusive Standard Dual Channel PCI IDE Controller
Memory FBA00000-FBA01FFF Exclusive Renesas Electronics USB 3.0 Host Controller
Memory FBA00000-FBAFFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
Memory FBB00000-FBB01FFF Exclusive Renesas Electronics USB 3.0 Host Controller
Memory FBB00000-FBBFFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Memory FBC00000-FBC1FFFF Exclusive PCI standard PCI-to-PCI bridge
Memory FBC00000-FBCFFFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Memory FBD00000-FBDFFFFF Exclusive 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
Memory FBD40000-FBD43FFF Exclusive High Definition Audio Controller
Memory FBDE0000-FBDFFFFF Exclusive AMD Radeon HD 6900 Series
Memory FBE00000-FBEFFFFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Memory FBE20000-FBE3FFFF Exclusive AMD Radeon HD 6900 Series
Memory FBE40000-FBE43FFF Exclusive High Definition Audio Controller
Memory FBF00000-FBF1FFFF Exclusive Intel(R) 82579V Gigabit Network Connection #2
Memory FBF20000-FBF23FFF Exclusive High Definition Audio Controller
Memory FBF24000-FBF240FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Memory FBF25000-FBF257FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Memory FBF26000-FBF263FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Memory FBF27000-FBF273FF Exclusive Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Memory FBF28000-FBF28FFF Exclusive Intel(R) 82579V Gigabit Network Connection #2
Memory FBF29000-FBF2900F Exclusive Intel(R) Management Engine Interface
Memory FEC00000-FECFFFFF Exclusive System board
Memory FED00000-FED003FF Exclusive High precision event timer
Memory FED08000-FED08FFF Exclusive System board
Memory FED10000-FED19FFF Exclusive System board
Memory FED1C000-FED1FFFF Exclusive System board
Memory FED20000-FED3FFFF Exclusive System board
Memory FED90000-FED93FFF Exclusive System board
Memory FEE00000-FEE0FFFF Exclusive System board
Memory FF000000-FFFFFFFF Exclusive System board
Port 0000-000F Exclusive Direct memory access controller
Port 0000-0CF7 Shared PCI bus
Port 0010-001F Exclusive Motherboard resources
Port 0020-0021 Exclusive Programmable interrupt controller
Port 0022-003F Exclusive Motherboard resources
Port 0040-0043 Exclusive System timer
Port 0044-005F Exclusive Motherboard resources
Port 0061-0061 Exclusive System speaker
Port 0062-0062 Exclusive Microsoft ACPI-Compliant Embedded Controller
Port 0063-0063 Exclusive Motherboard resources
Port 0065-0065 Exclusive Motherboard resources
Port 0066-0066 Exclusive Microsoft ACPI-Compliant Embedded Controller
Port 0067-006F Exclusive Motherboard resources
Port 0070-0071 Exclusive System CMOS/real time clock
Port 0072-007F Exclusive Motherboard resources
Port 0080-0080 Exclusive Motherboard resources
Port 0081-0083 Exclusive Direct memory access controller
Port 0084-0086 Exclusive Motherboard resources
Port 0087-0087 Exclusive Direct memory access controller
Port 0088-0088 Exclusive Motherboard resources
Port 0089-008B Exclusive Direct memory access controller
Port 008C-008E Exclusive Motherboard resources
Port 008F-008F Exclusive Direct memory access controller
Port 0090-009F Exclusive Motherboard resources
Port 00A0-00A1 Exclusive Programmable interrupt controller
Port 00A2-00BF Exclusive Motherboard resources
Port 00C0-00DF Exclusive Direct memory access controller
Port 00E0-00EF Exclusive Motherboard resources
Port 00F0-00FF Exclusive Numeric data processor
Port 0290-029F Exclusive Motherboard resources
Port 03B0-03BB Shared AMD Radeon HD 6900 Series
Port 03B0-03BB Undetermined 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Port 03C0-03DF Shared AMD Radeon HD 6900 Series
Port 03C0-03DF Undetermined 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Port 0400-0453 Exclusive System board
Port 0454-0457 Exclusive Intel(R) Watchdog Timer Driver (Intel(R) WDT)
Port 0458-047F Exclusive System board
Port 04D0-04D1 Exclusive Motherboard resources
Port 0500-057F Exclusive System board
Port 0D00-FFFF Shared PCI bus
Port 1180-119F Exclusive Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Port 1180-119F Exclusive System board
Port A000-AFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 7 - 1C1C
Port B000-B00F Exclusive Standard AHCI 1.0 Serial ATA Controller
Port B000-BFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
Port B010-B013 Exclusive Standard AHCI 1.0 Serial ATA Controller
Port B020-B027 Exclusive Standard AHCI 1.0 Serial ATA Controller
Port B030-B033 Exclusive Standard AHCI 1.0 Serial ATA Controller
Port B040-B047 Exclusive Standard AHCI 1.0 Serial ATA Controller
Port C000-C00F Exclusive Standard Dual Channel PCI IDE Controller
Port C000-CFFF Exclusive Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Port C010-C013 Exclusive Standard Dual Channel PCI IDE Controller
Port C020-C027 Exclusive Standard Dual Channel PCI IDE Controller
Port C030-C033 Exclusive Standard Dual Channel PCI IDE Controller
Port C040-C047 Exclusive Standard Dual Channel PCI IDE Controller
Port D000-DFFF Exclusive 2nd generation Intel® Core™ processor family PCI Express Controller - 0105
Port DF00-DFFF Exclusive AMD Radeon HD 6900 Series
Port E000-E0FF Exclusive AMD Radeon HD 6900 Series
Port E000-EFFF Exclusive 2nd generation Intel(R) Core(TM) processor family PCI Express Controller - 0101
Port F020-F03F Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Port F060-F063 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Port F070-F077 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Port F080-F083 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Port F090-F097 Exclusive Intel(R) 6 Series/C200 Series Chipset Family 6 Port SATA AHCI Controller - 1C02
