Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help! MY COMPUTER have been seriously infected.


  • This topic is locked This topic is locked
18 replies to this topic

#1 jeffrey90

jeffrey90

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 24 June 2015 - 11:23 AM

MiniToolBox by Farbar  Version: 22-06-2015
Ran by JEFFREYYTAN (administrator) on 24-06-2015 at 23:19:41
Running from "C:\Users\JEFFREYYTAN\Downloads"
Microsoft Windows 8  (X64)
Model: 355V4C/356V4C/3445VC/3545VC Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = WiFi (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : MRTANNNNNNN
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : .
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 12-B7-C3-55-CD-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter WiFi:
 
   Connection-specific DNS Suffix  . : .
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 50-B7-C3-55-CD-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4d87:d4bc:97db:66c5%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.80.20(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Lease Obtained. . . . . . . . . . : Wednesday, 24 June 2015 11:18:07 PM
   Lease Expires . . . . . . . . . . : Wednesday, 24 June 2015 11:28:07 PM
   Default Gateway . . . . . . . . . : 192.168.80.1
   DHCP Server . . . . . . . . . . . : 198.41.0.4
   DHCPv6 IAID . . . . . . . . . . . : 266863514
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EB-BC-FC-E8-03-9A-F9-4F-54
   DNS Servers . . . . . . . . . . . : 165.21.83.88
                                       165.21.100.88
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap..:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : .
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dnscache1.singnet.com.sg
Address:  165.21.83.88
 
Name:    google.com
Addresses:  2404:6800:4003:805::1002
 173.194.117.2
 173.194.117.8
 173.194.117.4
 173.194.117.3
 173.194.117.14
 173.194.117.0
 173.194.117.9
 173.194.117.5
 173.194.117.1
 173.194.117.6
 173.194.117.7
 
 
Pinging google.com [173.194.117.9] with 32 bytes of data:
Reply from 173.194.117.9: bytes=32 time=11ms TTL=53
Reply from 173.194.117.9: bytes=32 time=11ms TTL=53
 
Ping statistics for 173.194.117.9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 11ms, Average = 11ms
Server:  dnscache1.singnet.com.sg
Address:  165.21.83.88
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=258ms TTL=43
Reply from 98.139.183.24: bytes=32 time=269ms TTL=45
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 258ms, Maximum = 269ms, Average = 263ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...12 b7 c3 55 cd 01 ......Microsoft Wi-Fi Direct Virtual Adapter
 12...50 b7 c3 55 cd 01 ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.80.1    192.168.80.20     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.80.0    255.255.254.0         On-link     192.168.80.20    281
    192.168.80.20  255.255.255.255         On-link     192.168.80.20    281
   192.168.81.255  255.255.255.255         On-link     192.168.80.20    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.80.20    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.80.20    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::4d87:d4bc:97db:66c5/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/24/2015 11:00:36 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (06/24/2015 10:59:59 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:59:59 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (06/24/2015 10:53:22 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Norton Online Backup; Error = 0x80070422).
 
Error: (06/24/2015 10:53:19 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Norton Online Backup; Error = 0x80070422).
 
Error: (06/24/2015 10:48:29 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072F8F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/24/2015 10:48:28 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0x80072F8F
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:48:28 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072F8F
 
Error: (06/24/2015 10:48:21 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0x80072F8F
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:48:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
 
System errors:
=============
Error: (06/24/2015 11:09:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a pre-shutdown control.
 
