mid session new logon account?

S

sportsguy

Member
what's up with this message?

An account was successfully logged on.

Subject:
Security ID: SYSTEM
Account Name: MAINFRAME$
Account Domain: WORKGROUP
Logon ID: 0x3e7

that happened in the middle of my morning?

and soon after, the computer froze. . .

thanks

sportsguy
 

My Computer

System One

  • Manufacturer/Model
    Self Built
    CPU
    Core 2 Duo 6600
    Motherboard
    ASUS P5B Deluxe
    Memory
    8 GIGS Corsair C4DH
    Graphics Card(s)
    EVGA 8600 GTS
    Monitor(s) Displays
    Dell P990
    Hard Drives
    WD 250 G DiamondMax 250 WD 500 x 2 Raid 1
    PSU
    Antec 650
    Case
    Thermaltake Armor Full Tower
    Cooling
    Zalman ZNPS 9700
    Other Info
    Office 2007
nad just prior to that

A logon was attempted using explicit credentials.

Subject:
Security ID: SYSTEM
Account Name: MAINFRAME$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2a0
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

is this how an antivirus or a virus user logons on?
 

My Computer

System One

  • Manufacturer/Model
    Self Built
    CPU
    Core 2 Duo 6600
    Motherboard
    ASUS P5B Deluxe
    Memory
    8 GIGS Corsair C4DH
    Graphics Card(s)
    EVGA 8600 GTS
    Monitor(s) Displays
    Dell P990
    Hard Drives
    WD 250 G DiamondMax 250 WD 500 x 2 Raid 1
    PSU
    Antec 650
    Case
    Thermaltake Armor Full Tower
    Cooling
    Zalman ZNPS 9700
    Other Info
    Office 2007
what does this mean?
Code: 
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL - 
 3 user registry handles leaked from \Registry\User\S-1-5-21-3857319494-4221527959-2872253871-1000:
Process 560 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3857319494-4221527959-2872253871-1000
Process 560 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3857319494-4221527959-2872253871-1000
Process 560 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3857319494-4221527959-2872253871-1000\Software\Microsoft\RAS AutoDial

thanks

sportsguy
 

My Computer

System One

  • Manufacturer/Model
    Self Built
    CPU
    Core 2 Duo 6600
    Motherboard
    ASUS P5B Deluxe
    Memory
    8 GIGS Corsair C4DH
    Graphics Card(s)
    EVGA 8600 GTS
    Monitor(s) Displays
    Dell P990
    Hard Drives
    WD 250 G DiamondMax 250 WD 500 x 2 Raid 1
    PSU
    Antec 650
    Case
    Thermaltake Armor Full Tower
    Cooling
    Zalman ZNPS 9700
    Other Info
    Office 2007
You must log in or register to reply here.
Back
Top