Input
[ HID Keyboard Device ]
Keyboard Properties:
Keyboard Name HID Keyboard Device
Keyboard Type IBM enhanced (101- or 102-key) keyboard
Keyboard Layout United Kingdom
ANSI Code Page 1252 - @%SystemRoot%\system32\mlang.dll,-4612
OEM Code Page 850
Repeat Delay 1
Repeat Rate 31
[ HID-compliant mouse ]
Mouse Properties:
Mouse Name HID-compliant mouse
Mouse Buttons 16
Mouse Hand Right
Pointer Speed 1
Double-Click Time 500 msec
X/Y Threshold 6 / 10
Wheel Scroll Lines 3
Mouse Features:
Active Window Tracking Disabled
ClickLock Disabled
Hide Pointer While Typing Enabled
Mouse Wheel Present
Move Pointer To Default Button Disabled
Pointer Trails Disabled
Sonar Disabled
Printers
[ Fax ]
Printer Properties:
Printer Name Fax
Default Printer No
Share Point Not shared
Printer Port SHRFAX:
Printer Driver Microsoft Shared Fax Driver (v4.00)
Device Name Fax
Print Processor winprint
Separator Page None
Availability Always
Priority 1
Print Jobs Queued 0
Status Unknown
Paper Properties:
Paper Size Letter, 8.5 x 11 in
Orientation Portrait
Print Quality 200 x 200 dpi Mono
[ Microsoft XPS Document Writer (Default) ]
Printer Properties:
Printer Name Microsoft XPS Document Writer
Default Printer Yes
Share Point Not shared
Printer Port XPSPort:
Printer Driver Microsoft XPS Document Writer (v6.00)
Device Name Microsoft XPS Document Writer
Print Processor winprint
Separator Page None
Availability Always
Priority 1
Print Jobs Queued 0
Status Unknown
Paper Properties:
Paper Size A4, 210 x 297 mm
Orientation Portrait
Print Quality 600 x 600 dpi Color
Auto Start
Application Description Start From Application Command
ASUS Ai Charger Registry\Common\Run C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
ASUS ShellProcess Execute Registry\Common\Run C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
AthBtTray Registry\Common\Run C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
AtherosBtStack Registry\Common\Run C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
KiesHelper Registry\User\Run C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
KiesPDLR Registry\User\Run C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
KiesTrayAgent Registry\User\Run C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
NUSB3MON Registry\Common\Run C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
RtHDVCpl Registry\Common\Run C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
StartCCC Registry\Common\Run C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
Steam Registry\User\Run C:\Program Files (x86)\Steam\Steam.exe -silent
Installed Programs
Program Version Inst. Size
µTorrent 2.2.1 Unknown
3DMark Vantage [english] 1.0.3.1 Unknown
Adobe [ TRIAL VERSION ] 10.0.42.34 Unknown
Adobe [ TRIAL VERSION ] 10.3.181.14 Unknown
AI Sui [ TRIAL VERSION ] 1.01.13 Unknown
AIDA64 [ TRIAL VERSION ] 1.70 Unknown
AMD Dr [ TRIAL VERSION ] 2.00.0000 Unknown
Applic [ TRIAL VERSION ] 2.0.4177.33916 Unknown
ASUS A [ TRIAL VERSION ] 1.00.09 Unknown
ASUS P [ TRIAL VERSION ] 1.1.2 Unknown
ASUS S [ TRIAL VERSION ] 5.74 Unknown
ATI AV [ TRIAL VERSION ] 11.6.0.10525 Unknown
ATI Ca [ TRIAL VERSION ] 3.0.825.0 Unknown
Battle [ TRIAL VERSION ] Unknown
Blueto [ TRIAL VERSION ] 7.2.0.40 Unknown
BS.Pla [ TRIAL VERSION ] 2.58.1053 Unknown
Burnou [ TRIAL VERSION ] Unknown
Call o [ TRIAL VERSION ] Unknown
Cataly [ TRIAL VERSION ] 1.00.0000 Unknown
Cataly [ TRIAL VERSION ] 2011.0525.11.41627 Unknown
Cataly [ TRIAL VERSION ] 2011.0525.11.41627 Unknown
Cataly [ TRIAL VERSION ] 2011.0525.11.41627 Unknown
Cataly [ TRIAL VERSION ] 2011.0525.11.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
CCC He [ TRIAL VERSION ] 2011.0525.0010.41627 Unknown
ccc-utility64 2011.0525.11.41627 Unknown
CPUID [ TRIAL VERSION ] Unknown
Crysis [ TRIAL VERSION ] 1.0.0.0 Unknown
DiRT 3 Unknown
Far Cry 2 Unknown
Fraps (remove only) Unknown
Futuremark SystemInfo [english] 3.21.2.1 Unknown
HydraVision 4.2.200.0 Unknown
Intel(R) Control Center 1.2.1.1007 Unknown
Intel(R) Management Engine Components 7.0.0.1118 Unknown
Intel(R) Network Connections 15.6.25.0 15.6.25.0 Unknown
Intel(R) Network Connections 15.6.25.0 15.6.25.0 Unknown
Intel® Watchdog Timer Driver (Intel® WDT) Unknown
Just Cause 2 Unknown
Left 4 Dead 2 Unknown
Left 4 Dead Unknown
Microsoft .NET Framework 4 Client Profile 4.0.30319 Unknown
Microsoft .NET Framework 4 Client Profile 4.0.30319 Unknown
Microsoft Games for Windows - LIVE Redistributable 3.5.88.0 Unknown
Microsoft Games for Windows Marketplace 3.5.50.0 Unknown
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 8.0.50727.4053 Unknown
Microsoft Visual C++ 2005 Redistributable 8.0.56336 Unknown
Microsoft Visual C++ 2005 Redistributable 8.0.59193 Unknown
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 9.0.30729.4148 Unknown
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 9.0.30729.5570 Unknown
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 Unknown
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 10.0.30319 Unknown
Mozilla Firefox 4.0.1 (x86 en-GB) 4.0.1 Unknown
MSI Afterburner 2.2.0 Beta 3 2.2.0 Beta 3 Unknown
MyFreeCodec Unknown
MyFreeCodec Unknown
Nightsky Unknown
NVIDIA PhysX 9.10.0513 Unknown
OpenAL Unknown
PunkBuster Services Unknown
RadeonPro 1.0 (Build 1.1.0.6) Unknown
Rapture3D 2.4.8 Game Unknown
Realtek High Definition Audio Driver [english] 6.0.1.6235 Unknown
Renesas Electronics USB 3.0 Host Controller Driver 2.0.32.0 Unknown
S.T.A.L.K.E.R.: Shadow of Chernobyl Unknown