Error: (06/24/2015 11:08:27 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (06/24/2015 11:08:27 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (User: )
Description: The ZAtheros Bt and Wlan Coex Agent service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Easy Launcher service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (User: )
Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (06/24/2015 11:00:36 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (06/24/2015 10:59:59 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE79e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:59:59 PM) (Source: Software Protection Platform Service)(User: )
00020001(0x00000000, 15:59:59:157)
00030001(0x00000000, 15:59:59:157 - https://activation.sls.microsoft.com)
00030002(0x00000000, 15:59:59:157 - 0)
00040001(0x00000000, 15:59:59:157 - https://activation.sls.microsoft.com)
00040002(0x00000000, 15:59:59:157 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 15:59:59:157 - 0, 1)
00040006(0x00000001, 15:59:59:157 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 15:59:59:157 - 0)
00020008(0x80072EE7, 15:59:59:157 - SOAPAction: "http://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>Kg+kD7oT3e6AUJx8m07FKefL7jMR2jxe9QWiHcjSvNDXz3FffCboaAF1CED0+sgldD6oxqoqW/KgMV7uVptoTFbNwcwyDeTtmglAvsVhRGPe7weZQHCE9RxbEL7xjok9ulVYVCjMWIizN92F8OPdfi1hD84uFOvQCgYQpi88cVaQNNtdDXiloeNfFsnAldRgJFdI2EdXZh16kEKE7mY0S2uIjuxw931Oxk7eJujrZuNY5M8+13gx/Of0pMjaurawKGmsp0p9H+B80H1G/WaNi9Z8sMN0kpf+6kUvjwYOqpvaQ6jqqI3XWSwwudW+qBw2KK4dsWW26zkFKVDo8J/gJD35LYx8b0hndSDHp0BuOgqixix2nsP0YvJOAGzoHDkYB0P31LPKD5M3S4J8tsEpPTWAZLWPXJS+bVy8SPGIaM04UvHvOyneS2S/pJplyYZce8ESyR4xDwDY1g9GHlQz2pV+ZTBygMKK/h6G8CrW+nHJe25rT4I1qYkYUfjqJ2ndXe1MxvwOSAGnIKX0w68jmLhd0AH9rnPlJUHG1fX+wjgnjjpxxLHJwUg/kYhgTx2f9nB/MSR3bbkcDZZxqVOfzyl+OByxNCImXoUl3JFBn4uIRSnJQRN0QaOXOl2hblQIatfc075lImoN0DefYF2Xiz1npRtS8cV5xOQ5hQmi8ZKq+FeIWL30ABe4x6p2ZmxFf4oMrpB060C/2Rpe7Lc4BVmZiZvb5ls5yeQ1a8K1FsoFdOz+S8HMLCMaKYVPoRlvluZb+bNaLPn2A/Q4NWMZ8Y+ptrDIPUZuuP7/RBRlWZfj0tMHjDsKpkIFgRWX6t8bBHkddJECNf1BGSv6P9p6Sbch+erFGDMIg6dg8W6lvRFSnzqbCWADq6DaLWHUgAHaMeWVDETtXl7gQM8HvZNv/qyPy/i0f88uSRNJOilsM8ng05tCpNpb/vuNbA6/BhR0+OLPUx2lCOnupm58ineGBQi7HpdZJm/cxM2bsvGgG3ZNppWq5YQ8JNeuJnLXChLJU9Z2rfaFvjjD5tPOYQkorIAbO4V1rStezYK9FE14EJDeuV7VQRoGZG6uaP34re38NZAqBRFWCJ846mc026lu96784GSI7D6vk2gudU2xN/gHzkTllco0R7kKyHwRKFXkHZG4rQ2c7ND4KVAbt7VLOkFgcruC+RYsfpfZ0KgeJRS0EEvtJJpkPq6vISWAAIwk6vDspoEcXCqGC6/BOQWIOlJAid3jWq5lCagExP2CIv6ALLcDSH04DV1d5ApWQ/b3ExumxkxxqRd/S4tVOxhu4nXxtftkEL7rSUd8JaQty01hLX43AFrNzbHpPlAo9j54lMy4QLhwsI52ZBQX7cRpbTa0kUdCmibAq3h27tM/xlHX9Vv0R5vgK61z8mjax0FhImb9KjrzmWoxuEnzmSa7vq9LEy+FxtloR+jU2QO6eOfkt0dcRPono5p99946jKhPZXtnhsho60mcntdMekxmSnV6duSFnbvYY0eP9I8hW1evSle2EqKMb/Bzko0t5wYBHPpjzIQ6kmMaV+Vgi4zPLC93zy8XG2td3fMjJZwJpMzuk2I75RMWQba93b4ufNhc/ns2ufUcfgTFu/MHGPokZTJSaAd4O+hOwRQW+6ZrdWTx3Pk6rbSpUNzafHPt6wKVszVB2ZS23lIU7LErpMQliE9d/gQHGPxuy6PiARX3VQUS6XlxGRfAHd+pYynC0qmCF8MHKELlv6rvo+EM0yiSADhN0TGSIjlqWSxCc54cgJA3lYxsE5PC8eaeXcnjzM9NgenRlyzszf4FIV9sBzPA/hw6S/mbml2E3WWc9xcQhAS2CmRlFN7GScojTb4cXXhNDv/P9eA3RnTgZtlqrp7R094JE9wOmYL0Y8xDbATnjehZFO4EU76+rBN7buf118u28A0iKo5aHhgRCK/EvnVgYXBn8fIp5UpcK6MqMePIAmQnv/FuKBp7DUNdelM0s+iYpi5+/rohSQ7wqUf+v68DG3Gk+shwBMEShkxwGcxYo30osloa9eORkAzMBU0Mndk0ag3AjGmOHAeIIHtKZXcYWgy9goag/wLzQ8U5ySJRg5varErJYIlnUykMVFJ8FkE7NNAuPn4Xu5BhG/OK1foGNRLLWpgBc38paCnxr5RBJa3yiDHQfZk0Ab155JVJduJJ7WvWbUU+PNx2N9Sbin3CT8YvQi5ii1VB4xaIHwqDNFGb7gaGK0nBkg3PMBVQadFp0GyDzRinoRiGXCatt7uX3l0Wn+OHRRL1k935oQ0aG7ye/jla6NyVS0kt+D7fqppk1xB06fLa0ebonGE9f2x1yKwcIG+LOrkf0KVmYr+YlsgjVs0ycFRAWNcU5lJlBJkXHUizMGwAh5EiPZvGwRYoLrTsIGNH+y0pGtHUhwFnUfTyOGAxkXzTCVbmHKSAZDNSntX1d475Rb4L8ctkcQeQUzIO6HMeGrRR1eiAJv1YUvgEe3Se4hKVQSIJEyq+xTET/gRw9fwjYZoyLw4MvH0Ev9P2+TGkiLumB27OwiPJUTB3CGYvFCqDVhYjhuV+Nsb+RMZUZIeIBTswlJhvf0+/RssfMNUsTxgZPhy1gdJy7mPsWcR01Pgjpn2zpJ2rJdNl2QBKLpJ6tiVvGZY51iIfzoFeHW0fbIsaRJPC+wlDiqrhIsVSBpdHiZc9FfrZ/rmDm/7gGrNSmhXLRj6ejNtaAqEDaql0bDc1J21AiEkVOy8Dl8bRLD4aCalFzA4jqiRM4ylycWFQsPVoicaWsOFgNEeOzWuCgTv1v9gQfMAi2qsqSW3Kwll5KMSEQRrKQT/En89XSl4qxM/Db/5Km3iEptnAmPP4qBRvOtRGtdo+j4Z3Fj5OHYsSdwSNTRaNFt+/XGNnxOiP7ehLv2jmQHpJnO7JgkAKfsCYsyy5pLCVkJQJaGFtQ9T56GRNbfAyVzTomL9uVGco5V4cy7vPO2Y5tp2LK+iw2Vu63PJ42CSsLrqdTQ7hw/iclqBifUr+9bkMAcQWlA0nkmfUxZgMZQzGaOqfMnbB5NmkeKs/aQ4mTMBCwmZPs93PcRbEBkZiL+tOahOvj6z3tW5uOHw8W4YowlQOCWQ9kAhc0OVjQNL27EGk2sQpNgqgpoZMn31PnqnOSQFrX7s6GUjl/phMH1Lb11kxwyBy9S2vakwu/u5IxwtZiM+w616iNz/u/uT4oyUI+7+7/RYJtAqzPjchtUJbNNDoOnD+t2LHtX/9RyPKypedbuFZisB7UVvAbxWqFukAMHDEibU95kkNOTlaRoJSd+PyR9semfPp3QtGdc1qVhw6sAugDuHLb7u3wQuX/bt9/Z9MhNsax6aNgKvwkPiA9Ez+oHgP0K737iHIJIQKa3YL2MoB2O8Elyk5PFBu1tnXlHeHu6xAtDOXEdLx/qCtAbUeJwuO3g4T1sK8a3znjoIzBjkMRAuPpIUt2Q7ZDKtKDzVCkM7Ezn7cBwdPrMQcsORv29Qb0MRJWAegtYm/ZrZ0TWluNK7Zd85jJw1jMDbRnhI9n861+MN/x55s8LSuR3nysbrXwWW4dTlnx1XYejLcNTjsFAq/8FejzV9M+sxEgsnGxXuLpnbeHGhuzzbT64D/QRSNmEMZhjpeYI/VUGlc5OfKsK6GVfY37JqMITpY2WA56cbMHDWoL5sDaHB4WalURNIEd176D+JjvMpQdKQCg5y0ToFftjuAQHewdFPRBuAboQSYL/rbYEKbx+cqHaOSsLRB1FSJXvZRpWrZeYUqIyyW1JRpyqOmU8asivmwtVW3PGSG8KQguugvZ+zASiaU0ow/0GOPIyVap07H7/vxwHCYV6WwZlkBToIIWzaIl8TCSpziu8Vn2yKYPLaJ/sEersg2IBXIpeADqxz93Y6VfnlqU+Y5KUls3Id44zEBuiE5fM4XbFbJ8OD6tKbVWJBqwLc2QQAPaeUJA49algH21v7cphk+T6fm1jRebJF0FbrlIKvIMtV8RfzcBfCK8AtcPPB0EUVaNkqI6M5n5MhdF5ty6tusypQ2Jw47yGIDxOXGRIGdL3NMisfhaYMJJEXu9U2tOnbzxmwENDx325sz8AwfL9uVILo+3ta/4ugZZ2CtbI4pFQY6nfoRX0CKi+GSR0gn2rgJVoFEJnHCwgDNX/+8tNkeyYGhVyx6kE+rbmxfNpt/5jC8g8elL2BePM2vUN0KxUX7lPOiVxvnOPsDDAPzoiuUNEIGLvvOoYFacDnOalklmD8U9mur6cc0yKhtXP1E1KH6S5hjaGL6M3t86RkY8d7+7I0U/sTs2wYdCqDwxXK4gIZRmahgYYYTJkm4e5agLUNF2f55euKp3qgKREUguxFsBkohRn+fL/mL/ubtQGg47JHD6o/XkEpCYRmsn62wEefkNpa6ss7dvvikgjB2v83jEylwqwLwg9LQFjb/XA8MpsNdlxk/NnAuFGn/Ufhyjb8nk7FTkNXR3Z9mjLxPSd1SPNVnVwVdLxA+3pWVS1hcpMhEGlwEpYAn3BlFcXsqp/3XpauSga7nMCtJyL3rBolR6S/KvZnpoCcnf4a6DQK2oXaECpXnru+ceKfg5S1wwEQpcoMvQwvItghVD2GN0zOs6AYvWEU/oi2icxoff6VSSetKsqtrfPJzkWS4/e3rhOeZgYSsmwO9TE2NxHO/si3przJBeRrt0o3CXaIu7a7XUnaZlq3yiz2INrKrGrNRptxub+0h1opaudJtMSsMdfAA7TEtsiuDZXdEvPzdM1gQN7OCgFAl1CXU5y+4V+g7QT0DASdwoMpNPM0mcjhq0SASZCZJZ7rxeeSXkXOiKXCXFeYGzIAXUuJMaw0DbY5cYzTN3zIehrokcptya58VeHeiwSR97tcGyLHxPjUfJLR6vNvWKYyfNEVU0MeP0hDzkFDmod3Xw5mPQPtxw5YFo+BEbR+0bcynnDm+fjDiqV2t8VkajnxwPq81NA0gAXVNEPrwcOwicr46VVUBgGKwfORliZsO9bkU8W3Dv6X3oGyMYvJXUFO4n9hLaKYv78uDAVM7Np102tdvwj/Kf1nAwSZWtsaKWi/KUGGEaXOjdZiBJX/+9vW3QotVljn6WzGT5NW0X+P3q1H4n6wjJDDhOJwKAQ3ZwY+VnAAMm1AuOMJNbq4qwdjLzR6bFczIMuYDIco5dUoX3OZSuzOxvOvGpR0xeCpMidW7AyEXLgiZ6qaQU6YzGKTsNMMm2GIPNW4HHu1+br9GWfslBtQFZCslR5qKh/qkojzXowm8WmEw1dKPuURyFeEHcIE1Sc3tYmEqVNVkfyZtH8ThG+mp2DZe2SJhuscRF3g6yfp9xEP68WKx/e3aQSXZAf9qT5KoMVytp07B/mDhrUVMErWu8wYYyAFLQP3P72ogsuSlVQ4DomKmDkQcjtWfw2Br9kjlw279+A2tDYO/2dCwRrCbs2nCGsdGcrqBsXAl+zKr3jBNpa9279w2VdTu0q7TypfaAFJSFvSLYtWKRt5KG546UHWFWNHZNiPuGWGmiz2EbSR7cwrpgx13P483J8LB78HJJyw6udI1oYifc7K/PmwftTUQeoXgACJ6LpYsqCzs6XWqnbo6chtcQi1SQSGmf8bN3/JRDHBBAjeq1O6fdnD7cNnl6Yi59dFI1VSN45gwiJde+P5SpkkLcC6nhisNRe8xUC2vyOWRhqeDNoEr5SkhWJokmeeOe0VTWKRmlFcCy/GFQqz24trUs1b5Dw8WSZR0TXv+KMyPC135UpUjj2JtB+SzIl8RbVymhS4YLWW+iwtEuadPYKQ7pMxMEZwVwMhrynwngrQiIYyfm6k87rAXbd/EsMnzWC0WX67+pAxJYqb9pkMyWD/tVlu49eV4atp5lxbzAj9CHzpF/XNCgTicUBeENrIpOZpLrejGZb0nabczcyuLYG5R8PH0jeAefd6cY2FpVsOnfZ7amMqsZwHQphk5fot0R/5wb8GjEkMUPFdAbDCk8a6gSp6x5TT1dtpBotYOS/HUn8Kj5nHtYJ+OtkuKMvKxmkaIqY2+TUHiGakYiviS7puDI8f8zo8vRRhYjPOFaA6rauHTm/yXK4WEmoUCfpEKtMAN28uGg2m5bthlXpK+BlBeAtAf4aOAT94igcaWYRbcIAcSo6JUeZBwMinOt38k3TUOQzbl9c3OFAYONTEEEQDPdmClU/1AIipZn8CKvHxIAOyidE8kJ6tAxEP15L2uFM2WmO96cL5whn95WuEDwG9nc4shgwIbS3EApjTfD4ceFs8pTSL3b0uvZ7oO1FjvHY+hjf1FrxXcD5PAlbf4EjZcIiDXhgfd1DAWYLSFLP7xUDKYZhlLGkCbGZcrpjt8Eih5C7RyVYw3WGCOLBulXhXFBELAetM1Slsq8ZL2ir65UMNjh9clkFE6jfSVWwhoupEHJQOo2BKoNx5CmTbGWzyvCvITrc3CaC72+GCHT7Xr4Kz3WWpA87T0zQ4cCdSsBJxIBrUK6L8gwcUQd39x+CRkkPikxjwZII3RA49hXuvf6ThruHuT80OyLV1B7Mn/kNAosAJwQPV1Z9yXAQoOW5hLqMcnLpiMsskue7RMAqCH8VzODy1EcUcp/y4lEyHLuM6y2uj/YRoyJtKr0VjU5Hbi9Jrw8cemaF0EgesMPD5Qgh1V1/hhlWFGe4QkiUTCxCrEAsZVtKg8asTputXdDg2r+D99gxgd5Kizuq7Rgf2koCFh35IPsXnVINV0N/ksBUmeKwjVa0m6Tdr7ZUx3d++eodZ6wcYFvY7pW+fLcnuM4tJ/8QPOh/N8ex8DoI9IAb7BOoL4FhbPFuPQRDa7BIBVnPxhTMcPru2ktaeeGso9+LgV3wOWMAFYAKvHfzMM56qoU82DYhzFkOStI6/mrpyIed1TSXv6/S/NXLLjF/HFRMM3559yGmtTxJUVqgN9U8qfKmkYhi38KB2Ask3lv57y/03iGYsZhB7Cvuy9YZ4KCRpOoAEN114J0IkFmhMeZOEmGkZZ94py+8ZuibpyGvJMfMpMgARwLsfPsWPzF/qgtdASIX0CeacP2OCibE2jDrLTo1PvJae+9X/5vIpi2aAUmgUv7pPhfFz2yKoqZedcIaRo+eb2gzOXiPBvloCU8h3hOJ1DJUqhOgwB1uLRGHBVn2ytLTkHUocCVo6IvD8Ku77GTalHfUTbf1MEwg4li1TmWd7Mo9QH0vxPRZ5vP92WccjFNCchAOcSJLY30aBDDoKyJwJLqksvKiErHZX+FEFcoyNaxNBlU4+7PJpL7FuopNutB1205RRHegk7R/f8CYR7i23zMK7uXwjpeSRL329iQgmHn+6NMaiwbZY5OKvDMpkpFNQIxeYmF5/pHHJzzHBNZ9Pp5hvHeC125Kxfr875pAXLLhrksxJYnFCyaWxHhhsnx/v8DqzYDjCQ4g+atDuWXJC97TtozwnLs+8vQgtg4TicN8y4C7fCxQ9U9sxctmvaDgQgopGJC+1dDzHbm3GMYXEgokl4V2sGLxXmIHiYMhkEow88kpFLbPw0raiXoZC2WbRbXqW5YLnOXBByNwLUKZTEAwWPPTtFVavGPxVcaZ8GtjftLYlcICiBTeEBJJPUjaUWjMvo7NmkOFS9gZUNLj+apkyNv/sUXAufqasrfcKB3RTEkcfGdApReYIKpEhVOXMgeb4R72JyULaI+HhVpa4pv+rvxB55D9AuDDMGJpLghCiFjZUAXyW5Xrqv5tjnZimAEuVDPlVT3x1+5HH44ng4GDGEYsEqaHQ83jwy0wWBGB29Qf8iEcYkoS1VBXvaavC5/lHTK6Tv4wGWeNXiit6CniAutxZD5xT/f0puLrm+wS1pcefFZdV37bPti59w77m7Z1GqSQBOXZJzb0uBVBdORjiuo2/wiz8Z0RcZhQImGwolF3u5ayQLcOHs23Ousen44xI5LjEVBx2vR1J4yXIN2vxLWPSUSZOL0LC4uHtS0DMoFtblGZmFqrtseoUxPdNiswm72X9FPAZA00fa3aR+a8ufde/z46w1b2knOO3Pf5nhZuvBr3mLoZ41lVU2cpw+wYGkPTPd4V0DOsOK3jxvrC6vbzVVzkNhEn/gvsg0cl6ZLBmKA9raM87SK2zIwIHu4ICxRdSPgEcKr9vCeCRVAj2d7NW/WLzUhPKKxIqKKPqlc9YM/IWP4OtgQ00fao+lH+HZZ1UIIQhk6KjNHa2soj01mLe+jtDhv+jn+4WdDS5UFveWwwGBgBuLavldWEP11Gry90c71l1vChRSkgeGpD3N0aLF2aDGJFYwk9tEaZ49aYFqvnzXEYhfr/TdkocbcNZQs1ZDCyOtK9KtXhqenXYE83PU6g6edZPR5WbxL7bx3Q9doOmIMpS7WrRUamNd7sKqIb9cX1zmLNmJPj3ipfNomogusiag6oFH2Bj3djauJ90qswk58utbs/RbTjXchV5uYguT9SvcYqgOe+2CHJ/VEIYmp+im71hrjBLroGcJS3zYueGr7o2qHGiKLskU4ITkHNmuiB3r7K3jg47PTVmO1KmoIkuVLBs7ts+Q7LvV30JF1y+vol9/zFe8Av45A5KR8xomriVE8e+0b9TwsNZs/+N/OlzfCKHx2YrAf+frV526DQ0A3Pn3JZU0Dmg3xfRPGqiPc0mIhKHOvE6Ghwaeylu86MFS3bwHjs1Z7hTpdeRiFofnTg8vkqdNIQLiiMbJZHJu0H4iSceoNF6K64CosthgG1g4FihjXHYbqj3K9DtaktXI/tU2lnuqAGrWOwySrRSVgxF1lkFJGPAuanizZ4fuZpV7OGLxAQN6DFaI8Usxz75sioArJcYbobahxEdxnwI/Eh2PeaDr+Q5+nnIUvVK1WgjqNU/+WO0SM3eyA2XHVoEG2mN+9r5rbHRhcX2mN1yJ4IjTYA2XeZztBjjO09AQNa08kk0Vz8iAKrAs+Wh9SIMyvrE+XUALLgJ4zkhY8eQ4a/VSNh8qB/j7eJQveXQxTs0kQjavBC24rjDAj0O1vcKyUoGH7aRUeqEEUOEx/0l09FK3su0QgVTAbISPYyhIKFKbj1bzlC2+Ww0V+O2nkYdtq8Vp0YWUvO2m8nXZQeEptetexIZxDuaXeDNKvuAOvHLvPFnHyZBOYysDgND9p1xHvg/m+rXm0oLEU0mJMQWOlMg/KkiQmp0uJMVgGsxVNuoOQSsv+Exx20WXSHMjuACqHm8bhrLIbl4ms2UM6xLgVscD3mOUrYXcDpj2gW0fnLi1no1LqKNdw6KOLOORMDq5m2J+hkwaJ1uBRWov2wzaEQ8wDuuQLd7M/r7nEpN9L1MOodnB8KYQt5Lh7Bmfyv3OrnmhXwQVuVhfpXAc8JRGXe9osKW2GmUnU+Of0a+vo6RJt/jHUteLM7+JHu7anXkzoOoU72V9/7+bMKyELttFaQ0BWYlgazlM55It8PLnTXU79w8O9xZud642i0Ck7Pwml7uor9gLUlB+Bn1n5534s48ym8XCIbHZ/vBGAVKVf6+Wnp7COh7ja6hCEuZd8CbST0Xtkz0y3ynXOTHLZGOBJTLi05vU5l8hAM6WbqZI0jDk+P++bUATHyoyRUpNpVG3zPqGQbSIYAIpw1FaV7lTOKL2hp+b+UiVt31One60JgmVmgX1R8/eMyxWPExP/do8iOafu4UQPyLIgWpLPPdb9KCRtZHRtgS0PlWeYbzYpvneUnSCphJHqvO+3gV/tlr7luiIMDdSp57vyR99BpjIJsa7O7lProq+Cka5xgo0P0kb6Q3o6Z3oJ7bTUIJFurfbCYL1FDRJ0NbAVlRmhaRS01yDWcHQvGAQzg9XOpotpRvwJwAcT+tVXiv0HP8tbwykrfDuzcOH8DviApakbtjoL7z8sP0sAFU/67ZLe1WbigVaVSBuYsAA10DW2DI0FpaD/UUAbu73cNNSBl0T9pWHC286rAX6JtgxF7WWyJAS9iAR6IULtOtV66Aw6lkwrJks7bKA8cUXyaZSUdak6Q1csFliZ8WBybM+Fnx8FbhF2h2zNO82YkOLAmOLEaq9kZ2ywavx+6zaSJllroXnhvM8CvBOljQHFf4jxiUbQPKSu2EiTDEeZTjFupnyeNJldPxZxUP6LdO03B2OhChe42hhfh/dV4Nd2bDD7uKS0XcTOo8g3/Lb8PjCvcpErbCevzgKVkvCQj5xhSPaef1f3dbkieSD5qPkYuvZQzv2Bu8puCoW2gxchfPsDGHrbZHQBVCYzPAC46pgfiauWx0oVgeDqgAqj2tudlUaO+9ZxiKGTtzrB37EN+cx8+Qj3wmgE61T36q4eEmCgs2Kl5ZaRWLzWhM5fdHJsq1LsZfFqvhj4/dpXK18QUeEBcElQOSitm9k4ntFyQez0U4ejyzPr3HmWT2HBpvBudGQnJt0ZdoEvTj4BuytZzKNTIK4/g6sdpdA1PC5wolyFbM0V4UtJbBlfifdo73zvOnB0YmHJFyFx4HVQItVQVk7o7BnxYgZbP7EE5el8XEz88Et02JxXrpzFMQLkHS+Bl0RB6XZQ9d8WK+TGzp6BCyJstUB9fLOo4S5U+oPSaNogb35QXQWjISkVhFyLFeIiRsiGEOs9gwv0v/RLP2e3GGsxmZJ0gQ02Kq6CE2Tk3FByYxwNWr4wURMZwCtmdqxO3TnuGwSHoev8jZTRgK/d0Yxtp5lwffxGq+Z8sf/Q2HtfdasieBLFb6hyrevAJDgb8cgFqxNy7tOJAQYZaG821H+b9KDkLeKbqeIM6j5PHr57GAMFi3QYyepoN4MsrD8J3HineT9+hvq4UtRREyvG5fMn/uAyv+Gbc7L1j6KUVCNdPYUmA+NZwa8HPfTjVC7TVSA91UChhKewoelHB3HGPBVgWCYQD+a8q5tPw0DQ/muSEWeYUSJNCIAj75abodbIStfarYzyx04Bo0e++r33kq+jQvNOpk0/ggqdwmU1jTwoWwf5vek1HYq1I4MHLZTFN8uKpw0VjQ+Q6o50ZBdRaIF0a3rnpA0V08V/vkcNigweRvkgImoU3OaIAbAkM7a01rBMsYTHkC+ZfZytk/FVD5OctXwlTeJzrONRbTMV19LUqOexaR8O/B9Nqr3j5/fA+vQTKX8NVDDI4GBPN3/hDdR2pQorTQdCa8M1SgSaZQbwv12tqpvAluhrSL40oc6TbtDwFDLlcBhqkjZnyrGwTPllSShk3PXw4jYHfTPolpgwwqZDfkakBIMXGPpy4avYaQvKxuPUg2gNP4BxKdPu9lfSQcCKvbqYRSolykRD7KdOidgBUfzlRPnpzq8YyinLNwwwvmRnzOHMztGOqMtw6oziBjt9y1YlK9KVkAEwri0pDDnG3orXTw1fd6nIHSYRnPTO4rRRHTpttQ8LLMKwXkr3606ijh8tdXibhUz7CkCXoenR0vbwEbw6ZGupuXKLR0A7cGbl2vRg4guLwWdHuyGZ5izzwmUj8L2TzlZMQGWGCBhCKgogkzn2V2npRhhRwJEg1HJbJL3+1ePFyF0yEp8XvEgh2L5FdMXnkzfvanCNQMaYFjI+p5icahmwBK3b/u/c7OhEIgoZCjlv2ikNfs5pDhIvIeigWSf4dEZfOfGaMnaLjJyLP8e0h0kKIqhcWQyqvNO1W8QtyEnQ2dTNEBjtZJ3gdDW/oRMQKfV3riMVcXhcIPjDCkgRh7LUv+YQp1o0OT7z6rCh0QFQ/eaaQOtYyPj5LnEMwmk6IMqOy5/9U6CDyM/Wzetbx+pTdsPR0Z8S06admt99yVHxkbvZZR+y0zgPnAiVcgLhpVN3jMqmlW5sJUlhhhWgITNRMPGV7gyiN6AqLkjAn8nAERnJPe+aTpbBtwnUcDxr0Ni4S9zSkjsh+VZ7/5YGodgBd3SeznZGR146I8KOB+pYjJJo8nmZDyTh22/6ZSR4emaCREBRzHv1CuEsj62MjuR2O8YFQuJhjIcCCS8R5saqj45FHFp+yYcM2UJRgrXlu5fmvdDW8JbJwBr/qzWHZvWKvwQuRHwyx9F+VOny2/vKNeVH7eySxHFEqvWMAek9Y2HhUyWAykqJS0ETVTI0mxgSgUa9/CuZmilVEO9ppl9GE/WpnHaUcs2ziEaLinBl13TVEjZcMFSWi4i7RgHZMPmqdPVwa7no2lXoqM1p7OODv2fznNDq9iWjL4MW/LCaBCQ518D/ye0UznfjHzxOlZmWB85SCwoN8axGQvWuzahlXToK81nL7jM59giDUFhQSEXz2Dnja0sVfDuc597fAINhk1gWLth9TWjmpR6ZW64m4Zg2fu5d1OF6s9Q+m0vkwvT18VkGOLbWcm+RtQRbwmHOI8TKUq+YScF/p4s0kHKNNFOXyXIDJghds8OBFk7FB9MrHCIcY0WEJeCNA2b20KfZ6Qizw2pfpz2arf1kf5Q1Fi0YLntxFZ4wlgoJFwOc/hlZITFtf9UuamVsTyiKKkGoWiPWcuL0mz5sV/kVunX4t3r4hN2OBfaZnKzKCn6zDnoDduDrwrSLBB+MSmjEgzDuU7PvKSGijn2xV1WvW+e9gBxTZYR3VOxZrSzkonu5bSr03cRzFZCRMmC1wR9VyN5eTsNsmKwmofUVFzDoPs2R5VO+6JkTBOG5BURKJeDaI/024AjMgJ0Zqt9KTFyBGOPiQ5WSsRQWm6MGiLmRr40oLt796zCyFb2g3G5FY1Uyd5KLOxwJGdUAHoQ6IAIi9TRYB/XyCLpCxwKFsDfpfUMImYYdHKkzrouzmnXYOucZg0TSblTjLWbqgj153807VBseP2tGcakAEUkNJ9sdtGMo0mmHRHcyW2zQdItO325LbU1RcXGZWUVyzOL0h/kVG3xpVIFV/HnTeCYgUItBQ7c2dJK8lAQaMkZt2FnyEnihACqhvISHXwWLhqKA99IPmR0t8yfptGU7nKKxU9WsoQ3Qj/SsTJBN5rxUHpl2Z/PybYdte9vnfRsS2+EdAS5Eygt1ELIuz0nR9hGLY6+4g1ytNAi9kyrX/cqkGVOUft9lPOrlPFzz2i5So+KIbiuuo18VbQVfuYNekwmLiaPp7L7wD2ZC3dwruUzCjjWVy3naCJRyDVYgiXERB1GtgbYPEaYofrHeU6G3QWDj3zIgSyVcmGAgJuhELtPffJXLrrUuYKuOtZKprnzy4BOw3et+38RBpRRWBQt48ab2RLNg65Hw0/1ZeFoS4bGzGHeYlrQWeCNYzyk+XAz/EbRGpsZmM6cQhI8Wmn4gEsvTH5Fqtcn4m6yZuqunBVL5PX+qEGQVtHaaYiL0mkRHcTazjO+bKQQUL2DBmsToXAryMpHw0u3gOSWj4BVNje6+ouXj+U3kcBzqyAsl9a4HDYnFu6GJ46BKYsjEcVlpghcyWnJ/fSkct6UUoWqF8h1+Vajy+msnqjggURtp9fYE6EUqmUnyx/Qt2DUX3fhuY19T+K37+DroADREmv0x6xs1Cvrm9B0rEmBZy9INJN/+67eOYEBwu86USzhF4JAI7Y88Ohww+SIjkyzjyjkXgv3tRX2Ah4gDieMrUGQ91BCK9EcOIX3lu6pNLSsYzNnyi9Lv4LXzh1nSqCVY6EtyqdodYcoXeVM88K2JIh0a6ywfMrsh8uIDypJZU7UR2TLYHq1FpWUkB+yl0m+BVIpdrp10MZQkdIpQcP38DfVeRm0Mk+3tfbMIg/BV6yz2AXxzU7voS2E7kRtGVOQTQeCm16nVGEZYCpfQXafNvGuFnCwW6+iItaUfrWIg27b33tVFMLkAzJMzUxFwnQ6Emg8glApttRVdPuVDNxyJziDfJkSL+TiXhpLTNUanaQKhWZ4XFBRgVBcYWXN9NsVvwx5rY3N6bPCrAluoIrS7ouxfdPlNNDqySf6dHUPAD+ps/FOIZXmC5fXEXAbtj8q7LTMLSeTuOkwgorZuajLFb48OniTD9Pbj+mAXnqg5F7L2VchIV0OikJxIW+UD20Jv+FLO4qqF47n4iVcGghnR5OqmEzT7xVkKKNfn6bEB7I2GXHujd2nb4fHqN3zzVuIxGTWFqxHdil4MW5yHWS9S18fLgHhleINzaLzTxlrq4UUhlVrI6LKwhhTaXPILx4VLy7UPNsui3WZZemOiJF3zJdcEXeLbLGXaMvhHlBSstW4s8KhsvZ5Q/b4JN4QMeSv0tyT06Abogx6WCzSVbthKnf+D8BaZi+42Gf7bHhblkfXqsYaRvqRnPmVspwa91GgCT/QwGyL2PTnbAFHOoGokoJ50ktqkyGv1DocTxjZy0px4YvY03+efJ5kUYVGI4rpMJdYGHsKHyFhYRlI16B4Zl3WMbOrkM74pWq9PBFe6kDzCtrxGHOyqi49qwYwjuAoz1HnWTsEgAS3AWWsKQAu5Kf6qK+J4g==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[16]"><TokenEntry><Name>SessionKey</Name><Value>XU2ybwob+938RwF5cOeR82IHFG1amxiiXTWwwTadllMSIfiSFMaenEWwpXgFE10qejoPWKTyHg1II63/829FATi0UnFiL0nyg3R88Xoie/CJ1htVu+Kp2C2ViXRdYo1JgtxuiUGSg2IROaXFgRHUxP3lFZcQlxgdp9GiTxZyPW6SEm+TTmQfd1eq4BBcZE+TK79yuTJ16rTNdZg7WyUo9VcMlQqBC7DflyRloSyGW8gy9C7OC9baF4wIM4c3ahSFmrxJrj6mvySZ8RDRd05b1hUQepVTm4ZSvMKdniq4oBzZc8/Hk9QMZDgmcvLx2Dgugt7NmvnFVGsHPrtYesF3GA==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>yaDShAdjAFvskImvkRRSL2882E9m+U/96gLyCL3nU5A=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>CjEeVL3FdwYhdNO0xXLpNYQUij84/REyHsIJ+LaptDF+2KUQHfQtn17NlHxjfyRdOKWaJxQuNGhq1Bz8qsukV7MXGUqTvHwA3sllzQQILhI=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>kOjC9NffSEC4tbhI3qSXBSsmq/nQvhkK7hSxje8PlN4=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>yaDShAdjAFvskImvkRRSL6m3BZ0XPRIJTA2QjvGj36A=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>40Ijrvzcg2Vs8i7l215GNanh3JAWpzX2bhZdsSdG807EeFaSy96lKZS62izGfgD2HZHEb+kPV4R8cadkgdlbydGOf+LgZ95KEzwqkQkjWBs=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>E/JaV33QRa+SrpnNCGwcLNOmLArnR7axWKwOEJfTjic=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>E/JaV33QRa+SrpnNCGwcLFBXQ6R+cI1mcXvzuVUjeg8=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>VW61ovCa6fLi0GLYId5qMQ==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>VW61ovCa6fLi0GLYId5qMQ==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>o+FBUas6rbQZq5tFiCi9AOQoIsLMiPB8g6YRtDXMH23IeUz1nlqcIIVb8cqCQuU0czQ8xqmh5egjVjUXBKowJg==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>qZ3SotEhO42hU7602VVCi0/+KIr/PtM1icOGrBUhrU8dO/rC9vKQ4+OwpHqG4FlVpOQqb2GsTpRva848yNMi5w==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>DDSlP8bq0wniWI5XjkqB0MxjhgZIBctLN/mvp6HE6Y0=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>DDSlP8bq0wniWI5XjkqB0MxjhgZIBctLN/mvp6HE6Y0=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>XUYxNolwqJGckAVhkMtX6BEwDIjVUgkhslhJMqh3sRL9sbeJnbrkeLbHiY6Tw12W</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>XUYxNolwqJGckAVhkMtX6BEwDIjVUgkhslhJMqh3sRL9sbeJnbrkeLbHiY6Tw12W</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 15:59:59:172 - <NULL>)
00010003(0x80072EE7, 15:59:59:172)
 
Error: (06/24/2015 10:53:22 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Norton Online Backup0x80070422
 
Error: (06/24/2015 10:53:19 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Norton Online Backup0x80070422
 
Error: (06/24/2015 10:48:29 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072F8FRuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/24/2015 10:48:28 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072F8F9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:48:28 PM) (Source: Software Protection Platform Service)(User: )
00020001(0x00000000, 15:48:28:135)
00030001(0x00000000, 15:48:28:135 - https://activation.sls.microsoft.com)
00030002(0x00000000, 15:48:28:135 - 0)
00040001(0x00000000, 15:48:28:135 - https://activation.sls.microsoft.com)
00040002(0x00000000, 15:48:28:150 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 15:48:28:150 - 0, 1)
00040006(0x00000001, 15:48:28:150 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 15:48:28:150 - 0)
00020008(0x80072F8F, 15:48:28:182 - SOAPAction: "http://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>p7jldb/g/RbpmJQjCeQqLPefBqSyGugsBxJc1vv/9r07EqyRKlG6PHeNfWGxk79WX7wOTPmUX32I1bAPnIDbVz2LVQanthDhQ0wGwv3/ZaIlNN5h36phDAf/htu1AhEcpfU4V+yOmkX6drim2KdmzMB6kcFn8A1AWajIeTfnPMPCmdyGG9avvMrq7fz/q0FmZbqNyTPue3qqG33xg9ovx+dU/smx9RBDlajinhKRm1YvVWMxFejMcwYp8gYUN/e+Y2DaXjrezo0fuIZW03t72jV5HwfZg9BzbxWZC3BE23fAzXv3lSE1Qb6/ot+OSI8LPue9lPceaibdXz+dDxpr2CWNtCZamxoVGRR1Zai1yy0QCcqDcSMTxhtFl8k24gxjg7ukZlLw7qCNsdjugS4QvUMywDSx2mo7MImq9x5V59zSt2Lpo/0pM8fEVFrcFgIa2IbBcqdwDZRqi56Rhxd14+PPyMZWriGAXSBfzCcb3Fq+75eT/CvzgV8KzwsZMgtpAHU7BOJZlKVoki9dhj5qUAKO6jFxT2Jiup2qFD/qUP3yy2qAcyKVpAh4ydSWAOwmaL0Vunjzfu9fWmlofSCkSBULntzhcLzn8yMydSgGHYdgx0j8aXtefYT9rnKPg1vhG7HGqVGvnX9GnbdQAeua23HVkSxRuXrJNa2U3VZfAa2MFvUkI6Iohz/QN7/nqaOfpgbEqlpZjWPoFv4e43Tb2jPBSwL9rSUcc8Y7mz3ibyuUEjtFuvjZ6rWOwVDIJGnIpbvwB5IIrjnJRZe5u+9uRR4H2vL7Sf9/CqGoe9pZttaoGimSFscZHYVh6VB38wUooLxz9bdLIGTdRBsmn1Ic0hkkCioNXSnof2RfhUoWCMt+O0mbTKsTHBLnv2XkLBYve7Zz3sOpR75us8sBDpE327mWxE6zZJ6mZuFWNFwf+87AWo2cEPXKbx0NxYr3YYlMxubui7vzzdlacyCgI6yHTXM4gAdvcK2eMC3yYtWWRr9b+AAVAEQxmf4oGj80kOEuJUMkQyOOeohpgSJZW2QIObKqNcNny7t7sX2Ipx8ScJuGTE/eahQA2UYlRN/rF4WIpRqrTHxkq5grX/Htxwq/FP4XUUhlDujf0anY57ogZH9QkpFyieuqzGIMqs9LOPDMcrZvW8aGOHtdyVVLQV/Gti6ci3UixcRnDJGVSAqGptUwOJ07FppqVakNhNElv2sceXgyETrH1cjjD0Hboy2SjZNjmis0eUbVfN5IfHzARzkoNP2zusChOtonuLYb7ugzA7dQ2EiK2S26n+yj0FvBSPen2reDeZlgsYgplwNnspQLDR7jYkUBWvTspXsR957vhJstgJW1cvLejoRiJWtBvbN9/kXRsXZnyePf5pZ7PJZPgmOyMDzLZuansQlA0rWz9k3mqjXEp0Y8lsLHBLveh6gqotDCNhoGTBYdzECqGDKYrkdLDA6W3RdQBuEF3eKranZBAu+PKbXaBhpBHc22+PdgsI0QO3S+EKgfFzQ14MLhVKQndpzZKtjfii3FrD7SZbQf/CUGxfpowG/uyhXpWN+Ctmq0mvUiE0PWYZWVYKKjO/BdMfKUJeowtx8db3wBoLR5QTMeV9NzS7wo6wzoj+wj+Xs8RSZJ+BBzPGn2u4UA2J3LYRbNrkLnXDzGO6zK8cUW+BFJMk9r6t6Y98oHbzn8eJe1bPX5+UPhk1SGEcDv8QR8g3muM/XSh+wprQKLrigv2HNfgSmXPdKiMVIbsvlkwJU32OlIstyguVk67WCvD2rriGZGu9fvh4ug8te84TguvfjFpJk6pBhw+1W1GZ/phsbWUpY+3L+qrMEJl3hTl765TFzcFU+QtKiZ0no7thousJtbK99iAV69gDjuMiccMTPj+peq33vVBUaO6seMEYm+2Sj4AU4Gp08RDJGRLaDdd0zlLDQMEF+7n+hxgn+p19GDgoSw95tVc3xyUBqyP3Hvd/g4W/Yp8tUX17DUpuMqD4gM7iunDInrBMTFIOLb7MBMDCA30hlMKqj9JxBXFdAFXrEEMercQP9IzIt6CpnjfB6GDzd45I/5b1iUjcNWnj7zyjzzVUTk5aYeNy0qNvyNJ4HbNiels1Pl+ICCDF2JAi8Ov1tuB1uro2cV2uzS66Z1W6CWJwzGES5f5H4KVj55XTMWHo5diN86SX93u7Tpy0GLE+xlCJWakPpuCUPqDCYnPJ7CtYq1ic6eR6F5thCpppZ6E3ZY6BRX2z15x1T7+QJ/PiUhI528Y6UK+Xl7vgPlva5X2kETypiN2iKAYYDbtMTklnmTvYmsrisVijUC9yBpcNQlV1380dYUu6AE3g5ZnIZmVswx67vahO4jyxL+sQEFmmvhTJnozXaH4y1Q02dquAMqHnvbIbrNHjPXDOEUcDK/4bgaQh04LoJNxwoV15fFdJX7knZnZYzHWsttmFFG58Exe1DT9XDAd4sPHeSv1uZCKaVAk9ebV8tQE2msN+ChCnuG1PGT4WXMY2g7LQoK94t9tXFlN1kbNdqx/oPb5Q1MzGh9EvFAxWC2dghGdMWHyuUl3ZF95riE9KTZLXImKr8eQMLZUhorFJJgg5jjkBcnRZIZUS9i/aKzhWjfNYiZXOpGmV4Uj1cLspOr8GHVBVU0MN3KgQwTBkf9merMxENjITTdV54AnJHsc71J5RsDK4upxXDnkyT7eoLTWWuV4dhn4YDkwG8sAeYakSQgacyzNit1Qx55qp2x/AsV84lth6432N/EtZQnORht2NATn9keYt5bxhiB2ju4hZ14aDKLsj/hzzxQGBrGu5AappAmu381gLXoIzICzK41IiWkkvm0vXItcd+xQjhueaBpJjX+QGoD+ZZPpRsF8PJImLqSkAePVfEr7+eS1BrAS6b5woFZ1mtlCeVestv69ZUkxPtxR6QuUqGQ6Y5w1pfdcdUSgo+I8xFIZOyFIKT0bM07/IRi0AoqUDIrxGBom40kZKa6cu8qyti49RUJMklCbFTDTxpdjBRG9RX1wpMx7GXhfVLUpkNqL7jxAw4ZIzvXS7L8i0Kn0gA8YUhR1/ygmuWj3CQR1S2S63/ZvHn58rJ2uJyXdoT3sTIEtoxQ0bC55AaPLyb2rywlTRaVXLnVxnxGvT2audYHZMjl5Ho5f4vQSVd1z6Spnah+M7yI9JrCwIeSSLH6w0TARgX6oleCOjSysIODI23MPpvXPD7JYemM0kanosWDu29fxWP8UYu3ywf2/7vYwZ5eQHhK5NE5zXhfZP5RzdZfVaR9nvpBFMBj0R4UOYxT5x1LzQ+zPKPWBaJop85YYfsPgVC4VkHJOuuOhOtWaUeUeChrkJJSgQzqqWXl1fGawcmy0uMaSrjWn7VcB623Ffn+UJGe16HNBh7NapYwJfjjBXAztN7JZ8K9oS+7nNneTGzJewsRg84a5BAVKL2nigTxyYFF2h/strBiDH97HG9fmdKTrjisqeZsqq4+yEhqzk0ICnj9A03CwH0PRTDz1jSNSFtQ13kTRjVE+v4zuv2oOTv9HxgXf+vQH2LLfS7O2BKy+u35KWxdyL1hylnS5tW1CC7iXUMG2flf+7qQbYxkXYfQdYuzX/Xc8XW14hL+Je5PMq1QM+47qrXf0+qqitMNpI1x/9EUtSJEpnrR90W17n29nR/aV2wQzIW4PSWKJfD79RxKUO+fZdoo9xAEn0MLeriHOYPWnt4iTSH7tXdj8oo+RA7TPS9I4pHY221bt6sQ8uCcLmzCOJr41ukLWR/qkQFk1Hi8I5jrm1Sb6I+3TbyVXjWFK/tpUzQ0NyHGgzB8hpY50EfIR2VWr27maSC7tStFX2PpRQb16/SYXlQreyKJvkcyufzeIdMiFcg05LKm5qGSdEaTJwEeaQxeLf09RnW6rNH508YNKzF9Xj71C4xBXE4nUGyq8mE+uEO4GZPrjIkOfDpCc2MrXgQTu0hQj3gJ/2kNMhynfzsZOf7YWx3xRE0BqH13PBUrSd6DR8ng7ike2MOz81rHqOlj1l8SdwQbcVig2VtjeNlcBUfICgdQdmTp9Yh1D5/GfYc5r5kYqmS08GtMwqEwSNq1IrdMbGS/Ur6OuNsNx3hf6t73uqsv9+5FN/GkTMCl/d4izd1jrczcFJY60mwJlrK7ucRVEB6jpMRqUzx2Eohju3032hLFC2mmerYzxHu5GzUWNnjBrUyWaXfA0rG/KHhyNO01uLTLQSnvUHtyGOcfGlELrrmC2aNAJL8f8BLFuX4QB008+FHlAjhM0CXjz8IO9GaVmnb+O73AWlfgn72mEoSRwJ/3uRmnjW7a93Uk9gpJuLMlk3Exre/UBWl/i8cHKiFH3kwkqeTpyhanUMJPaawwT/V7L39FNQzxvsQJdNdhgTj0yNrlVMwvp1C+g2BJAJBBpGebq6xNYsB3pw0aI+cyF98Yqsoz8KiqKJ/ioeSxYa4sII/QX7ZPhkl1stNz3kV6NbrrtMvFf/Aaw1YLFAqABT4582cd/d1+ZhQ89lTdyOlqiXy+NSZyTBmmXXiyLQEEJiTCzm2IttsmJtdUdr7U8bHIau+nSmIYAM8Y1/E49WZcYctd18yidRvrrR2vPop7msYo8ThZISDh1xQUqTbasodF0eAisT9cKceUu3WAbhOs8QS309eucSyAxsfOzK0pGsPJ964qzNwNutVcEZK0evX8FQSN+G+bkek/0O7gsXHUXiBGB9/FGWpy0BfJ8adMC9suo8/EsIXVam5Xq6aSgD7VTtsekIsKkUEQWqNSozFoaphEzEQxG9mKVwwX8Kq6bgu9CJ3Tia7YSiMTL+BPeyTMXUQ4hGhOOjsgy7jtgr0JVpRz9qhxgfeVh4wElXQW0VdjL/I78CFQlfl6C43sxFdhdXCTYTHPmwVoRbMyxFzMVb7MQzJ9OJyj4cgUWPWOeNaH4CmGYU7TBEIfKboqO345ncaO56LRQDPjS1TU3IP9PJRs0JOOIb2KfP+1hdQJpWDnmPBGihv4BgchsroPKYBcT7YWR5pH/wdULF7molBT1faZ9MBJ8+NekGkz9/2lT8p78fuYWGbWrFqlqaGtbtx0r5+t3hguMf8SPZk1BJcavZZ2H9whkCMq0+WUV4xw6mjcsaiId2+ZC2VlRZaDbQPeC3cUXdIA5k3PW7l5LWMxFDAvZp+D6ynHl/MP51+6eT/T+vpOnoupLarpsJfoI9CV8i2VUcVlft++zCzxRHXUzh83SZY+A4zPkXlkMNSuXZSg03vpHWxqF7jEkkJdWYWeO8CDwkfyWUTzSlNNkOUBLEr8/h/6mjiyEMxqz1Q/uTo8VCOBATRUrbS0MgJOmLdC90pQhnpr7CnJUEmMbkpM7qvvQkcJer2ToYHhoEC25cVqG4mad1mvKPtMRcb8Wj8yhGrduEn7ZrSQd4LjtL3kz51OmEkSxXyVPQ9BHsJSz9w9QLy/6z7p/p8u2mpg5JBSuBVg2cf2VQcVgINlybQhrY5aJps/GM+gE/2pLx60Z/UpciSNZVjeDHy3LyjObj03gSzZ3WggwH7ZWSMbBiOXmzUXEKe8crAOZuxZW9rD/7+Y68pRnXkEdvKmYLMoc2O/n8jcQGmuciVuA1xuiZ9h9dCL0EltosBYXvRurvKvpEZ3WlNb0MCZ2oFwpJasorBXsJ6jXwuslEtCRGqVAop7EkxRZk5jv6ZTeBBaDSl2vRagqfros3BYR4/N6JDpmfG8jvlmRqfWjw9GYvD1u5glDKuJFl+v9Ndv0FuymFNKdaDq5u+nFnODEK0+PyfI4JHYwYaFP8XtsKhW29Qqam6gy2j2xUQd4jeS6lpQzaEDmo8+T6QtjjCEou1L8H2FOC4l0N/Ac7i7DDhif8UKFLeCL5PzOGcYHHkv+Ch4KXJsWJPcRH/7ABfNLd0CPOdnos7j9N/gHZfu03EaPhsI+KFwG/NJu4UNg6IxP/N3ISgKEg4ABGHSVnlXa6QXRrsW9dTo98+uVqq9fBzk5O3Y7dJnvhsJFcfnOeHN2pW8MIhmd4ABixbOza2/QfwMSWLunzorwK4gtPs+yrOLkfA7s6HuI9VOH6q+0O0ZcjjUdu1HEKDnF9q454nHG6IKUUeLZknwdi/CnM6t/YNKbShPrskTFJRoVqN3cGtzp5zjjK56CCvpCHbSwz8iLPCEhAyRQyxLnftKslKEJJvEAaE3O6LNbZV/Yi0vst4uzry6jSlzRhl+/0Hp8TFub28cmzkOcwJ0Q9x0zDrCLOoltw++DKjl5nCELZwMZdkWfnMMZa/Ses3Ym4MUg7UDkvsmzSlOi9iNssAN66UndOdYUgUqhSIqNmV56h8IxX/EdyvDE4wEJkEFZrMuB6MaOwUFymxiUcJkEBPr4Zqidel1y6mAM3ofPm3WNlOjzXN66sZKI+hvxm/knO9rD1mFRWGlr3DBld0FfT+ht1NpCK2ol6uuSH8YgsvzfqsDqQp5FT/O0i/VN9x+Y98vBZwG0CXBGEkVgapeeQCiyLXybYdcgVk05+yarZ0GolxEehr8KSol5/tr9Bw0KKoERmi5Ou9rLICMMWUWrv71W0LTvr4XeFp1mFds8IzhtM+4pzeUvH4q1JfXN9m1Iw5STNQz4ko4WBo4h6JgG0gxLq/Wh/IP0B15IY+qbedLTQyJmrHNJd5q/vElu2ZMMupLKF8ENF5W9WB/hAYy9QEz6GhsCk7+CNzrUGyiF9aaQrmDRI50dj7ipNIzb/SMdiqfTjEISeFxxNKFUIbe6N8gpP2F51Itwz7dXvWFbtDv+w6jhRls6iCg33effsCmaiZ6GE+WV/M66IW5jTkSLnPgTJ3/XKq2jg81J7+69N/3z4qc+DdEOzeVhHZ/S0iWd7F7oh58sizr/JIIgoivUzkhoyGT3gStKCZN8/nlFkJZ80Kyjl/AH0kykQKtoAaZQF+KUSCLFZ/YgsE/jgiZ94F6aIL89BXmA5HFI0dDRsrCR70987t91WVOvNN+1NN15PLZUvwBq+r5Wzi7HtYaDewY3kVgaMBR/pE/YGqYrEQX2WqPl/hduivWTRHWLjp1m9oXy/TlBPUuryGtuoiTI8kUI6tagvr4JBWWSvrcNYExQg5lZlDH5pjVUHekG+gumlzhlDmbVPAJww53C2FMBxQcgluInEtSyoxLRKZLXlCmU0ygFVSiqvogp1J23r5eStvNHeyHjdo0kzXNynWnmLwFPXIaun/sqqCBpW46h2DoECLiXQupNvZMydNyNsyPOtFjhAhUrolObSlrt9g7Ue56xNuWG4ymU5Buw7OJEmlFrdGkHiZn6s8y2i/gz5O1s9HOzA5nTQ1vrUZAOmRkfr8AnDZlNyGHpE0h79IX6Hw+lg03D5iGrAC/8jViPGztXSxhG+TFhQnOSYP/s0huhWJshvB/tmPv90aHD8BaP+Gum9uw/Deyt9z4okQYJaSLNiObvtqUnL3v4nOo930ErgNHPRk6uz/iRzZFBr4VNKzsJ2O2piy3yrCceayRKWRhNrNzUqB0ZMzkZvBg+zM6dTY60jcAWzF5cEIwBN2pH914KpcBmE4J9PMinHa0GJ6Ac4I4uhmeXVAak/EL0qgKvWGx+uThhT3bPIY69toX+bvtDwf8vwGWtyiJwyMV8iWwaV2Y4Lp28YnNaljCCIT1+1gQnkm1OwDTKXgyfKYHVbmDBk5XKtSVrjKYKd6JtY0BWxe3XbM0lbQYLMWdV8oSjnqAro1ihjiiWC9yWc7XJcPxsh+ub0UiMOg8/W0