Samsung Kies 2.0.0.11044_11 Unknown
SAMSUNG USB Driver for Mobile Phones 1.3.2300.0 Unknown
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) 1 Unknown
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 1 Unknown
SHIFT 2 UNLEASHED™ 1.0.1.0 Unknown
Steam 1.0.0.0 Unknown
Test Drive Unlimited 2 Unknown
UltraI [ TRIAL VERSION ] Unknown
Update [ TRIAL VERSION ] 1 Unknown
Window [ TRIAL VERSION ] 6.500.3165.0 Unknown
WinRAR [ TRIAL VERSION ] 4.01.0 Unknown
WMV9/V [ TRIAL VERSION ] 1.0.60525.0013 Unknown
Licenses
Software Product Key
Futuremark 3DMark Vantage 1.0.3.1 3DMVA-25DTB-F4ZZ4-PAHMN-NJ7FZ-J3KXP-KFALJ-C25QP
Microsoft Internet Explorer 8.0.7601.17514 342DG- [ TRIAL VERSION ]
Microsoft Windows 7 Ultimate 342DG- [ TRIAL VERSION ]
File Types
Extension File Type Description Content Type
386 Virtual Device Driver
3G2 3GPP2 Audio/Video video/3gpp2
3GP 3GPP Audio/Video video/3gpp
3GP2 3GPP2 Audio/Video video/3gpp2
3GPP 3GPP Audio/Video video/3gpp
7Z WinRAR archive
AAC ADTS Audio audio/vnd.dlna.adts
ACE WinRAR archive
ADT ADTS Audio audio/vnd.dlna.adts
ADTS ADTS Audio audio/vnd.dlna.adts
AIF AIFF Format Sound audio/aiff
AIFC AIFF Format Sound audio/aiff
AIFF AIFF Format Sound audio/aiff
ANI Animated Cursor
APPLICATION Application Manifest application/x-ms-application
APPREF-MS Application Reference
ARJ WinRAR archive
ASA ASA File
ASF Windows Media Audio/Video file video/x-ms-asf
ASP ASP File
ASX Windows Media Audio/Video playlist video/x-ms-asf
AU AU Format Sound audio/basic
AVI Video Clip video/avi
BAT Windows Batch File
BIN BIN File
BLG Performance Monitor File
BMP Bitmap Image image/bmp
BSP BSP File
BZ WinRAR archive
BZ2 WinRAR archive
C2R C2R File
CAB WinRAR archive
CAMP WCS Viewing Condition Profile
CAT Security Catalog application/vnd.ms-pki.seccat
CDA CD Audio Track
CDMP WCS Device Profile
CDX CDX File
CER Security Certificate application/x-x509-ca-cert
CHESSTITANSSAVE-MS .ChessTitansSave-ms
CHK Recovered File Fragments
CHM Compiled HTML Help file
CMD Windows Command Script
COM MS-DOS Application
COMFYCAKESSAVE-MS .ComfyCakesSave-ms
COMPOSITEFONT Composite Font File
CONTACT Contact File text/x-ms-contact
CPL Control Panel Item
CRD Information Card
CRDS Information Card Store
CRL Certificate Revocation List application/pkix-crl
CRT Security Certificate application/x-x509-ca-cert
CSS Cascading Style Sheet Document text/css
CUR Cursor
DB Data Base File
DEM DEM File
DER Security Certificate application/x-x509-ca-cert
DESKLINK Desktop Shortcut
DIAGCAB Diagnostic Cabinet
DIAGCFG Diagnostic Configuration
DIAGPKG Diagnostic Document
DIB Bitmap Image image/bmp
DLL Application Extension application/x-msdownload
DOCX OOXML Text Document
DRV Device Driver
DSN Microsoft OLE DB Provider for ODBC Drivers
DVR Microsoft Recorded TV Show
DVR-MS Microsoft Recorded TV Show
DWFX XPS Document model/vnd.dwfx+xps
EASMX XPS Document model/vnd.easmx+xps
EDRWX XPS Document model/vnd.edrwx+xps
EMF EMF File
EPRTX XPS Document model/vnd.eprtx+xps
EVT EVT File
EVTX EVTX File
EXE Application application/x-msdownload
FON Font file
FREECELLSAVE-MS .FreeCellSave-ms
GADGET Windows Gadget
GIF GIF Image image/gif
GMMP WCS Gamut Mapping Profile
GROUP Contact Group File text/x-ms-group
GRP Microsoft Program Group
GZ WinRAR archive
H1C Windows Help Collection Definition File
H1D Windows Help Validator File
H1F Windows Help Include File
H1H Windows Help Merged Hierarchy
H1K Windows Help Index File
H1Q Windows Help Merged Query Index
H1S Compiled Windows Help file
H1T Windows Help Table of Contents File
H1V Windows Help Virtual Topic Definition File
H1W Windows Help Merged Keyword Index
HEARTSSAVE-MS .HeartsSave-ms
HLP Help File
HTA HTML Application application/hta
HTM HTML Document text/html
HTML HTML Document text/html
ICC ICC Profile
ICL Icon Library
ICM ICC Profile
ICO Icon image/x-icon
IMG Disc Image File
INF Setup Information
INI Configuration Settings
ISO UltraISO File
ISZ UltraISO File
JAR WinRAR archive
JFIF JPEG Image image/jpeg
JNT Journal Document
JOB Task Scheduler Task Object
JOD Microsoft.Jet.OLEDB.4.0
JPE JPEG Image image/jpeg
JPEG JPEG Image image/jpeg
JPG JPEG Image image/jpeg
JS JScript Script File
JSE JScript Encoded File
JTP Journal Template
JTX XPS Document application/x-jtx+xps
LABEL Property List
LHA WinRAR archive
LIBRARY-MS Library Folder application/windows-library+xml
LNK Shortcut
LOG Text Document
LZH WinRAR archive
M1V Movie Clip video/mpeg
M2T AVCHD Video video/vnd.dlna.mpeg-tts
M2TS AVCHD Video video/vnd.dlna.mpeg-tts
M2V Movie Clip video/mpeg
M3U M3U file audio/x-mpegurl
M4A MPEG-4 Audio audio/mp4
M4V MP4 Video video/mp4
MAHJONGTITANSSAVE-MS .MahjongTitansSave-ms
MAPIMAIL Mail Service
MCL MCL File
MFP Macromedia Flash Paper application/x-shockwave-flash
MHT MHTML Document message/rfc822
MHTML MHTML Document message/rfc822
MID MIDI Sequence audio/mid
MIDI MIDI Sequence audio/mid
MIG Migration Store
MINESWEEPERSAVE-MS .MinesweeperSave-ms
MLC Language Pack File_
MOD Movie Clip video/mpeg
MOV QuickTime Movie video/quicktime
MP2 MP3 Format Sound audio/mpeg
MP2V Movie Clip video/mpeg
MP3 MP3 Format Sound audio/mpeg
MP4 MP4 Video video/mp4
MP4V MP4 Video video/mp4
MPA Movie Clip video/mpeg
MPE Movie Clip video/mpeg
MPEG Movie Clip video/mpeg
MPG Movie Clip video/mpeg
MPV2 Movie Clip video/mpeg
MSC Microsoft Common Console Document
MSDVD MSDVD File
MSI Windows Installer Package
MSP Windows Installer Patch
MSRCINCIDENT Windows Remote Assistance Invitation
MSSTYLES Windows Visual Style File
MSU Microsoft Update Standalone Package
MTS AVCHD Video video/vnd.dlna.mpeg-tts