ypG3nk3DmbALPRZqcr6gwbyY9IqbgDIC6z5a4yo3CntkG2P1hSFSROyC6e4ZJ71LHWGTqm7q7aO0Ar/BSzYp8joz/gAIgStKOpvNzmT8+x6LMVzDuJfGTWYUFMeBCXk3YF2h9ZX2e2elBxXvdpRLr7o7kZuwjb+sBdDvZiLSwfDzynYQc+1pU8DTag3+XazByGlGWsoDaSTA1w1lJj4kjTZlV1HneUzaZrfBPqbvOKhC5oSmJfgU1wTTxilN8gvhlyUiGx/JltBl6b7zMgx7rYCY5+ZMjKhwAKsMBgA4F8BB2gH6VHoVYLve+5FvwdBcPiCUpFao2fRH0uBeUtxvQ6VAqhbVB29SHZjAj52KHFJp0v4zo38nEGC6y1TQaUqlZ3WmSw4j+oa02s/4bUrkt8T7jy/il7FgoSJLURNrY1k1NyA5NFzZAZXy0voGpySaAi7nohMZnc9FuYCtGzhRQUdxJZ0ZMi9QhgEedhp78izZEiyAllQmtPe4yL9P0sXp9Hfb6hfaEYmvRG9F/52aWgvQB6nNkiPzuYZ85JH9RvAwTZRn6sl1CtqUl3fSEYfJ4a+rKw48BubZwall5zsNhRhDtcw1jSswH39JCq4BY4qCyRbxyEihgkNXYD37AvwB5+Dr9QfRJyGKj0EZcQBTxrOiAS/gilu26RiX0KS32kYxPy++KzfIxXvAtSZxv+Syry6GSsQDsv5Z9uolvJDumOjP9mxceYrMIzciZ65jZNuSw6yP+EU5nVEJ08iLdQp9SIvk2DLeserMrrbLjZZwFx6vOXGvhueOWllsKXtcY6BBUt8zBZ3gEsrF0dMdEFvnXSf5RCOSg8NALlyzHllUzk5ZzI6KLFy87BuEWsJdtZW7K7ZPv1t5yJl4B/ID0GRYvjsmG6vKHdFNT+wIBkgr/o4utsYaDYbtu7E8rK0jLbqNj5sph4QwN347yWW/M+fyMuevZNMCZo1s6OrJRJ2j6Eqd+Mlr7e2lS4kK6bvUPmen1UFRmnnamt6o66CcHCVf4EqMWdaOlQ/HHdB0uxVg7LQ7XHWcaTzRrDg+Vj672j4jdLxz8Kqsa91UA+4trVXGe99rYCf24GGMJNaq4LuLKK2zvdE7LaBjHYxy0HolwFh1fM9aeeWh0P52NjFciPmRCgdIXxmIxymiVP46HaIq1stYXt5Wvpbbv2RgQ9Oio7mVvH9OfdZC+xS7+BKW4mEQqBhiP9wr9IG9KWh/A4qbFTowGjs+UKpHAIh+c9eS16ihtqP821MdOyoyTbpYyf8A2T772BYS+AfGEa18tX30+uvkEn7MMS6MQ34QNEt43XsSFmHKK5suuwo4T1c0+paKtcgQ4oah2TwtPHHjBMWVhp6BGNTmtGKiXWHY0iIbPpO0dSFgHcvKXv4V+NfG269FW4amsyN70Rq28NhUaXSssQlX15pcbcfzSyienhkRMtMm/HcOyeiPidkXkUUTQo3xnwBE3tN8Ti1eydwHvQ+aypToNpuJphsMJh2UB/EpLUWhNis223rmqqUuYF9KvJVSOvVHLA+8T5BgJgIGldx2LDTC+uMvLoNJuYG19UFgETeMfW51HiVDs9ptYa2H4rqoP4AX4vY4iIBxGyZvdhch1Ovp4GNYzpC/pt2hFCquZ+cyJaDPMCw8fXcN+P0+4ABnjjrjGin/CnF9VJQIS5J0OvALgCg1avacRM/bM+gbnQONTy8yJrnQfkZP9dHJh3/FfJdEG0FG18EjHQjob8FRq+s10nJlw0q1ylkFp+QMeDKl5VT7EbGXvwG2DKTJEk/BluwmyH72u2glKXqo7NYwzDPsQQm3A1TRORbZ4s4VWnrjHr5L1bX64Fd5C6q/YmH6bvr06g5wF2SShuGXo0uR6Nw+2HL5bGdqiYmRToCc0dgZwjiQflDIc37ag2Z+wruTkGXIJUg/csDADzfSUratFsV2K114new2YHKZDACbkmorpfu5yd3DXM/KYl/qx9BwDgpUhiKrny/QbiHB7QpaHeulFfOAQAk8RG48sg/82jUInLFxEgYO2BSByhkR8ULCqXOEdxUFqsX+/ebIkVPdJqmeNzZW3MbDNmvIucGT/fX12qXNrEuP6M4Wsb+WNfmAjhDwKasVSzb8ZMWE3FL9MVeL/aTImEc2Z/KnckPfRQgr0hCfcm0Ll1lm3V1yVLtU5wpID0vkaH+zLQca0Wgqn3uPPD84OxTzg40IGIpjg/WKSdjTyvFkJQk3ZVi3b4gqa1Q9Yd0qKLkeW3nzlbhb9cz8QUXBvdAnvCngfOY8LZb7LTdasA+BT4jPAlUS2wTXn0r93BL4zF+QtKIZiLm1ak20MDCSTDzGB3qGU8k17iAz9Cnt7mOZtIXL8NrO1WNvrmIborbgvyXuJGKljfpU5a6F+Qw6BGUbg0eIv2+slXODeYOufQsvI71y0en/L96FXIKxO67yYJ5do6cXS4aZMhxwsXCE0TB4kBxCATOT7duGIA7XqXrxe1rS49AD76/INEnf6fYCrd3xMhA865xwLJStK+851uM4pkrvLdVd2mTqFxlCnqmzpD5wA+BK1PMjreVgSBYVhBRRSSqdD5rmal/HCQ9UTQDJ3tfckYrY6v0pnj1oQI9udOp3h8v8zsMGKQw0VRUpolcZ5/3+X5VegZ7BDvL3hBOr75D0wzT6+NRfVLiqwRMtfJwjY8n1PmhBrzNFHst52vDV2Zw7PAyEXTEhMxFq6LjYf6rd4x09VNYcaT+2OlWFJbXal9CG5kko2rA9Gkek3nTDMW40MuswIeq9w0t1x77h6L+UbwXDOLnF51xckdEOjQDJwNfwwGqhbDSIi9Bz/J48ZE92J1d54z96U/Xv5G9r0j8Qf9x8IDWn6PIpojVx4uJnlyVkKtX82wykQoCBnXZCKoNZzx78r/yfr6xT7yBg28aWlivY5E244Cog+tCjec8ykW0Xs35Mmw57AhlO+QCBo90rMrteSfoNEWPNdxj+BjUYQRYClKIrvDUn9tNNwqTae4Ko97ijsPgDVpWf+PTuc8Y7dfDmHfNUaWpD5CYaOac6iKQXUvzrX69jvdXqzcivshupkBIb3ewKwExrlcyJ5701HXS3JE6a6LD1coOKE0m0zx+//osneh3b5hgxXwzP5xyRu2Pgmad3Nhv/BqP7KpjpGStYNMQvIh49b4gckjnXyGRPbXIPCmmfHbMtPKxKvkNPLhn1UITIvKyj5OH6BSb9am8kFOf3JxemmD0ngHfS+mhN19lIK24zrgCOS1YIeRsrxPr/ao8MMlck0CA6rrsbrBnsevIt1xbKxqdJKyj2V0/M7o7uVesXA9S9WzX1KhCsrFp5gKxqMOeDzlL0w1XxUW7cnTZjSMzapfCaThoTfYxyBAnX1huVfPlrw6W94OZxVsou7WUjZtlpuqYUOiCIbjxVcSLcy21F5RKNaEpomJhQNLlppwE651+olvX16eTpvpBfWVvV7cgvIXz7eYqkstXyHfpeX1mztWHYR8QHgFQrzfatg0xU3IKOx9W+VpbwCyeuFVY6vLuiuMfv883fyMaTcLBk2FLYgphJV5b8SxZHMSCkVUoDjFisNV7S6whKBonV7Pe6F6a6vwijUp0HbcrUcsvHwblQXSnTeB8zt5bXe9A29Kol53khu9tr/pYMgJrUFljxwevPebhXh5joligK/tK9kBvPFqzxkGz+HTxP3bylHHzhLj887yEFx96gjYLl2XoBr0/UDPtFikq3nBAccKRaghpt3g12/xVvlQ/9H/ut8J787GJ919PAetPh6g+6keXO7UGUDJeDk0WiSYtoNtR26UnNRpNnuxgGgVuI9xMncpXspDetLHKP/tXS8NXqzW47gWAcYc+eWdUOIfmSrwSDYJQP778PktkhdK6oZRN5pGMzGpEtDwS46zJcZu3v9bTaiZMLA/WnPMwnic8v6wI9NYG7GwudMYWeLAlZ6ZHNCmAxn+n0Aie5x1TDe6lgEhazbM2H8G7yU6o3gKL7wRQOhkhiPhlgaV6WxJoH6nbRT++3+7P+BZib1NSN7wsZRC7d8jejAtxtBGFWrwLjq9iJx2YBQiVGVi/lPRdQasSGu1PgfPEjRyKcvhGsT1kLNj9z1fbEp0WwuLspES8MCsplLOCATirLXRuaccjLV3VgmxkOowUkkOG9meifbSrjdfHcc7kDAWFF0ce2k08qfYXnCuFLdMfei6tyEWoWnNrgLZvvx2nxB+55GrGlNpn0mQPpAUbzR0Z7BfSZAhUcROER/+cTnMrRKq1+3wHsFpIQROUPbXYEO84v2PmVyXsFfWvPfeHhlFIEp0eXv91ZgeByzJniHgbDozAeUovIjXGviYDOZ8A/XdLqzZx3MRpX2fMCOE3myAaT8mx00DFRWycMSxBup0vd+RC07/nA1YRlekJ+XpnaRdburt/KfiSAbJQLnS4ncBab3dM25JYLS+7QMTL3SBE6VzmEp4EHjY9SFEghHYs06NdGrgPsl8yMeYKT6CeKHiQ7EkW1YhVMc4P7/uJVQVefilCGMTNpdEPNbAGTCw7UMGpDedBUtsnxGKwLP+aGDbMvaiu1vmIl98J1cIggmU++UbdbfTEhBAIDYO1lYyNeVnEMlf3ix+MUYFwMaojq9r0dtNpJbB5pnRGDRpb2urumoTuPa5VqZutzGAEjKgcmCLYD9ZZlaybMG/445/AzdGKFV3NnIhBp2dcPQ0Odl3DejBjhOfUolzoxFfWa4DcGQsAJdUKR+Ry8ZtwR51p4wmDPPZmz70h4lgIvvNxj0ugnavwCQDcCEQCbPNcUy+mADl0BGNZop0/f2MMR6d4qoMudnqy59SM7RySah1NejgeYM2JmrVusZs4JgZC2tVkO0Yn2hsGsbcGPw+ab4Fs/vGPpxZhV9WDJh5s06O9o8zjd+KEVPPFEsG/sKnkAK5z5HA9RFYLiPzYMKaxbewalji8v+Rt6cb47yBUdtuxgHGcymDG6vEHlGhZP3+Yjc09A3+z9g9QJAp7kG25pNa5aaIYgb0C4ZD+7TUn9W/QTaKxJKnLgFF4P1KIuxJkxnJGNLm5X+Twv/8U5iBO3jQ4loOWbdSgTlYSWk0BISlhr6GoLirj/gXav5ImmAsrSQ27Pm9v9xj0zKM0IJBBp6vPM8JU6nUdUlsS5d0qIK7bWXJCV73ofm4aNwQ/c25tIiZDCLOxFExIuTFDmrgtNdkfZ8CH4WInltbT5l8UFk5w8LGVN6ABTCCH6l1a4fSWtu1amepLAgP21zQMrq5gJUmBXJgKzWCQanAyRC6OLcAHhbxwrXVCTr302KrMogcSxmspQ5Z+FRvjsOZykcABQl+r9THIlsgUaLFr/qWs/wz9M6q5G0xMbwHnYrc5LfZQrPVyeZ/QNS+3aoKSBjWq+Vvq+6DQezHgVgbqR6LOOfxxAOamoZOVkp5FqBiQUh9l0ao4WHsofo7cOjZfN700srYjEN4H9SrBvATNpuFyRLoiLzRe/SDALJS8oqGXSkQVw1PVfEhpvb3raByoyb6jrgpo7v1gJ+dvk9zgFgnN9k06tGQ48fJ9yCUkwkWfNbgEWz8uhZhaUu5u2mDH6XV4HP7Qcs81+YCyPZjr8aH6ZeVTt/V9q+ZgD9grnOhday2TIoDANrECntc0/2hkqans9/PEF56yPM8qVu2gXFA5BHuA0GldeXJhqlj7i9cROlQ51VOPKaJ/6N8Ehtdz0ZR6ThNePpkJ9vtkO9hO7SXTsvw+tUMz4WCklABMZd2gUUC5wzRqXvkjCicCl3m+uOtCW6sCk9NVVJRLrs8hZm7aKsf/L5ORl1Y6Bb+pYQRd+edyJZ3ulmh5mXV74uplT3OUdqmruuVdRQxH2xKhm+ilxh4g2x7ceO1iO/2Pxi2B9mX5w2O6uPcvrEYt8GN25BPGPF89iWvlG/t2kpCx5cpVEK5WIt8blhFLGyyEL4lYfFGoYWDGbmibn07wikZ9NKDnAf3btD24pZHz+Jxerz0NyQZJyW1lU+4a9S+/RE5A8ESGNi+77xgZWKyuJnXlIkUMgCUi4+IHCOFA3ABopvbUeM8DqeHWrwLOZX8N5xNy1n8Y80/Qnfs+V6PLUOf4ai/W00ghkeo//2vkQa0WIpF7drfKu/UfV4NAQPG8o9LyIAJ6Uk+DXHq2O3gjIS0vd2zvYvaKkYwzjFxGsf/9+8wr7DBADOsnEC5rJn+qUHtywnsD24egc8q0AuN6HG4BG8xVhnQ79H3QxHZOInD1oawGFKiJanrRsgGua+d7GM+6pAQi4lrO5lYK3yfXlQbIxWYkV7Uuf5DVX8/87FDYnuVaMH52tQuPGm3eSDPUrVCUasD+4+62GP89Os47UzX3GmepLroSVvcB3FJ/Mn6H6VXugy2pDKkyHUEoNOkU9GchGnDlmGI9AXXm0j4cXmkdbXErgxDVUcsMon1wJ3buHP8k8zvxfXwjxOVrOiaKU+A28Mp/p1oKVGCn5njeTulPIfKOBDD6h2yXnDSYC0VvysIpqDnrm6ALp1keC6+LEBFTnOae+VYWVDjp5PGwNTxWFmYjkT5fYnT6RoLaDY5Sjd57EaB/IHhiT9GSnE26vTWbXohQ==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[16]"><TokenEntry><Name>SessionKey</Name><Value>fTEKE+jeXsmljQBpkSagUelGsi36cET3kGrfE9Wql+xOFK8aBC5UEvKNsGiJRAUnjxz6gMT2KiWVrN+KFyeRC6OazZTb+W912akjzdruw5gj/Pi9L5pALJL0A3+mewWvZ11W9jk7RY98eYebD+ZtJw1u9tvwMe7jZXImZa/seUgXtvM3wbS+GA9RTNeCnoaYymn9tWV3qHM3VZc8ZUubhU5KVH/G1T9kkCVLO2lgFZKJUapnhTWMpWqcUXZdYPzvErbdakQLnAwmtg4e8a0RQCC5XENM/3kfSaiULkIk9o/8XWahfr5g+M6uN71ze4WQJyxA3bIWILi5nqb7UBrVeg==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>TdVdi09e9BfbrcelIokooB11HlfrzfwFpTirX8uIDrk=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>6WF6Pi3ZLLXVVc2uaBy7tSGVEbtyNZP+oQHI4bEcXQqZM3c4P1gHgp+faCjvnrKeGkRVgzlKJoFrIY5NLH5xHFiYJc9LBgVSNyYDQzpD19Y=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>YdTpiCNWCymlQLZiQGYbHdgoOvZAYS5+gSpcPSJPaxE=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>TdVdi09e9BfbrcelIokooCkBSgtuzs5VEwEEsVAobAE=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>toKfXwjolP1kZUEBDCdv9zGjDUl1NssdixmiF1OBR9ONwppDl3bZ+v7VhNkUusJcSphIyio/PkxBsZpcBzQfCpJNKFnevDbSFgbTOyVlNc8=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>uBNxKX+DCBgYMOWxJTyxCkgKqjQlVTl8s4pgRSLvpSU=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>uBNxKX+DCBgYMOWxJTyxCl5wY2YmYb+IBTUiAvurmEA=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>iVV2tV3JWvgXRbJfJil9fw==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>iVV2tV3JWvgXRbJfJil9fw==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>47oeUYgK/LDuhnmHNSeTNAfAA3GJuvxuBCVXzHdCMaUPRCoeQcFQdFvozU4OMxn2fnO6+Tdr4h24jyj7/ZrVHQ==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>U/hLtJZPMPreKNSkiH0ZLhuXBCv1ptV1FZpTUkndLYrwYxNLcshnuUMlaxCNqcaE1xrQFPqHfm97Qad2DZwAcw==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>YimcuRA6yuZsKXy9o6jJ8wjpLKG+8AKb/0gl0DnsOTs=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>YimcuRA6yuZsKXy9o6jJ8wjpLKG+8AKb/0gl0DnsOTs=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>u0rpGa5bH28OzMWBmRoIiHKYWyNN91xrh4PfXE8Bas0Rhij8jbrwckuNS1LTQB+p</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>u0rpGa5bH28OzMWBmRoIiHKYWyNN91xrh4PfXE8Bas0Rhij8jbrwckuNS1LTQB+p</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072F8F, 15:48:28:197 - <NULL>)
00010003(0x80072F8F, 15:48:28:197)
 
Error: (06/24/2015 10:48:21 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072F8F9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:48:20 PM) (Source: Microsoft-Windows-CAPI2)(User: )
 
 
=========================== Installed Programs ============================
 
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (HKLM-x32\...\{B19E03EA-067C-412F-A81E-271720E601AB}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{FE8DFDD0-A543-4A83-B7A9-C411138194D5}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{61889FC7-9738-439A-96B3-17AF981BDDEF}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{741ECBB6-1A0B-42F1-A7BF-76222734A63A}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{7F682A00-6497-4551-A2A6-063AE667D1CF}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9846E46F-07E0-4BDF-985A-E3FBA8C15877}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (HKLM-x32\...\{86CAC8DE-288A-410D-A4A4-0190060E69AE}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (HKLM\...\{969B5BFB-094D-4D96-AC0C-C1A2675DB583}) (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (HKLM-x32\...\{F72C6219-5E69-49B2-A282-331F80291F8F}) (Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
 
========================= Devices: ================================
 
Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Device ID: ACPI\SYN2601\4&3957B9BC&0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Device ID: USB\VID_0CF3&PID_3004\ALASKA_DAY_2006
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 41%
Total physical RAM: 5596.96 MB
Available physical RAM: 3284.19 MB
Total Pagefile: 9564.96 MB
Available Pagefile: 7098.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.48 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:907.34 GB) (Free:878.71 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\MRTANNNNNNN
 
Administrator            Guest                    JEFFREYYTAN              
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
 
**** End of log ****
 


BC AdBot (Login to Remove)

 


m

#2 jeffrey90

jeffrey90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 24 June 2015 - 11:42 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by JEFFREYYTAN at 2015-06-24 23:40:47
Running from C:\Users\JEFFREYYTAN\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-515815168-1746495529-2309485121-500 - Administrator - Disabled)
Guest (S-1-5-21-515815168-1746495529-2309485121-501 - Limited - Disabled)
JEFFREYYTAN (S-1-5-21-515815168-1746495529-2309485121-1001 - Administrator - Enabled) => C:\Users\JEFFREYYTAN
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07736EE8-2192-4E15-A52B-5C7F16BCC854} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {2AA17891-BAC0-491F-9269-913D94E05CD2} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {3937CFCF-EECD-4C0F-97ED-1282DA2C8671} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {84519659-0E6A-4C20-AC3E-902EEA032291} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {9156DACE-469B-48C9-B8BC-4472E1B779D0} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {B8DFA1EA-8260-41F2-8276-C7D4E2C68213} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-09-05 15:50 - 2012-09-05 15:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-09-14 11:42 - 2012-09-14 11:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-08 09:22 - 2012-08-08 09:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-09-14 18:18 - 2012-09-14 18:18 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-09-05 15:50 - 2012-09-05 15:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 15:50 - 2012-09-05 15:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 15:50 - 2012-09-05 15:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 15:50 - 2012-09-05 15:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 15:50 - 2012-09-05 15:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 15:50 - 2012-09-05 15:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 15:50 - 2012-09-05 15:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 15:50 - 2012-09-05 15:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 15:50 - 2012-09-05 15:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-06-24 22:56 - 2015-06-20 13:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-24 22:56 - 2015-06-20 13:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-24 22:56 - 2015-06-20 13:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
DNS Servers: 165.21.83.88 - 165.21.100.88
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0189B57F-AEAF-4419-AFF4-1CC3C37B365B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{56E1CFC4-48E3-4BAB-A573-3C9B21EA376A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8CA8B631-F2D8-48EE-A7AC-032E71050173}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{01004575-EDC3-46D4-AB0C-C9D6CC74F459}] => (Allow) LPort=2869
FirewallRules: [{1F2CE9B7-6B61-4F5B-A09C-8D65E48B87B7}] => (Allow) LPort=1900
FirewallRules: [{9C11C797-34F6-4902-AB57-D83EA639F86A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/24/2015 11:00:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (06/24/2015 10:59:59 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:59:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (06/24/2015 10:53:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Norton Online Backup; Error = 0x80070422).
 
Error: (06/24/2015 10:53:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Norton Online Backup; Error = 0x80070422).
 
Error: (06/24/2015 10:48:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072F8F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/24/2015 10:48:28 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072F8F
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:48:28 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072F8F
 
Error: (06/24/2015 10:48:21 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072F8F
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:48:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
 
System errors:
=============
Error: (06/24/2015 11:09:12 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a pre-shutdown control.
 