MYDOCS MyDocs Drop Target
NFO MSInfo Configuration File
OCX ActiveX control
ODT ODT File
OSDX OpenSearch Description File application/opensearchdescription+xml
OTF OpenType Font file
P10 Certificate Request application/pkcs10
P12 Personal Information Exchange application/x-pkcs12
P7B PKCS #7 Certificates application/x-pkcs7-certificates
P7C Digital ID File application/pkcs7-mime
P7M PKCS #7 MIME Message application/pkcs7-mime
P7R Certificate Request Response application/x-pkcs7-certreqresp
P7S PKCS #7 Signature application/pkcs7-signature
PBK Dial-Up Phonebook
PERFMONCFG Performance Monitor Configuration
PFM Type 1 Font file
PFX Personal Information Exchange application/x-pkcs12
PIF Shortcut to MS-DOS Program
PKO Public Key Security Object application/vnd.ms-pki.pko
PNF Precompiled Setup Information
PNG PNG Image image/png
PRF PICS Rules File application/pics-rules
PRINTEREXPORT Printer Migration File
PS1 PS1 File
PS1XML PS1XML File
PSC1 PSC1 File application/PowerShell
PSD1 PSD1 File
PSM1 PSM1 File
PURBLEPAIRSSAVE-MS .PurblePairsSave-ms
PURBLESHOPSAVE-MS .PurbleShopSave-ms
QDS Directory Query
R00 WinRAR archive
R01 WinRAR archive
R02 WinRAR archive
R03 WinRAR archive
R04 WinRAR archive
R05 WinRAR archive
R06 WinRAR archive
R07 WinRAR archive
R08 WinRAR archive
R09 WinRAR archive
R10 WinRAR archive
R11 WinRAR archive
R12 WinRAR archive
R13 WinRAR archive
R14 WinRAR archive
R15 WinRAR archive
R16 WinRAR archive
R17 WinRAR archive
R18 WinRAR archive
R19 WinRAR archive
R20 WinRAR archive
R21 WinRAR archive
R22 WinRAR archive
R23 WinRAR archive
R24 WinRAR archive
R25 WinRAR archive
R26 WinRAR archive
R27 WinRAR archive
R28 WinRAR archive
R29 WinRAR archive
RAR WinRAR archive
RAT Rating System File application/rat-file
RDP Remote Desktop Connection
REG Registration Entries
RESMONCFG Resource Monitor Configuration
REV RAR recovery volume
RLE RLE File
RLL Application Extension
RMI MIDI Sequence audio/mid
RTF Rich Text Document
SAV SAV File
SCF Windows Explorer Command
SCP Text Document
SCR Screen saver
SCT Windows Script Component text/scriptlet
SEARCHCONNECTOR-MS Search Connector Folder application/windows-search-connector+xml
SEARCH-MS Saved Search
SFCACHE ReadyBoost Cache File
SHTML SHTML File text/html
SLUPKG-MS XrML Digital License Package application/x-ms-license
SND AU Format Sound audio/basic
SOLITAIRESAVE-MS .SolitaireSave-ms
SPC PKCS #7 Certificates application/x-pkcs7-certificates
SPIDERSOLITAIRESAVE-MS .SpiderSolitaireSave-ms
SPL Shockwave Flash Object application/futuresplash
SST Microsoft Serialized Certificate Store application/vnd.ms-pki.certstore
STL Certificate Trust List application/vnd.ms-pki.stl
SWF Shockwave Flash Object application/x-shockwave-flash
SYS System file
TAR WinRAR archive
TAZ WinRAR archive
TBZ WinRAR archive
TBZ2 WinRAR archive
TGZ WinRAR archive
THEME Windows Theme File
THEMEPACK Windows Theme Pack
TIF TIF File image/tiff
TIFF TIFF File image/tiff
TS MPEG-2 TS Video video/vnd.dlna.mpeg-tts
TTC TrueType Collection Font file
TTF TrueType Font file
TTS MPEG-2 TS Video video/vnd.dlna.mpeg-tts
TXT Text Document text/plain
UDL Microsoft Data Link
UI UltraISO File
URL URL File
UU WinRAR archive
UUE WinRAR archive
VBE VBScript Encoded File
VBS VBScript Script File
VCF vCard File text/x-vcard
VPK Source Game Add-on
VXD Virtual Device Driver
WAB Address Book File
WAV Wave Sound audio/wav
WAX Windows Media Audio shortcut audio/x-ms-wax
WBCAT Windows Backup Catalog File
WCX Workspace Configuration File
WDP Windows Media Photo image/vnd.ms-photo
WEBPNP Web Point And Print File
WM Windows Media Audio/Video file video/x-ms-wm
WMA Windows Media Audio file audio/x-ms-wma
WMD Windows Media Player Download Package application/x-ms-wmd
WMDB Windows Media Library
WMF WMF File
WMS Windows Media Player Skin File
WMV Windows Media Audio/Video file video/x-ms-wmv
WMX Windows Media Audio/Video playlist video/x-ms-wmx
WMZ Windows Media Player Skin Package application/x-ms-wmz
WPL Windows Media playlist application/vnd.ms-wpl
WSC Windows Script Component text/scriptlet
WSF Windows Script File
WSH Windows Script Host Settings File
WTV Windows Recorded TV Show
WTX Text Document
WVX Windows Media Audio/Video playlist video/x-ms-wvx
XAML Windows Markup File application/xaml+xml
XBAP XAML Browser Application application/x-ms-xbap
XHT XHT File application/xhtml+xml
XHTML XHTML File application/xhtml+xml
XML XML Document text/xml
XPS XPS Document application/vnd.ms-xpsdocument
XRM-MS XrML Digital License text/xml
XSL XSL Stylesheet text/xml
XXE WinRAR archive
Z WinRAR archive
ZFSENDTOTARGET Compressed (zipped) Folder SendTo Target
ZIP WinRAR ZIP archive
Sidebar Gadgets
[ Calendar ]
Gadget Properties:
Name Calendar
Description Browse the days of the calendar.
Version 1.1.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML Calendar.Gadget\en-US\gadget.xml
[ Clock ]
Gadget Properties:
Name Clock
Description Watch the clock in your own time zone or any city in the world.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML Clock.Gadget\en-US\gadget.xml
[ CPU Meter ]
Gadget Properties:
Name CPU Meter
Description See the current computer CPU and system memory (RAM).
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML CPU.Gadget\en-US\gadget.xml
[ Currency ]
Gadget Properties:
Name Currency
Description Convert from one currency to another.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML Currency.Gadget\en-US\gadget.xml
[ Feed Headlines ]
Gadget Properties:
Name Feed Headlines
Description Track the latest news, sports, and entertainment headlines.