Error: (06/24/2015 11:08:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (06/24/2015 11:08:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAtheros Bt and Wlan Coex Agent service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Easy Launcher service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/24/2015 11:08:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (06/24/2015 11:00:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (06/24/2015 10:59:59 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072EE79e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:59:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
00020001(0x00000000, 15:59:59:157)
00030001(0x00000000, 15:59:59:157 - https://activation.sls.microsoft.com)
00030002(0x00000000, 15:59:59:157 - 0)
00040001(0x00000000, 15:59:59:157 - https://activation.sls.microsoft.com)
00040002(0x00000000, 15:59:59:157 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 15:59:59:157 - 0, 1)
00040006(0x00000001, 15:59:59:157 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 15:59:59:157 - 0)
00020008(0x80072EE7, 15:59:59:157 - SOAPAction: "http://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>Kg+kD7oT3e6AUJx8m07FKefL7jMR2jxe9QWiHcjSvNDXz3FffCboaAF1CED0+sgldD6oxqoqW/KgMV7uVptoTFbNwcwyDeTtmglAvsVhRGPe7weZQHCE9RxbEL7xjok9ulVYVCjMWIizN92F8OPdfi1hD84uFOvQCgYQpi88cVaQNNtdDXiloeNfFsnAldRgJFdI2EdXZh16kEKE7mY0S2uIjuxw931Oxk7eJujrZuNY5M8+13gx/Of0pMjaurawKGmsp0p9H+B80H1G/WaNi9Z8sMN0kpf+6kUvjwYOqpvaQ6jqqI3XWSwwudW+qBw2KK4dsWW26zkFKVDo8J/gJD35LYx8b0hndSDHp0BuOgqixix2nsP0YvJOAGzoHDkYB0P31LPKD5M3S4J8tsEpPTWAZLWPXJS+bVy8SPGIaM04UvHvOyneS2S/pJplyYZce8ESyR4xDwDY1g9GHlQz2pV+ZTBygMKK/h6G8CrW+nHJe25rT4I1qYkYUfjqJ2ndXe1MxvwOSAGnIKX0w68jmLhd0AH9rnPlJUHG1fX+wjgnjjpxxLHJwUg/kYhgTx2f9nB/MSR3bbkcDZZxqVOfzyl+OByxNCImXoUl3JFBn4uIRSnJQRN0QaOXOl2hblQIatfc075lImoN0DefYF2Xiz1npRtS8cV5xOQ5hQmi8ZKq+FeIWL30ABe4x6p2ZmxFf4oMrpB060C/2Rpe7Lc4BVmZiZvb5ls5yeQ1a8K1FsoFdOz+S8HMLCMaKYVPoRlvluZb+bNaLPn2A/Q4NWMZ8Y+ptrDIPUZuuP7/RBRlWZfj0tMHjDsKpkIFgRWX6t8bBHkddJECNf1BGSv6P9p6Sbch+erFGDMIg6dg8W6lvRFSnzqbCWADq6DaLWHUgAHaMeWVDETtXl7gQM8HvZNv/qyPy/i0f88uSRNJOilsM8ng05tCpNpb/vuNbA6/BhR0+OLPUx2lCOnupm58ineGBQi7HpdZJm/cxM2bsvGgG3ZNppWq5YQ8JNeuJnLXChLJU9Z2rfaFvjjD5tPOYQkorIAbO4V1rStezYK9FE14EJDeuV7VQRoGZG6uaP34re38NZAqBRFWCJ846mc026lu96784GSI7D6vk2gudU2xN/gHzkTllco0R7kKyHwRKFXkHZG4rQ2c7ND4KVAbt7VLOkFgcruC+RYsfpfZ0KgeJRS0EEvtJJpkPq6vISWAAIwk6vDspoEcXCqGC6/BOQWIOlJAid3jWq5lCagExP2CIv6ALLcDSH04DV1d5ApWQ/b3ExumxkxxqRd/S4tVOxhu4nXxtftkEL7rSUd8JaQty01hLX43AFrNzbHpPlAo9j54lMy4QLhwsI52ZBQX7cRpbTa0kUdCmibAq3h27tM/xlHX9Vv0R5vgK61z8mjax0FhImb9KjrzmWoxuEnzmSa7vq9LEy+FxtloR+jU2QO6eOfkt0dcRPono5p99946jKhPZXtnhsho60mcntdMekxmSnV6duSFnbvYY0eP9I8hW1evSle2EqKMb/Bzko0t5wYBHPpjzIQ6kmMaV+Vgi4zPLC93zy8XG2td3fMjJZwJpMzuk2I75RMWQba93b4ufNhc/ns2ufUcfgTFu/MHGPokZTJSaAd4O+hOwRQW+6ZrdWTx3Pk6rbSpUNzafHPt6wKVszVB2ZS23lIU7LErpMQliE9d/gQHGPxuy6PiARX3VQUS6XlxGRfAHd+pYynC0qmCF8MHKELlv6rvo+EM0yiSADhN0TGSIjlqWSxCc54cgJA3lYxsE5PC8eaeXcnjzM9NgenRlyzszf4FIV9sBzPA/hw6S/mbml2E3WWc9xcQhAS2CmRlFN7GScojTb4cXXhNDv/P9eA3RnTgZtlqrp7R094JE9wOmYL0Y8xDbATnjehZFO4EU76+rBN7buf118u28A0iKo5aHhgRCK/EvnVgYXBn8fIp5UpcK6MqMePIAmQnv/FuKBp7DUNdelM0s+iYpi5+/rohSQ7wqUf+v68DG3Gk+shwBMEShkxwGcxYo30osloa9eORkAzMBU0Mndk0ag3AjGmOHAeIIHtKZXcYWgy9goag/wLzQ8U5ySJRg5varErJYIlnUykMVFJ8FkE7NNAuPn4Xu5BhG/OK1foGNRLLWpgBc38paCnxr5RBJa3yiDHQfZk0Ab155JVJduJJ7WvWbUU+PNx2N9Sbin3CT8YvQi5ii1VB4xaIHwqDNFGb7gaGK0nBkg3PMBVQadFp0GyDzRinoRiGXCatt7uX3l0Wn+OHRRL1k935oQ0aG7ye/jla6NyVS0kt+D7fqppk1xB06fLa0ebonGE9f2x1yKwcIG+LOrkf0KVmYr+YlsgjVs0ycFRAWNcU5lJlBJkXHUizMGwAh5EiPZvGwRYoLrTsIGNH+y0pGtHUhwFnUfTyOGAxkXzTCVbmHKSAZDNSntX1d475Rb4L8ctkcQeQUzIO6HMeGrRR1eiAJv1YUvgEe3Se4hKVQSIJEyq+xTET/gRw9fwjYZoyLw4MvH0Ev9P2+TGkiLumB27OwiPJUTB3CGYvFCqDVhYjhuV+Nsb+RMZUZIeIBTswlJhvf0+/RssfMNUsTxgZPhy1gdJy7mPsWcR01Pgjpn2zpJ2rJdNl2QBKLpJ6tiVvGZY51iIfzoFeHW0fbIsaRJPC+wlDiqrhIsVSBpdHiZc9FfrZ/rmDm/7gGrNSmhXLRj6ejNtaAqEDaql0bDc1J21AiEkVOy8Dl8bRLD4aCalFzA4jqiRM4ylycWFQsPVoicaWsOFgNEeOzWuCgTv1v9gQfMAi2qsqSW3Kwll5KMSEQRrKQT/En89XSl4qxM/Db/5Km3iEptnAmPP4qBRvOtRGtdo+j4Z3Fj5OHYsSdwSNTRaNFt+/XGNnxOiP7ehLv2jmQHpJnO7JgkAKfsCYsyy5pLCVkJQJaGFtQ9T56GRNbfAyVzTomL9uVGco5V4cy7vPO2Y5tp2LK+iw2Vu63PJ42CSsLrqdTQ7hw/iclqBifUr+9bkMAcQWlA0nkmfUxZgMZQzGaOqfMnbB5NmkeKs/aQ4mTMBCwmZPs93PcRbEBkZiL+tOahOvj6z3tW5uOHw8W4YowlQOCWQ9kAhc0OVjQNL27EGk2sQpNgqgpoZMn31PnqnOSQFrX7s6GUjl/phMH1Lb11kxwyBy9S2vakwu/u5IxwtZiM+w616iNz/u/uT4oyUI+7+7/RYJtAqzPjchtUJbNNDoOnD+t2LHtX/9RyPKypedbuFZisB7UVvAbxWqFukAMHDEibU95kkNOTlaRoJSd+PyR9semfPp3QtGdc1qVhw6sAugDuHLb7u3wQuX/bt9/Z9MhNsax6aNgKvwkPiA9Ez+oHgP0K737iHIJIQKa3YL2MoB2O8Elyk5PFBu1tnXlHeHu6xAtDOXEdLx/qCtAbUeJwuO3g4T1sK8a3znjoIzBjkMRAuPpIUt2Q7ZDKtKDzVCkM7Ezn7cBwdPrMQcsORv29Qb0MRJWAegtYm/ZrZ0TWluNK7Zd85jJw1jMDbRnhI9n861+MN/x55s8LSuR3nysbrXwWW4dTlnx1XYejLcNTjsFAq/8FejzV9M+sxEgsnGxXuLpnbeHGhuzzbT64D/QRSNmEMZhjpeYI/VUGlc5OfKsK6GVfY37JqMITpY2WA56cbMHDWoL5sDaHB4WalURNIEd176D+JjvMpQdKQCg5y0ToFftjuAQHewdFPRBuAboQSYL/rbYEKbx+cqHaOSsLRB1FSJXvZRpWrZeYUqIyyW1JRpyqOmU8asivmwtVW3PGSG8KQguugvZ+zASiaU0ow/0GOPIyVap07H7/vxwHCYV6WwZlkBToIIWzaIl8TCSpziu8Vn2yKYPLaJ/sEersg2IBXIpeADqxz93Y6VfnlqU+Y5KUls3Id44zEBuiE5fM4XbFbJ8OD6tKbVWJBqwLc2QQAPaeUJA49algH21v7cphk+T6fm1jRebJF0FbrlIKvIMtV8RfzcBfCK8AtcPPB0EUVaNkqI6M5n5MhdF5ty6tusypQ2Jw47yGIDxOXGRIGdL3NMisfhaYMJJEXu9U2tOnbzxmwENDx325sz8AwfL9uVILo+3ta/4ugZZ2CtbI4pFQY6nfoRX0CKi+GSR0gn2rgJVoFEJnHCwgDNX/+8tNkeyYGhVyx6kE+rbmxfNpt/5jC8g8elL2BePM2vUN0KxUX7lPOiVxvnOPsDDAPzoiuUNEIGLvvOoYFacDnOalklmD8U9mur6cc0yKhtXP1E1KH6S5hjaGL6M3t86RkY8d7+7I0U/sTs2wYdCqDwxXK4gIZRmahgYYYTJkm4e5agLUNF2f55euKp3qgKREUguxFsBkohRn+fL/mL/ubtQGg47JHD6o/XkEpCYRmsn62wEefkNpa6ss7dvvikgjB2v83jEylwqwLwg9LQFjb/XA8MpsNdlxk/NnAuFGn/Ufhyjb8nk7FTkNXR3Z9mjLxPSd1SPNVnVwVdLxA+3pWVS1hcpMhEGlwEpYAn3BlFcXsqp/3XpauSga7nMCtJyL3rBolR6S/KvZnpoCcnf4a6DQK2oXaECpXnru+ceKfg5S1wwEQpcoMvQwvItghVD2GN0zOs6AYvWEU/oi2icxoff6VSSetKsqtrfPJzkWS4/e3rhOeZgYSsmwO9TE2NxHO/si3przJBeRrt0o3CXaIu7a7XUnaZlq3yiz2INrKrGrNRptxub+0h1opaudJtMSsMdfAA7TEtsiuDZXdEvPzdM1gQN7OCgFAl1CXU5y+4V+g7QT0DASdwoMpNPM0mcjhq0SASZCZJZ7rxeeSXkXOiKXCXFeYGzIAXUuJMaw0DbY5cYzTN3zIehrokcptya58VeHeiwSR97tcGyLHxPjUfJLR6vNvWKYyfNEVU0MeP0hDzkFDmod3Xw5mPQPtxw5YFo+BEbR+0bcynnDm+fjDiqV2t8VkajnxwPq81NA0gAXVNEPrwcOwicr46VVUBgGKwfORliZsO9bkU8W3Dv6X3oGyMYvJXUFO4n9hLaKYv78uDAVM7Np102tdvwj/Kf1nAwSZWtsaKWi/KUGGEaXOjdZiBJX/+9vW3QotVljn6WzGT5NW0X+P3q1H4n6wjJDDhOJwKAQ3ZwY+VnAAMm1AuOMJNbq4qwdjLzR6bFczIMuYDIco5dUoX3OZSuzOxvOvGpR0xeCpMidW7AyEXLgiZ6qaQU6YzGKTsNMMm2GIPNW4HHu1+br9GWfslBtQFZCslR5qKh/qkojzXowm8WmEw1dKPuURyFeEHcIE1Sc3tYmEqVNVkfyZtH8ThG+mp2DZe2SJhuscRF3g6yfp9xEP68WKx/e3aQSXZAf9qT5KoMVytp07B/mDhrUVMErWu8wYYyAFLQP3P72ogsuSlVQ4DomKmDkQcjtWfw2Br9kjlw279+A2tDYO/2dCwRrCbs2nCGsdGcrqBsXAl+zKr3jBNpa9279w2VdTu0q7TypfaAFJSFvSLYtWKRt5KG546UHWFWNHZNiPuGWGmiz2EbSR7cwrpgx13P483J8LB78HJJyw6udI1oYifc7K/PmwftTUQeoXgACJ6LpYsqCzs6XWqnbo6chtcQi1SQSGmf8bN3/JRDHBBAjeq1O6fdnD7cNnl6Yi59dFI1VSN45gwiJde+P5SpkkLcC6nhisNRe8xUC2vyOWRhqeDNoEr5SkhWJokmeeOe0VTWKRmlFcCy/GFQqz24trUs1b5Dw8WSZR0TXv+KMyPC135UpUjj2JtB+SzIl8RbVymhS4YLWW+iwtEuadPYKQ7pMxMEZwVwMhrynwngrQiIYyfm6k87rAXbd/EsMnzWC0WX67+pAxJYqb9pkMyWD/tVlu49eV4atp5lxbzAj9CHzpF/XNCgTicUBeENrIpOZpLrejGZb0nabczcyuLYG5R8PH0jeAefd6cY2FpVsOnfZ7amMqsZwHQphk5fot0R/5wb8GjEkMUPFdAbDCk8a6gSp6x5TT1dtpBotYOS/HUn8Kj5nHtYJ+OtkuKMvKxmkaIqY2+TUHiGakYiviS7puDI8f8zo8vRRhYjPOFaA6rauHTm/yXK4WEmoUCfpEKtMAN28uGg2m5bthlXpK+BlBeAtAf4aOAT94igcaWYRbcIAcSo6JUeZBwMinOt38k3TUOQzbl9c3OFAYONTEEEQDPdmClU/1AIipZn8CKvHxIAOyidE8kJ6tAxEP15L2uFM2WmO96cL5whn95WuEDwG9nc4shgwIbS3EApjTfD4ceFs8pTSL3b0uvZ7oO1FjvHY+hjf1FrxXcD5PAlbf4EjZcIiDXhgfd1DAWYLSFLP7xUDKYZhlLGkCbGZcrpjt8Eih5C7RyVYw3WGCOLBulXhXFBELAetM1Slsq8ZL2ir65UMNjh9clkFE6jfSVWwhoupEHJQOo2BKoNx5CmTbGWzyvCvITrc3CaC72+GCHT7Xr4Kz3WWpA87T0zQ4cCdSsBJxIBrUK6L8gwcUQd39x+CRkkPikxjwZII3RA49hXuvf6ThruHuT80OyLV1B7Mn/kNAosAJwQPV1Z9yXAQoOW5hLqMcnLpiMsskue7RMAqCH8VzODy1EcUcp/y4lEyHLuM6y2uj/YRoyJtKr0VjU5Hbi9Jrw8cemaF0EgesMPD5Qgh1V1/hhlWFGe4QkiUTCxCrEAsZVtKg8asTputXdDg2r+D99gxgd5Kizuq7Rgf2koCFh35IPsXnVINV0N/ksBUmeKwjVa0m6Tdr7ZUx3d++eodZ6wcYFvY7pW+fLcnuM4tJ/8QPOh/N8ex8DoI9IAb7BOoL4FhbPFuPQRDa7BIBVnPxhTMcPru2ktaeeGso9+LgV3wOWMAFYAKvHfzMM56qoU82DYhzFkOStI6/mrpyIed1TSXv6/S/NXLLjF/HFRMM3559yGmtTxJUVqgN9U8qfKmkYhi38KB2Ask3lv57y/03iGYsZhB7Cvuy9YZ4KCRpOoAEN114J0IkFmhMeZOEmGkZZ94py+8ZuibpyGvJMfMpMgARwLsfPsWPzF/qgtdASIX0CeacP2OCibE2jDrLTo1PvJae+9X/5vIpi2aAUmgUv7pPhfFz2yKoqZedcIaRo+eb2gzOXiPBvloCU8h3hOJ1DJUqhOgwB1uLRGHBVn2ytLTkHUocCVo6IvD8Ku77GTalHfUTbf1MEwg4li1TmWd7Mo9QH0vxPRZ5vP92WccjFNCchAOcSJLY30aBDDoKyJwJLqksvKiErHZX+FEFcoyNaxNBlU4+7PJpL7FuopNutB1205RRHegk7R/f8CYR7i23zMK7uXwjpeSRL329iQgmHn+6NMaiwbZY5OKvDMpkpFNQIxeYmF5/pHHJzzHBNZ9Pp5hvHeC125Kxfr875pAXLLhrksxJYnFCyaWxHhhsnx/v8DqzYDjCQ4g+atDuWXJC97TtozwnLs+8vQgtg4TicN8y4C7fCxQ9U9sxctmvaDgQgopGJC+1dDzHbm3GMYXEgokl4V2sGLxXmIHiYMhkEow88kpFLbPw0raiXoZC2WbRbXqW5YLnOXBByNwLUKZTEAwWPPTtFVavGPxVcaZ8GtjftLYlcICiBTeEBJJPUjaUWjMvo7NmkOFS9gZUNLj+apkyNv/sUXAufqasrfcKB3RTEkcfGdApReYIKpEhVOXMgeb4R72JyULaI+HhVpa4pv+rvxB55D9AuDDMGJpLghCiFjZUAXyW5Xrqv5tjnZimAEuVDPlVT3x1+5HH44ng4GDGEYsEqaHQ83jwy0wWBGB29Qf8iEcYkoS1VBXvaavC5/lHTK6Tv4wGWeNXiit6CniAutxZD5xT/f0puLrm+wS1pcefFZdV37bPti59w77m7Z1GqSQBOXZJzb0uBVBdORjiuo2/wiz8Z0RcZhQImGwolF3u5ayQLcOHs23Ousen44xI5LjEVBx2vR1J4yXIN2vxLWPSUSZOL0LC4uHtS0DMoFtblGZmFqrtseoUxPdNiswm72X9FPAZA00fa3aR+a8ufde/z46w1b2knOO3Pf5nhZuvBr3mLoZ41lVU2cpw+wYGkPTPd4V0DOsOK3jxvrC6vbzVVzkNhEn/gvsg0cl6ZLBmKA9raM87SK2zIwIHu4ICxRdSPgEcKr9vCeCRVAj2d7NW/WLzUhPKKxIqKKPqlc9YM/IWP4OtgQ00fao+lH+HZZ1UIIQhk6KjNHa2soj01mLe+jtDhv+jn+4WdDS5UFveWwwGBgBuLavldWEP11Gry90c71l1vChRSkgeGpD3N0aLF2aDGJFYwk9tEaZ49aYFqvnzXEYhfr/TdkocbcNZQs1ZDCyOtK9KtXhqenXYE83PU6g6edZPR5WbxL7bx3Q9doOmIMpS7WrRUamNd7sKqIb9cX1zmLNmJPj3ipfNomogusiag6oFH2Bj3djauJ90qswk58utbs/RbTjXchV5uYguT9SvcYqgOe+2CHJ/VEIYmp+im71hrjBLroGcJS3zYueGr7o2qHGiKLskU4ITkHNmuiB3r7K3jg47PTVmO1KmoIkuVLBs7ts+Q7LvV30JF1y+vol9/zFe8Av45A5KR8xomriVE8e+0b9TwsNZs/+N/OlzfCKHx2YrAf+frV526DQ0A3Pn3JZU0Dmg3xfRPGqiPc0mIhKHOvE6Ghwaeylu86MFS3bwHjs1Z7hTpdeRiFofnTg8vkqdNIQLiiMbJZHJu0H4iSceoNF6K64CosthgG1g4FihjXHYbqj3K9DtaktXI/tU2lnuqAGrWOwySrRSVgxF1lkFJGPAuanizZ4fuZpV7OGLxAQN6DFaI8Usxz75sioArJcYbobahxEdxnwI/Eh2PeaDr+Q5+nnIUvVK1WgjqNU/+WO0SM3eyA2XHVoEG2mN+9r5rbHRhcX2mN1yJ4IjTYA2XeZztBjjO09AQNa08kk0Vz8iAKrAs+Wh9SIMyvrE+XUALLgJ4zkhY8eQ4a/VSNh8qB/j7eJQveXQxTs0kQjavBC24rjDAj0O1vcKyUoGH7aRUeqEEUOEx/0l09FK3su0QgVTAbISPYyhIKFKbj1bzlC2+Ww0V+O2nkYdtq8Vp0YWUvO2m8nXZQeEptetexIZxDuaXeDNKvuAOvHLvPFnHyZBOYysDgND9p1xHvg/m+rXm0oLEU0mJMQWOlMg/KkiQmp0uJMVgGsxVNuoOQSsv+Exx20WXSHMjuACqHm8bhrLIbl4ms2UM6xLgVscD3mOUrYXcDpj2gW0fnLi1no1LqKNdw6KOLOORMDq5m2J+hkwaJ1uBRWov2wzaEQ8wDuuQLd7M/r7nEpN9L1MOodnB8KYQt5Lh7Bmfyv3OrnmhXwQVuVhfpXAc8JRGXe9osKW2GmUnU+Of0a+vo6RJt/jHUteLM7+JHu7anXkzoOoU72V9/7+bMKyELttFaQ0BWYlgazlM55It8PLnTXU79w8O9xZud642i0Ck7Pwml7uor9gLUlB+Bn1n5534s48ym8XCIbHZ/vBGAVKVf6+Wnp7COh7ja6hCEuZd8CbST0Xtkz0y3ynXOTHLZGOBJTLi05vU5l8hAM6WbqZI0jDk+P++bUATHyoyRUpNpVG3zPqGQbSIYAIpw1FaV7lTOKL2hp+b+UiVt31One60JgmVmgX1R8/eMyxWPExP/do8iOafu4UQPyLIgWpLPPdb9KCRtZHRtgS0PlWeYbzYpvneUnSCphJHqvO+3gV/tlr7luiIMDdSp57vyR99BpjIJsa7O7lProq+Cka5xgo0P0kb6Q3o6Z3oJ7bTUIJFurfbCYL1FDRJ0NbAVlRmhaRS01yDWcHQvGAQzg9XOpotpRvwJwAcT+tVXiv0HP8tbwykrfDuzcOH8DviApakbtjoL7z8sP0sAFU/67ZLe1WbigVaVSBuYsAA10DW2DI0FpaD/UUAbu73cNNSBl0T9pWHC286rAX6JtgxF7WWyJAS9iAR6IULtOtV66Aw6lkwrJks7bKA8cUXyaZSUdak6Q1csFliZ8WBybM+Fnx8FbhF2h2zNO82YkOLAmOLEaq9kZ2ywavx+6zaSJllroXnhvM8CvBOljQHFf4jxiUbQPKSu2EiTDEeZTjFupnyeNJldPxZxUP6LdO03B2OhChe42hhfh/dV4Nd2bDD7uKS0XcTOo8g3/Lb8PjCvcpErbCevzgKVkvCQj5xhSPaef1f3dbkieSD5qPkYuvZQzv2Bu8puCoW2gxchfPsDGHrbZHQBVCYzPAC46pgfiauWx0oVgeDqgAqj2tudlUaO+9ZxiKGTtzrB37EN+cx8+Qj3wmgE61T36q4eEmCgs2Kl5ZaRWLzWhM5fdHJsq1LsZfFqvhj4/dpXK18QUeEBcElQOSitm9k4ntFyQez0U4ejyzPr3HmWT2HBpvBudGQnJt0ZdoEvTj4BuytZzKNTIK4/g6sdpdA1PC5wolyFbM0V4UtJbBlfifdo73zvOnB0YmHJFyFx4HVQItVQVk7o7BnxYgZbP7EE5el8XEz88Et02JxXrpzFMQLkHS+Bl0RB6XZQ9d8WK+TGzp6BCyJstUB9fLOo4S5U+oPSaNogb35QXQWjISkVhFyLFeIiRsiGEOs9gwv0v/RLP2e3GGsxmZJ0gQ02Kq6CE2Tk3FByYxwNWr4wURMZwCtmdqxO3TnuGwSHoev8jZTRgK/d0Yxtp5lwffxGq+Z8sf/Q2HtfdasieBLFb6hyrevAJDgb8cgFqxNy7tOJAQYZaG821H+b9KDkLeKbqeIM6j5PHr57GAMFi3QYyepoN4MsrD8J3HineT9+hvq4UtRREyvG5fMn/uAyv+Gbc7L1j6KUVCNdPYUmA+NZwa8HPfTjVC7TVSA91UChhKewoelHB3HGPBVgWCYQD+a8q5tPw0DQ/muSEWeYUSJNCIAj75abodbIStfarYzyx04Bo0e++r33kq+jQvNOpk0/ggqdwmU1jTwoWwf5vek1HYq1I4MHLZTFN8uKpw0VjQ+Q6o50ZBdRaIF0a3rnpA0V08V/vkcNigweRvkgImoU3OaIAbAkM7a01rBMsYTHkC+ZfZytk/FVD5OctXwlTeJzrONRbTMV19LUqOexaR8O/B9Nqr3j5/fA+vQTKX8NVDDI4GBPN3/hDdR2pQorTQdCa8M1SgSaZQbwv12tqpvAluhrSL40oc6TbtDwFDLlcBhqkjZnyrGwTPllSShk3PXw4jYHfTPolpgwwqZDfkakBIMXGPpy4avYaQvKxuPUg2gNP4BxKdPu9lfSQcCKvbqYRSolykRD7KdOidgBUfzlRPnpzq8YyinLNwwwvmRnzOHMztGOqMtw6oziBjt9y1YlK9KVkAEwri0pDDnG3orXTw1fd6nIHSYRnPTO4rRRHTpttQ8LLMKwXkr3606ijh8tdXibhUz7CkCXoenR0vbwEbw6ZGupuXKLR0A7cGbl2vRg4guLwWdHuyGZ5izzwmUj8L2TzlZMQGWGCBhCKgogkzn2V2npRhhRwJEg1HJbJL3+1ePFyF0yEp8XvEgh2L5FdMXnkzfvanCNQMaYFjI+p5icahmwBK3b/u/c7OhEIgoZCjlv2ikNfs5pDhIvIeigWSf4dEZfOfGaMnaLjJyLP8e0h0kKIqhcWQyqvNO1W8QtyEnQ2dTNEBjtZJ3gdDW/oRMQKfV3riMVcXhcIPjDCkgRh7LUv+YQp1o0OT7z6rCh0QFQ/eaaQOtYyPj5LnEMwmk6IMqOy5/9U6CDyM/Wzetbx+pTdsPR0Z8S06admt99yVHxkbvZZR+y0zgPnAiVcgLhpVN3jMqmlW5sJUlhhhWgITNRMPGV7gyiN6AqLkjAn8nAERnJPe+aTpbBtwnUcDxr0Ni4S9zSkjsh+VZ7/5YGodgBd3SeznZGR146I8KOB+pYjJJo8nmZDyTh22/6ZSR4emaCREBRzHv1CuEsj62MjuR2O8YFQuJhjIcCCS8R5saqj45FHFp+yYcM2UJRgrXlu5fmvdDW8JbJwBr/qzWHZvWKvwQuRHwyx9F+VOny2/vKNeVH7eySxHFEqvWMAek9Y2HhUyWAykqJS0ETVTI0mxgSgUa9/CuZmilVEO9ppl9GE/WpnHaUcs2ziEaLinBl13TVEjZcMFSWi4i7RgHZMPmqdPVwa7no2lXoqM1p7OODv2fznNDq9iWjL4MW/LCaBCQ518D/ye0UznfjHzxOlZmWB85SCwoN8axGQvWuzahlXToK81nL7jM59giDUFhQSEXz2Dnja0sVfDuc597fAINhk1gWLth9TWjmpR6ZW64m4Zg2fu5d1OF6s9Q+m0vkwvT18VkGOLbWcm+RtQRbwmHOI8TKUq+YScF/p4s0kHKNNFOXyXIDJghds8OBFk7FB9MrHCIcY0WEJeCNA2b20KfZ6Qizw2pfpz2arf1kf5Q1Fi0YLntxFZ4wlgoJFwOc/hlZITFtf9UuamVsTyiKKkGoWiPWcuL0mz5sV/kVunX4t3r4hN2OBfaZnKzKCn6zDnoDduDrwrSLBB+MSmjEgzDuU7PvKSGijn2xV1WvW+e9gBxTZYR3VOxZrSzkonu5bSr03cRzFZCRMmC1wR9VyN5eTsNsmKwmofUVFzDoPs2R5VO+6JkTBOG5BURKJeDaI/024AjMgJ0Zqt9KTFyBGOPiQ5WSsRQWm6MGiLmRr40oLt796zCyFb2g3G5FY1Uyd5KLOxwJGdUAHoQ6IAIi9TRYB/XyCLpCxwKFsDfpfUMImYYdHKkzrouzmnXYOucZg0TSblTjLWbqgj153807VBseP2tGcakAEUkNJ9sdtGMo0mmHRHcyW2zQdItO325LbU1RcXGZWUVyzOL0h/kVG3xpVIFV/HnTeCYgUItBQ7c2dJK8lAQaMkZt2FnyEnihACqhvISHXwWLhqKA99IPmR0t8yfptGU7nKKxU9WsoQ3Qj/SsTJBN5rxUHpl2Z/PybYdte9vnfRsS2+EdAS5Eygt1ELIuz0nR9hGLY6+4g1ytNAi9kyrX/cqkGVOUft9lPOrlPFzz2i5So+KIbiuuo18VbQVfuYNekwmLiaPp7L7wD2ZC3dwruUzCjjWVy3naCJRyDVYgiXERB1GtgbYPEaYofrHeU6G3QWDj3zIgSyVcmGAgJuhELtPffJXLrrUuYKuOtZKprnzy4BOw3et+38RBpRRWBQt48ab2RLNg65Hw0/1ZeFoS4bGzGHeYlrQWeCNYzyk+XAz/EbRGpsZmM6cQhI8Wmn4gEsvTH5Fqtcn4m6yZuqunBVL5PX+qEGQVtHaaYiL0mkRHcTazjO+bKQQUL2DBmsToXAryMpHw0u3gOSWj4BVNje6+ouXj+U3kcBzqyAsl9a4HDYnFu6GJ46BKYsjEcVlpghcyWnJ/fSkct6UUoWqF8h1+Vajy+msnqjggURtp9fYE6EUqmUnyx/Qt2DUX3fhuY19T+K37+DroADREmv0x6xs1Cvrm9B0rEmBZy9INJN/+67eOYEBwu86USzhF4JAI7Y88Ohww+SIjkyzjyjkXgv3tRX2Ah4gDieMrUGQ91BCK9EcOIX3lu6pNLSsYzNnyi9Lv4LXzh1nSqCVY6EtyqdodYcoXeVM88K2JIh0a6ywfMrsh8uIDypJZU7UR2TLYHq1FpWUkB+yl0m+BVIpdrp10MZQkdIpQcP38DfVeRm0Mk+3tfbMIg/BV6yz2AXxzU7voS2E7kRtGVOQTQeCm16nVGEZYCpfQXafNvGuFnCwW6+iItaUfrWIg27b33tVFMLkAzJMzUxFwnQ6Emg8glApttRVdPuVDNxyJziDfJkSL+TiXhpLTNUanaQKhWZ4XFBRgVBcYWXN9NsVvwx5rY3N6bPCrAluoIrS7ouxfdPlNNDqySf6dHUPAD+ps/FOIZXmC5fXEXAbtj8q7LTMLSeTuOkwgorZuajLFb48OniTD9Pbj+mAXnqg5F7L2VchIV0OikJxIW+UD20Jv+FLO4qqF47n4iVcGghnR5OqmEzT7xVkKKNfn6bEB7I2GXHujd2nb4fHqN3zzVuIxGTWFqxHdil4MW5yHWS9S18fLgHhleINzaLzTxlrq4UUhlVrI6LKwhhTaXPILx4VLy7UPNsui3WZZemOiJF3zJdcEXeLbLGXaMvhHlBSstW4s8KhsvZ5Q/b4JN4QMeSv0tyT06Abogx6WCzSVbthKnf+D8BaZi+42Gf7bHhblkfXqsYaRvqRnPmVspwa91GgCT/QwGyL2PTnbAFHOoGokoJ50ktqkyGv1DocTxjZy0px4YvY03+efJ5kUYVGI4rpMJdYGHsKHyFhYRlI16B4Zl3WMbOrkM74pWq9PBFe6kDzCtrxGHOyqi49qwYwjuAoz1HnWTsEgAS3AWWsKQAu5Kf6qK+J4g==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[16]"><TokenEntry><Name>SessionKey</Name><Value>XU2ybwob+938RwF5cOeR82IHFG1amxiiXTWwwTadllMSIfiSFMaenEWwpXgFE10qejoPWKTyHg1II63/829FATi0UnFiL0nyg3R88Xoie/CJ1htVu+Kp2C2ViXRdYo1JgtxuiUGSg2IROaXFgRHUxP3lFZcQlxgdp9GiTxZyPW6SEm+TTmQfd1eq4BBcZE+TK79yuTJ16rTNdZg7WyUo9VcMlQqBC7DflyRloSyGW8gy9C7OC9baF4wIM4c3ahSFmrxJrj6mvySZ8RDRd05b1hUQepVTm4ZSvMKdniq4oBzZc8/Hk9QMZDgmcvLx2Dgugt7NmvnFVGsHPrtYesF3GA==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>yaDShAdjAFvskImvkRRSL2882E9m+U/96gLyCL3nU5A=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>CjEeVL3FdwYhdNO0xXLpNYQUij84/REyHsIJ+LaptDF+2KUQHfQtn17NlHxjfyRdOKWaJxQuNGhq1Bz8qsukV7MXGUqTvHwA3sllzQQILhI=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>kOjC9NffSEC4tbhI3qSXBSsmq/nQvhkK7hSxje8PlN4=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>yaDShAdjAFvskImvkRRSL6m3BZ0XPRIJTA2QjvGj36A=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>40Ijrvzcg2Vs8i7l215GNanh3JAWpzX2bhZdsSdG807EeFaSy96lKZS62izGfgD2HZHEb+kPV4R8cadkgdlbydGOf+LgZ95KEzwqkQkjWBs=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>E/JaV33QRa+SrpnNCGwcLNOmLArnR7axWKwOEJfTjic=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>E/JaV33QRa+SrpnNCGwcLFBXQ6R+cI1mcXvzuVUjeg8=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>VW61ovCa6fLi0GLYId5qMQ==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>VW61ovCa6fLi0GLYId5qMQ==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>o+FBUas6rbQZq5tFiCi9AOQoIsLMiPB8g6YRtDXMH23IeUz1nlqcIIVb8cqCQuU0czQ8xqmh5egjVjUXBKowJg==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>qZ3SotEhO42hU7602VVCi0/+KIr/PtM1icOGrBUhrU8dO/rC9vKQ4+OwpHqG4FlVpOQqb2GsTpRva848yNMi5w==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>DDSlP8bq0wniWI5XjkqB0MxjhgZIBctLN/mvp6HE6Y0=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>DDSlP8bq0wniWI5XjkqB0MxjhgZIBctLN/mvp6HE6Y0=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>XUYxNolwqJGckAVhkMtX6BEwDIjVUgkhslhJMqh3sRL9sbeJnbrkeLbHiY6Tw12W</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>XUYxNolwqJGckAVhkMtX6BEwDIjVUgkhslhJMqh3sRL9sbeJnbrkeLbHiY6Tw12W</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 15:59:59:172 - <NULL>)
00010003(0x80072EE7, 15:59:59:172)
 