Version 1.1.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML RSSFeeds.Gadget\en-US\gadget.xml
[ Picture Puzzle ]
Gadget Properties:
Name Picture Puzzle
Description Move the pieces of the puzzle and try to put them in order.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML PicturePuzzle.Gadget\en-US\gadget.xml
[ Slide Show ]
Gadget Properties:
Name Slide Show
Description Show a continuous slide show of your pictures.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML SlideShow.Gadget\en-US\gadget.xml
[ Weather ]
Gadget Properties:
Name Weather
Description See what the weather looks like around the world.
Version 1.1.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML Weather.Gadget\en-US\gadget.xml
[ Windows Media Center ]
Gadget Properties:
Name Windows Media Center
Description Play your latest TV recordings, new Internet TV clips, and favorite music and pictures.
Version 1.0.0.0
Author Microsoft Corporation
Copyright © 2009
URL http://go.microsoft.com/fwlink/?LinkId=124093
Folder ProgramFiles
XML MediaCenter.Gadget\en-US\gadget.xml
Windows Security
Operating System Properties:
OS Name Microsoft Windows 7 Ultimate
OS Service Pack [ TRIAL VERSION ]
Winlogon Shell explorer.exe
User Account Control (UAC) Disabled
System Restore Enabled
Data Execution Prevention (DEP, NX, EDB):
Supported by Operating System Yes
Supported by CPU Yes
Active (To Protect Applications) Yes
Active (To Protect Drivers) Yes
Windows Update
Update Description Update Type Inst. Date
(Automatic Update) Download:Automatic, Install:Scheduled Every Day 3:00
Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2508272) Update 25/05/2011
Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB980195) Update 12/03/2011
Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2482017) Update 12/03/2011
Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2497640) Update 25/05/2011
Cumulative Update for Media Center for Windows 7 x64-based Systems (KB2284742) Update 12/03/2011
Definition Update for Windows Defender - KB915597 (Definition 1.105.1913.0) Update 14/06/2011
Microsoft .NET Framework 3.5 SP1 Security Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB979916) Update 12/03/2011
Microsoft .NET Framework 3.5 SP1 Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB982526) Update 12/03/2011
Microsoft .NET Framework 4 Client Profile for Windows 7 x64-based Systems (KB982670) Update 12/03/2011
Microsoft Browser Choice Screen Update for EEA Users of Windows 7 for x64-based Systems (KB976002) Update 12/03/2011
Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2446709) Update 25/05/2011
Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB983590) Update 12/03/2011
Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2446710) Update 04/06/2011
Security Update for Microsoft .NET Framework 3.5.1, Windows 7, and Windows Server 2008 R2 for x64-based Systems (KB2416471) Update 12/03/2011
Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841) Update 02/04/2011
Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2446708) Update 25/05/2011
Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923) Update 28/05/2011
Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924) Update 28/05/2011
Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2467174) Update 11/06/2011
Security Update for Windows 7 for x64-based Systems (KB2032276) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2079403) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2207566) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2281679) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2286198) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2296011) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2305420) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2347290) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2378111) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2385678) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2387149) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2393802) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2419640) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2423089) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2425227) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2442962) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2475792) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2479628) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2479943) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2483614) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2485376) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB2491683) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2503658) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2506212) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2506223) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2507618) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2508429) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2509553) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2510531) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB2511455) Update 25/05/2011
Security Update for Windows 7 for x64-based Systems (KB972270) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB974571) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB975467) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB975560) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB978542) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB978601) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB978886) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB979309) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB979482) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB979687) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB979688) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB980232) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB982132) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB982214) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB982665) Update 12/03/2011
Security Update for Windows 7 for x64-based Systems (KB982799) Update 12/03/2011
Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2447568) Update 12/03/2011
Update for Rights Management Services Client for Windows 7 for x64-based Systems (KB979099) Update 12/03/2011
Update for Windows (KB971033) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2249857) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2345886) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2387530) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2388210) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2443685) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2454826) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2467023) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2484033) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2487426) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB2492386) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2505438) Update 11/06/2011
Update for Windows 7 for x64-based Systems (KB2506014) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2506928) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2511250) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2515325) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2522422) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2524375) Update 02/04/2011
Update for Windows 7 for x64-based Systems (KB2533552) Update 26/05/2011
Update for Windows 7 for x64-based Systems (KB2534366) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB2541014) Update 25/05/2011
Update for Windows 7 for x64-based Systems (KB974332) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB974431) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB975496) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB976902) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB977074) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB978637) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB979538) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB980408) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB980846) Update 12/03/2011
Update for Windows 7 for x64-based Systems (KB982110) Update 12/03/2011
Windows 7 Service Pack 1 for x64-based Systems (KB976932) Update 03/06/2011
Windows Malicious Software Removal Tool x64 - March 2011 (KB890830) Update 12/03/2011
Firewall
Software Description Software Version Status
Windows Firewall 6.1.7600.16385 Enabled
Anti-Spyware
Software Description Software Version
Microsoft Windows Defender 6.1.7600.16385(win7_rtm.090713-1255)
Regional
Time Zone:
Current Time Zone GMT Daylight Time
Current Time Zone Description (UTC) Dublin, Edinburgh, Lisbon, London
Change To Standard Time Last Sunday of October 02:00:00
Change To Daylight Saving Time Last Sunday of March 01:00:00
Language:
Language Name (Native) English
Language Name (English) English
Language Name (ISO 639) en
Country/Region:
Country Name (Native) United Kingdom
Country Name (English) United Kingdom
Country Name (ISO 3166) GB
Country Code 44
Currency:
Currency Name (Native) Pound Sterling
Currency Name (English) UK Pound Sterling
Currency Symbol (Native) £
Currency Symbol (ISO 4217) GBP
Currency Format £123,456,789.00
Negative Currency Format -£123,456,789.00
Formatting:
Time Format HH:mm:ss
Short Date Format dd/MM/yyyy
Long Date Format dd MMMM yyyy
Number Format 123,456,789.00
Negative Number Format -123,456,789.00
List Format first, second, third
Native Digits 0123456789
Days of Week:
Native Name for Monday Monday / Mon
Native Name for Tuesday Tuesday / Tue
Native Name for Wednesday Wednesday / Wed
Native Name for Thursday Thursday / Thu
Native Name for Friday Friday / Fri
Native Name for Saturday Saturday / Sat
Native Name for Sunday Sunday / Sun
Months:
Native Name for January January / Jan
Native Name for February February / Feb
Native Name for March March / Mar
Native Name for April April / Apr
Native Name for May May / May
Native Name for June June / Jun
Native Name for July July / Jul
Native Name for August August / Aug
Native Name for September September / Sep
Native Name for October October / Oct
Native Name for November November / Nov
Native Name for December December / Dec
Miscellaneous:
Calendar Type Gregorian (localized)
Default Paper Size A4
Measurement System Metric
Display Languages:
LCID 0409h (Active) English (United States)
Environment
Variable Value
ALLUSERSPROFILE C:\ProgramData
APPDATA C:\Users\muggz\AppData\Roaming
CommonProgramFiles(x86) C:\Program Files (x86)\Common Files
CommonProgramFiles C:\Program Files (x86)\Common Files
CommonProgramW6432 C:\Program Files\Common Files
COMPUTERNAME MUGGZ-PC
ComSpec C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
HOMEDRIVE C:
HOMEPATH \Users\muggz
LOCALAPPDATA C:\Users\muggz\AppData\Local
LOGONSERVER \\MUGGZ-PC
MOZ_CRASHREPORTER_DATA_DIRECTORY C:\Users\muggz\AppData\Roaming\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE C:\Program Files (x86)\Mozilla Firefox\crashreporter-override.ini
MpConfig_ProductAppDataPath C:\ProgramData\Microsoft\Windows Defender
MpConfig_ProductCodeName AntiSpyware
MpConfig_ProductPath C:\Program Files (x86)\Windows Defender
MpConfig_ProductUserAppDataPath C:\Users\muggz\AppData\Local\Microsoft\Windows Defender
MpConfig_ReportingGUID 99318FA3-8500-4E36-8BDB-EEF4909CDFBD
NUMBER_OF_PROCESSORS 8
OS Windows_NT
Path C:\Program Files (x86)\Mozilla Firefox;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\DMIX;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE x86
PROCESSOR_ARCHITEW6432 AMD64
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
PROCESSOR_LEVEL 6
PROCESSOR_REVISION 2a07
ProgramData C:\ProgramData
ProgramFiles(x86) C:\Program Files (x86)
ProgramFiles C:\Program Files (x86)
ProgramW6432 C:\Program Files
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC C:\Users\Public
SESSIONNAME Console
SystemDrive C:
SystemRoot C:\Windows
TEMP C:\Users\muggz\AppData\Local\Temp
TMP C:\Users\muggz\AppData\Local\Temp
USERDOMAIN muggz-PC
USERNAME muggz
USERPROFILE C:\Users\muggz
windir C:\Windows
Control Panel
Name Comment
Flash Player Manage Flash Player Settings
Recycle Bin
Drive Items Size Items Count Space % Recycle Bin
C: 0 0 ? ?
System Files
[ system.ini ]
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[ win.ini ]
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
3g2=MPEGVideo
3gp=MPEGVideo
3gp2=MPEGVideo
3gpp=MPEGVideo
aac=MPEGVideo
adt=MPEGVideo
adts=MPEGVideo
m2t=MPEGVideo
m2ts=MPEGVideo
m2v=MPEGVideo
m4a=MPEGVideo
m4v=MPEGVideo
mod=MPEGVideo
mov=MPEGVideo
mp4=MPEGVideo
mp4v=MPEGVideo
mts=MPEGVideo
ts=MPEGVideo
tts=MPEGVideo
[ hosts ]
[ lmhosts.sam ]
System Folders
System Folder Path
Administrative Tools C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
AppData C:\Users\muggz\AppData\Roaming
Cache C:\Users\muggz\AppData\Local\Microsoft\Windows\Temporary Internet Files
CD Burning C:\Users\muggz\AppData\Local\Microsoft\Windows\Burn\Burn
Common Administrative Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Common AppData C:\ProgramData
Common Desktop C:\Users\Public\Desktop
Common Documents C:\Users\Public\Documents
Common Favorites C:\Users\muggz\Favorites
Common Files (x86) C:\Program Files (x86)\Common Files
Common Files C:\Program Files (x86)\Common Files
Common Music C:\Users\Public\Music
Common Pictures C:\Users\Public\Pictures
Common Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Common Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Common Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Common Templates C:\ProgramData\Microsoft\Windows\Templates
Common Video C:\Users\Public\Videos
Cookies C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\muggz\Desktop
Device C:\Windows\inf
Favorites C:\Users\muggz\Favorites
Fonts C:\Windows\Fonts
History C:\Users\muggz\AppData\Local\Microsoft\Windows\History
Local AppData C:\Users\muggz\AppData\Local
My Documents C:\Users\muggz\Documents
My Music C:\Users\muggz\Music
My Pictures C:\Users\muggz\Pictures
My Video C:\Users\muggz\Videos
NetHood C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Network Shortcuts
PrintHood C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Profile C:\Users\muggz
Program Files (x86) C:\Program Files (x86)
Program Files C:\Program Files (x86)
Programs C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Recent C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Recent
Resources C:\Windows\resources
SendTo C:\Users\muggz\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Start Menu
Startup C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
System (x86) C:\Windows\SysWOW64
System C:\Windows\system32
Temp C:\Users\muggz\AppData\Local\Temp\
Templates C:\Users\muggz\AppData\Roaming\Microsoft\Windows\Templates
Windows C:\Windows
Event Logs
Log Name Event Type Category Generated On User Source Description
Application Warning None 2011-06-08 21:40:20 LOCAL SERVICE Microsoft-Windows-RPC-Events 11: An attempt was made to load a program with an incorrect format.
Application Warning 3 2011-06-10 20:45:44 Windows Search Service 3036: The content source <> cannot be accessed. Context: Application, SystemIndex Catalog Details: The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)
Application Warning 3 2011-06-10 20:49:41 Windows Search Service 3036: The content source <> cannot be accessed. Context: Application, SystemIndex Catalog Details: The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)
Application Warning 3 2011-06-11 11:38:07 MSDTC Client 2
Application Error 101 2011-06-11 13:16:53 Application Hang 1002: C:\Windows\System32\wersvc.dll
Application Error None 2011-06-11 14:20:40 muggz MsiInstaller 1013: Product: AGEIA PhysX v7.09.13 -- Installation terminated
Application Warning None 2011-06-13 18:46:58 XLive 2: Title dirt3_game.exe (1, 1, 0, 0) XLive 3.5.0088.0 (WGX_XLIVE_V3.05_RTM(panblder).110409-1835) C:\Windows\system32\xlive.dll 0x8000000a LiveId Logon Failed 00:C2:2A:9C:16:81 192.168.0.8 0xfb00000000a7dff0 LogonHR == 0x80150002 Games for Windows - LIVE DLL
Application Warning None 2011-06-13 18:46:58 XLive 2: Title dirt3_game.exe (1, 1, 0, 0) XLive 3.5.0088.0 (WGX_XLIVE_V3.05_RTM(panblder).110409-1835) C:\Windows\system32\xlive.dll 0x80151103 XLive Logon Failed 00:C2:2A:9C:16:81 192.168.0.8 0xfb00000000a7dff0 LogonHR == 0x80150002 Games for Windows - LIVE DLL
Security Audit Success 12288 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-07 21:41:37 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa243
Security Audit Success 12292 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x2540f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x2540f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:41:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-07 21:41:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x54c19 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:41:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:41:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 21:42:11 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:42:11 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:42:24 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:42:25 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:42:25 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:43:25 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:43:25 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 21:43:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:43:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-07 21:51:45 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-07 21:51:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 13568 2011-06-07 21:51:45 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa4b0
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x304 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x24dbb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x304 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 21:51:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x24dbb Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-07 21:51:47 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:51:47 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-07 21:51:52 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-07 21:51:53 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-07 21:52:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5b9d5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 21:52:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:52:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 21:52:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:52:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:52:37 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:52:37 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:52:37 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 21:53:37 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 21:53:37 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 21:54:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 21:54:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-07 22:04:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-07 22:04:02 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x24dbb This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 12548 2011-06-07 22:04:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 103 2011-06-07 22:04:03 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-07 22:06:17 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa6a2
Security Audit Success 12544 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x253cf Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x253cf Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:06:18 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-07 22:06:19 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-07 22:06:19 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-07 22:06:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x36ab3 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:06:27 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:06:27 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-07 22:06:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:06:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 22:07:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:07:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:07:18 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:07:19 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:07:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:08:19 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:08:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 22:08:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:08:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-07 22:26:55 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xa0f7
Security Audit Success 101 2011-06-07 22:26:56 Microsoft-Windows-Eventlog 1101: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12544 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x25457 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2fc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x25457 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-07 22:26:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-07 22:26:57 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-07 22:26:57 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-07 22:27:13 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x66f09 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-07 22:27:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:27:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 22:27:30 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:27:30 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 22:27:31 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:27:31 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-07 22:27:42 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:27:43 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:27:43 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-07 22:28:44 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-07 22:28:44 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-07 22:29:14 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-07 22:29:14 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12545 2011-06-08 00:46:48 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x25457 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 12544 2011-06-08 00:46:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x268 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:46:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 103 2011-06-08 00:46:50 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1821d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1821d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 00:52:45 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9113
Security Audit Success 12544 2011-06-08 00:52:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:52:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 00:52:47 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 00:52:47 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 00:52:55 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3768a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 00:52:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:52:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 00:53:15 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 00:53:15 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 00:53:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:53:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 00:53:30 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 00:53:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 00:53:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 00:54:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 00:54:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 00:54:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 00:54:56 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12545 2011-06-08 01:02:11 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1821d This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 103 2011-06-08 01:02:12 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 05:44:58 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x91fa
Security Audit Success 12544 2011-06-08 05:44:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:44:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:44:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:44:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1fed1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2ac Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1fed1 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:45:01 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 05:45:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2f7e1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:45:12 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:45:12 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 05:45:15 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:45:15 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 05:45:27 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:45:27 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:45:38 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:45:38 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:45:38 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12288 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 05:51:30 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9651
Security Audit Success 12544 2011-06-08 05:51:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:51:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:51:35 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12544 2011-06-08 05:51:35 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 05:51:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x211b5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:51:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x211b5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:51:36 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 05:51:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x518f5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:51:59 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:51:59 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 05:52:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:52:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:52:31 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:52:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:52:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:53:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:53:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12545 2011-06-08 05:53:52 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x211b5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 103 2011-06-08 05:53:53 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 05:55:50 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x99d3
Security Audit Success 12544 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1da30 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1da30 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:55:51 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:55:52 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 05:55:53 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 05:55:58 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x37eef Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:56:02 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x23c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:56:02 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 05:56:18 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:56:18 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:56:30 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 05:56:31 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 05:56:31 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12288 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 05:59:34 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9c5f
Security Audit Success 12544 2011-06-08 05:59:35 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 05:59:35 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1f369 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:59:35 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1f369 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:59:36 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12544 2011-06-08 05:59:36 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:59:36 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 05:59:41 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 05:59:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3e221 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 05:59:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 05:59:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 06:00:05 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:00:05 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:00:15 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:00:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:00:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 06:00:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:00:49 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 06:01:16 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:01:16 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 06:01:50 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:01:50 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 06:24:29 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9402
Security Audit Success 12544 2011-06-08 06:24:30 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 06:24:30 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1d169 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:24:30 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1d169 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 101 2011-06-08 06:24:31 Microsoft-Windows-Eventlog 1101: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12292 2011-06-08 06:24:33 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 06:24:33 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 06:24:33 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:24:33 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 06:24:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x44593 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 06:24:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:24:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 06:25:23 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:25:23 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:25:34 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:25:35 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:25:35 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 06:26:35 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 06:26:35 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 06:26:46 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 06:26:46 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 07:43:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 07:43:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 07:50:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 07:50:20 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 07:50:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 07:50:20 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 08:15:00 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x230 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 08:15:00 Microsoft-Windows-Security-Auditing 4647: User initiated logoff: Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1d169 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security Audit Success 12548 2011-06-08 08:15:00 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 103 2011-06-08 08:15:01 Microsoft-Windows-Eventlog 1100: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12288 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 16:32:09 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x99a4
Security Audit Success 12544 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2b0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1f0bd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2b0 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 16:32:11 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x1f0bd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 16:32:13 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 16:32:14 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 16:32:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x50dcd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 16:32:29 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:32:29 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 16:32:38 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:32:38 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 16:32:57 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 16:32:57 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 16:33:08 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 16:33:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 16:33:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 16:34:08 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 16:34:08 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 16:34:28 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 16:34:28 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 17:14:04 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 17:14:04 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 17:55:07 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 17:55:07 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 18:02:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 18:02:08 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 18:02:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 18:02:08 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 18:02:30 Microsoft-Windows-Security-Auditing 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xca8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x9401b4
Security Audit Success 13568 2011-06-08 18:02:30 Microsoft-Windows-Security-Auditing 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xca8 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x9401b4
Security Audit Success 12544 2011-06-08 18:03:09 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 18:03:09 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 21:39:23 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x95db
Security Audit Success 12544 2011-06-08 21:39:24 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:24 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12292 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x203fb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2d8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:26 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x203fb Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 21:39:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x39ed9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 21:39:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 21:39:54 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:39:54 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 21:40:00 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:00 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 21:40:19 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 21:40:19 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:19 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {EEAC1EC4-3943-4E73-8A08-CAFE4616B249} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\59facca7d5974e0682398a878a01739d_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2457 Return Code: 0x0
Security Audit Success 12290 2011-06-08 21:40:20 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:20 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\180a87cdb2fc534ee24519424a187884_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2459 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:20 Microsoft-Windows-Security-Auditing 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Additional Information: Operation: %%2464 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:20 Microsoft-Windows-Security-Auditing 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Additional Information: Operation: %%2464 Return Code: 0x0
Security Audit Success 12290 2011-06-08 21:40:21 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 21:40:21 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\180a87cdb2fc534ee24519424a187884_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 21:41:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 21:41:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12288 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 13568 2011-06-08 22:35:42 Microsoft-Windows-Security-Auditing 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x9f95
Security Audit Success 101 2011-06-08 22:35:44 Microsoft-Windows-Eventlog 1101: C:\Windows\System32\wevtsvc.dll
Security Audit Success 12292 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 5033: The Windows Firewall Driver started successfully.
Security Audit Success 12544 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggz Account Domain: muggz-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x23401 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x270 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: MUGGZ-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12548 2011-06-08 22:35:45 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x23401 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12292 2011-06-08 22:35:46 Microsoft-Windows-Security-Auditing 5024: The Windows Firewall service started successfully.
Security Audit Success 12544 2011-06-08 22:35:56 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4c3ca Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:35:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 22:35:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12290 2011-06-08 22:36:13 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 22:36:13 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: 6352989f-8478-4f67-a8d8-6cabfdca1d9a Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b53a2543ef5617daa8aecc6c357eec7_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 22:36:24 Microsoft-Windows-Security-Auditing 5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security Audit Success 12290 2011-06-08 22:36:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 22:36:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\180a87cdb2fc534ee24519424a187884_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12290 2011-06-08 22:37:24 Microsoft-Windows-Security-Auditing 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security Audit Success 12292 2011-06-08 22:37:24 Microsoft-Windows-Security-Auditing 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: %%2432 Key Name: {B29D6996-D159-4A81-84A9-CB9376DF4BF7} Key Type: %%2499 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\Keys\180a87cdb2fc534ee24519424a187884_ba561cea-c8a9-47e0-96a9-3f2b214df965 Operation: %%2458 Return Code: 0x0
Security Audit Success 12544 2011-06-08 22:37:57 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: MUGGZ-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12548 2011-06-08 22:37:57 Microsoft-Windows-Security-Auditing 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security Audit Success 12544 2011-06-08 22:43:13 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x23401 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggs Account Domain: MUGGZ-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: muggs-PC Additional Information: muggs-PC Process Information: Process ID: 0x4 Process Name: Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 22:51:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3215da Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49168 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 22:51:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3215f2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49169 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 22:52:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3215da Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 22:52:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3215f2 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b4523 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49174 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b453a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49175 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:04:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b4523 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:04:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3b453a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:15:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4310f1 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49180 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:15:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x431109 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49181 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:16:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4310f1 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:16:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x431109 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:16:27 Microsoft-Windows-Security-Auditing 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-3190137153-2221340209-2356128126-1000 Account Name: muggz Account Domain: muggz-PC Logon ID: 0x23401 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: muggs Account Domain: MUGGZ-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: muggs-PC Additional Information: muggs-PC Process Information: Process ID: 0x4 Process Name: Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security Audit Success 12544 2011-06-08 23:27:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4d04e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49186 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:27:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4d04f8 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49187 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:28:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4d04e4 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:28:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4d04f8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:39:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53c413 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49188 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:39:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53c428 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49189 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:40:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53c413 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:40:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x53c428 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-08 23:51:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c2f21 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49194 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-08 23:51:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c2f39 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49195 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-08 23:52:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c2f21 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-08 23:52:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x5c2f39 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-09 00:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x645f3a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49542 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12544 2011-06-09 00:03:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x645f4f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49543 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security Audit Success 12545 2011-06-09 00:04:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x645f3a Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12545 2011-06-09 00:04:04 Microsoft-Windows-Security-Auditing 4634: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x645f4f Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security Audit Success 12544 2011-06-09 00:15:49 Microsoft-Windows-Security-Auditing 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x6c9cf2 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MUGGS-PC Source Network Address: 192.168.0.4 Source Port: 49657 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request.
Retired
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-16-2011 09:23 AM
any updates?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-16-2011 11:53 AM
Hi,
It's ok to upload files like this a site like Media Fire or Megaupload in future.
There are two USB controller chips we currently use, one is NEC and the other is an chip marked by ASUS (i think the Maximus uses NEC exclusively and not the ASUS chip which is what some of the P67 boards use). Both have different drivers...
You can generally get away without a reinstall of the OS when using same chipset boards, though when one is experiencing issues a good port of debugging is to use a fresh OS install, just in case something is lingering behind that does not sit right.
Are you using S3 resume at all? Is USB selective suspend enabled in the Power Options of Windows?
-Raja
It's ok to upload files like this a site like Media Fire or Megaupload in future.
There are two USB controller chips we currently use, one is NEC and the other is an chip marked by ASUS (i think the Maximus uses NEC exclusively and not the ASUS chip which is what some of the P67 boards use). Both have different drivers...
You can generally get away without a reinstall of the OS when using same chipset boards, though when one is experiencing issues a good port of debugging is to use a fresh OS install, just in case something is lingering behind that does not sit right.
Are you using S3 resume at all? Is USB selective suspend enabled in the Power Options of Windows?
-Raja
Retired
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-16-2011 12:03 PM
yeah i know what you mean about the fresh install and was going to do one before i made the thread but im a bit lazy, when i select nec in the bios device manager has no errors anymore however the two ports still dont work. no i dont use any resume...i think ive seen that in the bios but dont know if its enabled or not. also i have set the pc to never sleep and usb selective suspend is indeed enabled.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-16-2011 12:25 PM
muggs wrote:
yeah i know what you mean about the fresh install and was going to do one before i made the thread but im a bit lazy, when i select nec in the bios device manager has no errors anymore however the two ports still dont work. no i dont use any resume...i think ive seen that in the bios but dont know if its enabled or not. also i have set the pc to never sleep and usb selective suspend is indeed enabled.
Which NEC drivers are you using? Try installing the ones on the ASUS site...
If that doesn't work, try a fresh install and let's see what happens.
-Raja
Retired
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
06-16-2011 01:51 PM
ok will have to save some stuff and find windows cd so will get back to you in a few days, also you cant install the nec ones because it says later renesas driver installed cannot continue
Related Content
- Asus ROG Crosshair VIII Formula Q-code 00 in Other Motherboards
- cpu fan not seen motherboard asus ws c 422 pro/se in Other Motherboards
- ASUS PRIME Z270M-PLUS in Z270
- PCI-E runs at x8 instead of x16 (Maximus VI Hero Z87 Haswell) *Solved (See inside for solution)* in Other Motherboards
- ASUS B550 F-Gaming bios issues in Other Motherboards