Error: (06/24/2015 10:53:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Norton Online Backup0x80070422
 
Error: (06/24/2015 10:53:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Norton Online Backup0x80070422
 
Error: (06/24/2015 10:48:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072F8FRuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (06/24/2015 10:48:28 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072F8F9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:48:28 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
00020001(0x00000000, 15:48:28:135)
00030001(0x00000000, 15:48:28:135 - https://activation.sls.microsoft.com)
00030002(0x00000000, 15:48:28:135 - 0)
00040001(0x00000000, 15:48:28:135 - https://activation.sls.microsoft.com)
00040002(0x00000000, 15:48:28:150 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 15:48:28:150 - 0, 1)
00040006(0x00000001, 15:48:28:150 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 15:48:28:150 - 0)
00020008(0x80072F8F, 15:48:28:182 - SOAPAction: "http://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>p7jldb/g/RbpmJQjCeQqLPefBqSyGugsBxJc1vv/9r07EqyRKlG6PHeNfWGxk79WX7wOTPmUX32I1bAPnIDbVz2LVQanthDhQ0wGwv3/ZaIlNN5h36phDAf/htu1AhEcpfU4V+yOmkX6drim2KdmzMB6kcFn8A1AWajIeTfnPMPCmdyGG9avvMrq7fz/q0FmZbqNyTPue3qqG33xg9ovx+dU/smx9RBDlajinhKRm1YvVWMxFejMcwYp8gYUN/e+Y2DaXjrezo0fuIZW03t72jV5HwfZg9BzbxWZC3BE23fAzXv3lSE1Qb6/ot+OSI8LPue9lPceaibdXz+dDxpr2CWNtCZamxoVGRR1Zai1yy0QCcqDcSMTxhtFl8k24gxjg7ukZlLw7qCNsdjugS4QvUMywDSx2mo7MImq9x5V59zSt2Lpo/0pM8fEVFrcFgIa2IbBcqdwDZRqi56Rhxd14+PPyMZWriGAXSBfzCcb3Fq+75eT/CvzgV8KzwsZMgtpAHU7BOJZlKVoki9dhj5qUAKO6jFxT2Jiup2qFD/qUP3yy2qAcyKVpAh4ydSWAOwmaL0Vunjzfu9fWmlofSCkSBULntzhcLzn8yMydSgGHYdgx0j8aXtefYT9rnKPg1vhG7HGqVGvnX9GnbdQAeua23HVkSxRuXrJNa2U3VZfAa2MFvUkI6Iohz/QN7/nqaOfpgbEqlpZjWPoFv4e43Tb2jPBSwL9rSUcc8Y7mz3ibyuUEjtFuvjZ6rWOwVDIJGnIpbvwB5IIrjnJRZe5u+9uRR4H2vL7Sf9/CqGoe9pZttaoGimSFscZHYVh6VB38wUooLxz9bdLIGTdRBsmn1Ic0hkkCioNXSnof2RfhUoWCMt+O0mbTKsTHBLnv2XkLBYve7Zz3sOpR75us8sBDpE327mWxE6zZJ6mZuFWNFwf+87AWo2cEPXKbx0NxYr3YYlMxubui7vzzdlacyCgI6yHTXM4gAdvcK2eMC3yYtWWRr9b+AAVAEQxmf4oGj80kOEuJUMkQyOOeohpgSJZW2QIObKqNcNny7t7sX2Ipx8ScJuGTE/eahQA2UYlRN/rF4WIpRqrTHxkq5grX/Htxwq/FP4XUUhlDujf0anY57ogZH9QkpFyieuqzGIMqs9LOPDMcrZvW8aGOHtdyVVLQV/Gti6ci3UixcRnDJGVSAqGptUwOJ07FppqVakNhNElv2sceXgyETrH1cjjD0Hboy2SjZNjmis0eUbVfN5IfHzARzkoNP2zusChOtonuLYb7ugzA7dQ2EiK2S26n+yj0FvBSPen2reDeZlgsYgplwNnspQLDR7jYkUBWvTspXsR957vhJstgJW1cvLejoRiJWtBvbN9/kXRsXZnyePf5pZ7PJZPgmOyMDzLZuansQlA0rWz9k3mqjXEp0Y8lsLHBLveh6gqotDCNhoGTBYdzECqGDKYrkdLDA6W3RdQBuEF3eKranZBAu+PKbXaBhpBHc22+PdgsI0QO3S+EKgfFzQ14MLhVKQndpzZKtjfii3FrD7SZbQf/CUGxfpowG/uyhXpWN+Ctmq0mvUiE0PWYZWVYKKjO/BdMfKUJeowtx8db3wBoLR5QTMeV9NzS7wo6wzoj+wj+Xs8RSZJ+BBzPGn2u4UA2J3LYRbNrkLnXDzGO6zK8cUW+BFJMk9r6t6Y98oHbzn8eJe1bPX5+UPhk1SGEcDv8QR8g3muM/XSh+wprQKLrigv2HNfgSmXPdKiMVIbsvlkwJU32OlIstyguVk67WCvD2rriGZGu9fvh4ug8te84TguvfjFpJk6pBhw+1W1GZ/phsbWUpY+3L+qrMEJl3hTl765TFzcFU+QtKiZ0no7thousJtbK99iAV69gDjuMiccMTPj+peq33vVBUaO6seMEYm+2Sj4AU4Gp08RDJGRLaDdd0zlLDQMEF+7n+hxgn+p19GDgoSw95tVc3xyUBqyP3Hvd/g4W/Yp8tUX17DUpuMqD4gM7iunDInrBMTFIOLb7MBMDCA30hlMKqj9JxBXFdAFXrEEMercQP9IzIt6CpnjfB6GDzd45I/5b1iUjcNWnj7zyjzzVUTk5aYeNy0qNvyNJ4HbNiels1Pl+ICCDF2JAi8Ov1tuB1uro2cV2uzS66Z1W6CWJwzGES5f5H4KVj55XTMWHo5diN86SX93u7Tpy0GLE+xlCJWakPpuCUPqDCYnPJ7CtYq1ic6eR6F5thCpppZ6E3ZY6BRX2z15x1T7+QJ/PiUhI528Y6UK+Xl7vgPlva5X2kETypiN2iKAYYDbtMTklnmTvYmsrisVijUC9yBpcNQlV1380dYUu6AE3g5ZnIZmVswx67vahO4jyxL+sQEFmmvhTJnozXaH4y1Q02dquAMqHnvbIbrNHjPXDOEUcDK/4bgaQh04LoJNxwoV15fFdJX7knZnZYzHWsttmFFG58Exe1DT9XDAd4sPHeSv1uZCKaVAk9ebV8tQE2msN+ChCnuG1PGT4WXMY2g7LQoK94t9tXFlN1kbNdqx/oPb5Q1MzGh9EvFAxWC2dghGdMWHyuUl3ZF95riE9KTZLXImKr8eQMLZUhorFJJgg5jjkBcnRZIZUS9i/aKzhWjfNYiZXOpGmV4Uj1cLspOr8GHVBVU0MN3KgQwTBkf9merMxENjITTdV54AnJHsc71J5RsDK4upxXDnkyT7eoLTWWuV4dhn4YDkwG8sAeYakSQgacyzNit1Qx55qp2x/AsV84lth6432N/EtZQnORht2NATn9keYt5bxhiB2ju4hZ14aDKLsj/hzzxQGBrGu5AappAmu381gLXoIzICzK41IiWkkvm0vXItcd+xQjhueaBpJjX+QGoD+ZZPpRsF8PJImLqSkAePVfEr7+eS1BrAS6b5woFZ1mtlCeVestv69ZUkxPtxR6QuUqGQ6Y5w1pfdcdUSgo+I8xFIZOyFIKT0bM07/IRi0AoqUDIrxGBom40kZKa6cu8qyti49RUJMklCbFTDTxpdjBRG9RX1wpMx7GXhfVLUpkNqL7jxAw4ZIzvXS7L8i0Kn0gA8YUhR1/ygmuWj3CQR1S2S63/ZvHn58rJ2uJyXdoT3sTIEtoxQ0bC55AaPLyb2rywlTRaVXLnVxnxGvT2audYHZMjl5Ho5f4vQSVd1z6Spnah+M7yI9JrCwIeSSLH6w0TARgX6oleCOjSysIODI23MPpvXPD7JYemM0kanosWDu29fxWP8UYu3ywf2/7vYwZ5eQHhK5NE5zXhfZP5RzdZfVaR9nvpBFMBj0R4UOYxT5x1LzQ+zPKPWBaJop85YYfsPgVC4VkHJOuuOhOtWaUeUeChrkJJSgQzqqWXl1fGawcmy0uMaSrjWn7VcB623Ffn+UJGe16HNBh7NapYwJfjjBXAztN7JZ8K9oS+7nNneTGzJewsRg84a5BAVKL2nigTxyYFF2h/strBiDH97HG9fmdKTrjisqeZsqq4+yEhqzk0ICnj9A03CwH0PRTDz1jSNSFtQ13kTRjVE+v4zuv2oOTv9HxgXf+vQH2LLfS7O2BKy+u35KWxdyL1hylnS5tW1CC7iXUMG2flf+7qQbYxkXYfQdYuzX/Xc8XW14hL+Je5PMq1QM+47qrXf0+qqitMNpI1x/9EUtSJEpnrR90W17n29nR/aV2wQzIW4PSWKJfD79RxKUO+fZdoo9xAEn0MLeriHOYPWnt4iTSH7tXdj8oo+RA7TPS9I4pHY221bt6sQ8uCcLmzCOJr41ukLWR/qkQFk1Hi8I5jrm1Sb6I+3TbyVXjWFK/tpUzQ0NyHGgzB8hpY50EfIR2VWr27maSC7tStFX2PpRQb16/SYXlQreyKJvkcyufzeIdMiFcg05LKm5qGSdEaTJwEeaQxeLf09RnW6rNH508YNKzF9Xj71C4xBXE4nUGyq8mE+uEO4GZPrjIkOfDpCc2MrXgQTu0hQj3gJ/2kNMhynfzsZOf7YWx3xRE0BqH13PBUrSd6DR8ng7ike2MOz81rHqOlj1l8SdwQbcVig2VtjeNlcBUfICgdQdmTp9Yh1D5/GfYc5r5kYqmS08GtMwqEwSNq1IrdMbGS/Ur6OuNsNx3hf6t73uqsv9+5FN/GkTMCl/d4izd1jrczcFJY60mwJlrK7ucRVEB6jpMRqUzx2Eohju3032hLFC2mmerYzxHu5GzUWNnjBrUyWaXfA0rG/KHhyNO01uLTLQSnvUHtyGOcfGlELrrmC2aNAJL8f8BLFuX4QB008+FHlAjhM0CXjz8IO9GaVmnb+O73AWlfgn72mEoSRwJ/3uRmnjW7a93Uk9gpJuLMlk3Exre/UBWl/i8cHKiFH3kwkqeTpyhanUMJPaawwT/V7L39FNQzxvsQJdNdhgTj0yNrlVMwvp1C+g2BJAJBBpGebq6xNYsB3pw0aI+cyF98Yqsoz8KiqKJ/ioeSxYa4sII/QX7ZPhkl1stNz3kV6NbrrtMvFf/Aaw1YLFAqABT4582cd/d1+ZhQ89lTdyOlqiXy+NSZyTBmmXXiyLQEEJiTCzm2IttsmJtdUdr7U8bHIau+nSmIYAM8Y1/E49WZcYctd18yidRvrrR2vPop7msYo8ThZISDh1xQUqTbasodF0eAisT9cKceUu3WAbhOs8QS309eucSyAxsfOzK0pGsPJ964qzNwNutVcEZK0evX8FQSN+G+bkek/0O7gsXHUXiBGB9/FGWpy0BfJ8adMC9suo8/EsIXVam5Xq6aSgD7VTtsekIsKkUEQWqNSozFoaphEzEQxG9mKVwwX8Kq6bgu9CJ3Tia7YSiMTL+BPeyTMXUQ4hGhOOjsgy7jtgr0JVpRz9qhxgfeVh4wElXQW0VdjL/I78CFQlfl6C43sxFdhdXCTYTHPmwVoRbMyxFzMVb7MQzJ9OJyj4cgUWPWOeNaH4CmGYU7TBEIfKboqO345ncaO56LRQDPjS1TU3IP9PJRs0JOOIb2KfP+1hdQJpWDnmPBGihv4BgchsroPKYBcT7YWR5pH/wdULF7molBT1faZ9MBJ8+NekGkz9/2lT8p78fuYWGbWrFqlqaGtbtx0r5+t3hguMf8SPZk1BJcavZZ2H9whkCMq0+WUV4xw6mjcsaiId2+ZC2VlRZaDbQPeC3cUXdIA5k3PW7l5LWMxFDAvZp+D6ynHl/MP51+6eT/T+vpOnoupLarpsJfoI9CV8i2VUcVlft++zCzxRHXUzh83SZY+A4zPkXlkMNSuXZSg03vpHWxqF7jEkkJdWYWeO8CDwkfyWUTzSlNNkOUBLEr8/h/6mjiyEMxqz1Q/uTo8VCOBATRUrbS0MgJOmLdC90pQhnpr7CnJUEmMbkpM7qvvQkcJer2ToYHhoEC25cVqG4mad1mvKPtMRcb8Wj8yhGrduEn7ZrSQd4LjtL3kz51OmEkSxXyVPQ9BHsJSz9w9QLy/6z7p/p8u2mpg5JBSuBVg2cf2VQcVgINlybQhrY5aJps/GM+gE/2pLx60Z/UpciSNZVjeDHy3LyjObj03gSzZ3WggwH7ZWSMbBiOXmzUXEKe8crAOZuxZW9rD/7+Y68pRnXkEdvKmYLMoc2O/n8jcQGmuciVuA1xuiZ9h9dCL0EltosBYXvRurvKvpEZ3WlNb0MCZ2oFwpJasorBXsJ6jXwuslEtCRGqVAop7EkxRZk5jv6ZTeBBaDSl2vRagqfros3BYR4/N6JDpmfG8jvlmRqfWjw9GYvD1u5glDKuJFl+v9Ndv0FuymFNKdaDq5u+nFnODEK0+PyfI4JHYwYaFP8XtsKhW29Qqam6gy2j2xUQd4jeS6lpQzaEDmo8+T6QtjjCEou1L8H2FOC4l0N/Ac7i7DDhif8UKFLeCL5PzOGcYHHkv+Ch4KXJsWJPcRH/7ABfNLd0CPOdnos7j9N/gHZfu03EaPhsI+KFwG/NJu4UNg6IxP/N3ISgKEg4ABGHSVnlXa6QXRrsW9dTo98+uVqq9fBzk5O3Y7dJnvhsJFcfnOeHN2pW8MIhmd4ABixbOza2/QfwMSWLunzorwK4gtPs+yrOLkfA7s6HuI9VOH6q+0O0ZcjjUdu1HEKDnF9q454nHG6IKUUeLZknwdi/CnM6t/YNKbShPrskTFJRoVqN3cGtzp5zjjK56CCvpCHbSwz8iLPCEhAyRQyxLnftKslKEJJvEAaE3O6LNbZV/Yi0vst4uzry6jSlzRhl+/0Hp8TFub28cmzkOcwJ0Q9x0zDrCLOoltw++DKjl5nCELZwMZdkWfnMMZa/Ses3Ym4MUg7UDkvsmzSlOi9iNssAN66UndOdYUgUqhSIqNmV56h8IxX/EdyvDE4wEJkEFZrMuB6MaOwUFymxiUcJkEBPr4Zqidel1y6mAM3ofPm3WNlOjzXN66sZKI+hvxm/knO9rD1mFRWGlr3DBld0FfT+ht1NpCK2ol6uuSH8YgsvzfqsDqQp5FT/O0i/VN9x+Y98vBZwG0CXBGEkVgapeeQCiyLXybYdcgVk05+yarZ0GolxEehr8KSol5/tr9Bw0KKoERmi5Ou9rLICMMWUWrv71W0LTvr4XeFp1mFds8IzhtM+4pzeUvH4q1JfXN9m1Iw5STNQz4ko4WBo4h6JgG0gxLq/Wh/IP0B15IY+qbedLTQyJmrHNJd5q/vElu2ZMMupLKF8ENF5W9WB/hAYy9QEz6GhsCk7+CNzrUGyiF9aaQrmDRI50dj7ipNIzb/SMdiqfTjEISeFxxNKFUIbe6N8gpP2F51Itwz7dXvWFbtDv+w6jhRls6iCg33effsCmaiZ6GE+WV/M66IW5jTkSLnPgTJ3/XKq2jg81J7+69N/3z4qc+DdEOzeVhHZ/S0iWd7F7oh58sizr/JIIgoivUzkhoyGT3gStKCZN8/nlFkJZ80Kyjl/AH0kykQKtoAaZQF+KUSCLFZ/YgsE/jgiZ94F6aIL89BXmA5HFI0dDRsrCR70987t91WVOvNN+1NN15PLZUvwBq+r5Wzi7HtYaDewY3kVgaMBR/pE/YGqYrEQX2WqPl/hduivWTRHWLjp1m9oXy/TlBPUuryGtuoiTI8kUI6tagvr4JBWWSvrcNYExQg5lZlDH5pjVUHekG+gumlzhlDmbVPAJww53C2FMBxQcgluInEtSyoxLRKZLXlCmU0ygFVSiqvogp1J23r5eStvNHeyHjdo0kzXNynWnmLwFPXIaun/sqqCBpW46h2DoECLiXQupNvZMydNyNsyPOtFjhAhUrolObSlrt9g7Ue56xNuWG4ymU5Buw7OJEmlFrdGkHiZn6s8y2i/gz5O1s9HOzA5nTQ1vrUZAOmRkfr8AnDZlNyGHpE0h79IX6Hw+lg03D5iGrAC/8jViPGztXSxhG+TFhQnOSYP/s0huhWJshvB/tmPv90aHD8BaP+Gum9uw/Deyt9z4okQYJaSLNiObvtqUnL3v4nOo930ErgNHPRk6uz/iRzZFBr4VNKzsJ2O2piy3yrCceayRKWRhNrNzUqB0ZMzkZvBg+zM6dTY60jcAWzF5cEIwBN2pH914KpcBmE4J9PMinHa0GJ6Ac4I4uhmeXVAak/EL0qgKvWGx+uThhT3bPIY69toX+bvtDwf8vwGWtyiJwyMV8iWwaV2Y4Lp28YnNaljCCIT1+1gQnkm1OwDTKXgyfKYHVbmDBk5XKtSVrjKYKd6JtY0BWxe3XbM0lbQYLMWdV8oSjnqAro1ihjiiWC9yWc7XJcPxsh+ub0UiMOg8/W0ypG3nk3DmbALPRZqcr6gwbyY9IqbgDIC6z5a4yo3CntkG2P1hSFSROyC6e4ZJ71LHWGTqm7q7aO0Ar/BSzYp8joz/gAIgStKOpvNzmT8+x6LMVzDuJfGTWYUFMeBCXk3YF2h9ZX2e2elBxXvdpRLr7o7kZuwjb+sBdDvZiLSwfDzynYQc+1pU8DTag3+XazByGlGWsoDaSTA1w1lJj4kjTZlV1HneUzaZrfBPqbvOKhC5oSmJfgU1wTTxilN8gvhlyUiGx/JltBl6b7zMgx7rYCY5+ZMjKhwAKsMBgA4F8BB2gH6VHoVYLve+5FvwdBcPiCUpFao2fRH0uBeUtxvQ6VAqhbVB29SHZjAj52KHFJp0v4zo38nEGC6y1TQaUqlZ3WmSw4j+oa02s/4bUrkt8T7jy/il7FgoSJLURNrY1k1NyA5NFzZAZXy0voGpySaAi7nohMZnc9FuYCtGzhRQUdxJZ0ZMi9QhgEedhp78izZEiyAllQmtPe4yL9P0sXp9Hfb6hfaEYmvRG9F/52aWgvQB6nNkiPzuYZ85JH9RvAwTZRn6sl1CtqUl3fSEYfJ4a+rKw48BubZwall5zsNhRhDtcw1jSswH39JCq4BY4qCyRbxyEihgkNXYD37AvwB5+Dr9QfRJyGKj0EZcQBTxrOiAS/gilu26RiX0KS32kYxPy++KzfIxXvAtSZxv+Syry6GSsQDsv5Z9uolvJDumOjP9mxceYrMIzciZ65jZNuSw6yP+EU5nVEJ08iLdQp9SIvk2DLeserMrrbLjZZwFx6vOXGvhueOWllsKXtcY6BBUt8zBZ3gEsrF0dMdEFvnXSf5RCOSg8NALlyzHllUzk5ZzI6KLFy87BuEWsJdtZW7K7ZPv1t5yJl4B/ID0GRYvjsmG6vKHdFNT+wIBkgr/o4utsYaDYbtu7E8rK0jLbqNj5sph4QwN347yWW/M+fyMuevZNMCZo1s6OrJRJ2j6Eqd+Mlr7e2lS4kK6bvUPmen1UFRmnnamt6o66CcHCVf4EqMWdaOlQ/HHdB0uxVg7LQ7XHWcaTzRrDg+Vj672j4jdLxz8Kqsa91UA+4trVXGe99rYCf24GGMJNaq4LuLKK2zvdE7LaBjHYxy0HolwFh1fM9aeeWh0P52NjFciPmRCgdIXxmIxymiVP46HaIq1stYXt5Wvpbbv2RgQ9Oio7mVvH9OfdZC+xS7+BKW4mEQqBhiP9wr9IG9KWh/A4qbFTowGjs+UKpHAIh+c9eS16ihtqP821MdOyoyTbpYyf8A2T772BYS+AfGEa18tX30+uvkEn7MMS6MQ34QNEt43XsSFmHKK5suuwo4T1c0+paKtcgQ4oah2TwtPHHjBMWVhp6BGNTmtGKiXWHY0iIbPpO0dSFgHcvKXv4V+NfG269FW4amsyN70Rq28NhUaXSssQlX15pcbcfzSyienhkRMtMm/HcOyeiPidkXkUUTQo3xnwBE3tN8Ti1eydwHvQ+aypToNpuJphsMJh2UB/EpLUWhNis223rmqqUuYF9KvJVSOvVHLA+8T5BgJgIGldx2LDTC+uMvLoNJuYG19UFgETeMfW51HiVDs9ptYa2H4rqoP4AX4vY4iIBxGyZvdhch1Ovp4GNYzpC/pt2hFCquZ+cyJaDPMCw8fXcN+P0+4ABnjjrjGin/CnF9VJQIS5J0OvALgCg1avacRM/bM+gbnQONTy8yJrnQfkZP9dHJh3/FfJdEG0FG18EjHQjob8FRq+s10nJlw0q1ylkFp+QMeDKl5VT7EbGXvwG2DKTJEk/BluwmyH72u2glKXqo7NYwzDPsQQm3A1TRORbZ4s4VWnrjHr5L1bX64Fd5C6q/YmH6bvr06g5wF2SShuGXo0uR6Nw+2HL5bGdqiYmRToCc0dgZwjiQflDIc37ag2Z+wruTkGXIJUg/csDADzfSUratFsV2K114new2YHKZDACbkmorpfu5yd3DXM/KYl/qx9BwDgpUhiKrny/QbiHB7QpaHeulFfOAQAk8RG48sg/82jUInLFxEgYO2BSByhkR8ULCqXOEdxUFqsX+/ebIkVPdJqmeNzZW3MbDNmvIucGT/fX12qXNrEuP6M4Wsb+WNfmAjhDwKasVSzb8ZMWE3FL9MVeL/aTImEc2Z/KnckPfRQgr0hCfcm0Ll1lm3V1yVLtU5wpID0vkaH+zLQca0Wgqn3uPPD84OxTzg40IGIpjg/WKSdjTyvFkJQk3ZVi3b4gqa1Q9Yd0qKLkeW3nzlbhb9cz8QUXBvdAnvCngfOY8LZb7LTdasA+BT4jPAlUS2wTXn0r93BL4zF+QtKIZiLm1ak20MDCSTDzGB3qGU8k17iAz9Cnt7mOZtIXL8NrO1WNvrmIborbgvyXuJGKljfpU5a6F+Qw6BGUbg0eIv2+slXODeYOufQsvI71y0en/L96FXIKxO67yYJ5do6cXS4aZMhxwsXCE0TB4kBxCATOT7duGIA7XqXrxe1rS49AD76/INEnf6fYCrd3xMhA865xwLJStK+851uM4pkrvLdVd2mTqFxlCnqmzpD5wA+BK1PMjreVgSBYVhBRRSSqdD5rmal/HCQ9UTQDJ3tfckYrY6v0pnj1oQI9udOp3h8v8zsMGKQw0VRUpolcZ5/3+X5VegZ7BDvL3hBOr75D0wzT6+NRfVLiqwRMtfJwjY8n1PmhBrzNFHst52vDV2Zw7PAyEXTEhMxFq6LjYf6rd4x09VNYcaT+2OlWFJbXal9CG5kko2rA9Gkek3nTDMW40MuswIeq9w0t1x77h6L+UbwXDOLnF51xckdEOjQDJwNfwwGqhbDSIi9Bz/J48ZE92J1d54z96U/Xv5G9r0j8Qf9x8IDWn6PIpojVx4uJnlyVkKtX82wykQoCBnXZCKoNZzx78r/yfr6xT7yBg28aWlivY5E244Cog+tCjec8ykW0Xs35Mmw57AhlO+QCBo90rMrteSfoNEWPNdxj+BjUYQRYClKIrvDUn9tNNwqTae4Ko97ijsPgDVpWf+PTuc8Y7dfDmHfNUaWpD5CYaOac6iKQXUvzrX69jvdXqzcivshupkBIb3ewKwExrlcyJ5701HXS3JE6a6LD1coOKE0m0zx+//osneh3b5hgxXwzP5xyRu2Pgmad3Nhv/BqP7KpjpGStYNMQvIh49b4gckjnXyGRPbXIPCmmfHbMtPKxKvkNPLhn1UITIvKyj5OH6BSb9am8kFOf3JxemmD0ngHfS+mhN19lIK24zrgCOS1YIeRsrxPr/ao8MMlck0CA6rrsbrBnsevIt1xbKxqdJKyj2V0/M7o7uVesXA9S9WzX1KhCsrFp5gKxqMOeDzlL0w1XxUW7cnTZjSMzapfCaThoTfYxyBAnX1huVfPlrw6W94OZxVsou7WUjZtlpuqYUOiCIbjxVcSLcy21F5RKNaEpomJhQNLlppwE651+olvX16eTpvpBfWVvV7cgvIXz7eYqkstXyHfpeX1mztWHYR8QHgFQrzfatg0xU3IKOx9W+VpbwCyeuFVY6vLuiuMfv883fyMaTcLBk2FLYgphJV5b8SxZHMSCkVUoDjFisNV7S6whKBonV7Pe6F6a6vwijUp0HbcrUcsvHwblQXSnTeB8zt5bXe9A29Kol53khu9tr/pYMgJrUFljxwevPebhXh5joligK/tK9kBvPFqzxkGz+HTxP3bylHHzhLj887yEFx96gjYLl2XoBr0/UDPtFikq3nBAccKRaghpt3g12/xVvlQ/9H/ut8J787GJ919PAetPh6g+6keXO7UGUDJeDk0WiSYtoNtR26UnNRpNnuxgGgVuI9xMncpXspDetLHKP/tXS8NXqzW47gWAcYc+eWdUOIfmSrwSDYJQP778PktkhdK6oZRN5pGMzGpEtDwS46zJcZu3v9bTaiZMLA/WnPMwnic8v6wI9NYG7GwudMYWeLAlZ6ZHNCmAxn+n0Aie5x1TDe6lgEhazbM2H8G7yU6o3gKL7wRQOhkhiPhlgaV6WxJoH6nbRT++3+7P+BZib1NSN7wsZRC7d8jejAtxtBGFWrwLjq9iJx2YBQiVGVi/lPRdQasSGu1PgfPEjRyKcvhGsT1kLNj9z1fbEp0WwuLspES8MCsplLOCATirLXRuaccjLV3VgmxkOowUkkOG9meifbSrjdfHcc7kDAWFF0ce2k08qfYXnCuFLdMfei6tyEWoWnNrgLZvvx2nxB+55GrGlNpn0mQPpAUbzR0Z7BfSZAhUcROER/+cTnMrRKq1+3wHsFpIQROUPbXYEO84v2PmVyXsFfWvPfeHhlFIEp0eXv91ZgeByzJniHgbDozAeUovIjXGviYDOZ8A/XdLqzZx3MRpX2fMCOE3myAaT8mx00DFRWycMSxBup0vd+RC07/nA1YRlekJ+XpnaRdburt/KfiSAbJQLnS4ncBab3dM25JYLS+7QMTL3SBE6VzmEp4EHjY9SFEghHYs06NdGrgPsl8yMeYKT6CeKHiQ7EkW1YhVMc4P7/uJVQVefilCGMTNpdEPNbAGTCw7UMGpDedBUtsnxGKwLP+aGDbMvaiu1vmIl98J1cIggmU++UbdbfTEhBAIDYO1lYyNeVnEMlf3ix+MUYFwMaojq9r0dtNpJbB5pnRGDRpb2urumoTuPa5VqZutzGAEjKgcmCLYD9ZZlaybMG/445/AzdGKFV3NnIhBp2dcPQ0Odl3DejBjhOfUolzoxFfWa4DcGQsAJdUKR+Ry8ZtwR51p4wmDPPZmz70h4lgIvvNxj0ugnavwCQDcCEQCbPNcUy+mADl0BGNZop0/f2MMR6d4qoMudnqy59SM7RySah1NejgeYM2JmrVusZs4JgZC2tVkO0Yn2hsGsbcGPw+ab4Fs/vGPpxZhV9WDJh5s06O9o8zjd+KEVPPFEsG/sKnkAK5z5HA9RFYLiPzYMKaxbewalji8v+Rt6cb47yBUdtuxgHGcymDG6vEHlGhZP3+Yjc09A3+z9g9QJAp7kG25pNa5aaIYgb0C4ZD+7TUn9W/QTaKxJKnLgFF4P1KIuxJkxnJGNLm5X+Twv/8U5iBO3jQ4loOWbdSgTlYSWk0BISlhr6GoLirj/gXav5ImmAsrSQ27Pm9v9xj0zKM0IJBBp6vPM8JU6nUdUlsS5d0qIK7bWXJCV73ofm4aNwQ/c25tIiZDCLOxFExIuTFDmrgtNdkfZ8CH4WInltbT5l8UFk5w8LGVN6ABTCCH6l1a4fSWtu1amepLAgP21zQMrq5gJUmBXJgKzWCQanAyRC6OLcAHhbxwrXVCTr302KrMogcSxmspQ5Z+FRvjsOZykcABQl+r9THIlsgUaLFr/qWs/wz9M6q5G0xMbwHnYrc5LfZQrPVyeZ/QNS+3aoKSBjWq+Vvq+6DQezHgVgbqR6LOOfxxAOamoZOVkp5FqBiQUh9l0ao4WHsofo7cOjZfN700srYjEN4H9SrBvATNpuFyRLoiLzRe/SDALJS8oqGXSkQVw1PVfEhpvb3raByoyb6jrgpo7v1gJ+dvk9zgFgnN9k06tGQ48fJ9yCUkwkWfNbgEWz8uhZhaUu5u2mDH6XV4HP7Qcs81+YCyPZjr8aH6ZeVTt/V9q+ZgD9grnOhday2TIoDANrECntc0/2hkqans9/PEF56yPM8qVu2gXFA5BHuA0GldeXJhqlj7i9cROlQ51VOPKaJ/6N8Ehtdz0ZR6ThNePpkJ9vtkO9hO7SXTsvw+tUMz4WCklABMZd2gUUC5wzRqXvkjCicCl3m+uOtCW6sCk9NVVJRLrs8hZm7aKsf/L5ORl1Y6Bb+pYQRd+edyJZ3ulmh5mXV74uplT3OUdqmruuVdRQxH2xKhm+ilxh4g2x7ceO1iO/2Pxi2B9mX5w2O6uPcvrEYt8GN25BPGPF89iWvlG/t2kpCx5cpVEK5WIt8blhFLGyyEL4lYfFGoYWDGbmibn07wikZ9NKDnAf3btD24pZHz+Jxerz0NyQZJyW1lU+4a9S+/RE5A8ESGNi+77xgZWKyuJnXlIkUMgCUi4+IHCOFA3ABopvbUeM8DqeHWrwLOZX8N5xNy1n8Y80/Qnfs+V6PLUOf4ai/W00ghkeo//2vkQa0WIpF7drfKu/UfV4NAQPG8o9LyIAJ6Uk+DXHq2O3gjIS0vd2zvYvaKkYwzjFxGsf/9+8wr7DBADOsnEC5rJn+qUHtywnsD24egc8q0AuN6HG4BG8xVhnQ79H3QxHZOInD1oawGFKiJanrRsgGua+d7GM+6pAQi4lrO5lYK3yfXlQbIxWYkV7Uuf5DVX8/87FDYnuVaMH52tQuPGm3eSDPUrVCUasD+4+62GP89Os47UzX3GmepLroSVvcB3FJ/Mn6H6VXugy2pDKkyHUEoNOkU9GchGnDlmGI9AXXm0j4cXmkdbXErgxDVUcsMon1wJ3buHP8k8zvxfXwjxOVrOiaKU+A28Mp/p1oKVGCn5njeTulPIfKOBDD6h2yXnDSYC0VvysIpqDnrm6ALp1keC6+LEBFTnOae+VYWVDjp5PGwNTxWFmYjkT5fYnT6RoLaDY5Sjd57EaB/IHhiT9GSnE26vTWbXohQ==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[16]"><TokenEntry><Name>SessionKey</Name><Value>fTEKE+jeXsmljQBpkSagUelGsi36cET3kGrfE9Wql+xOFK8aBC5UEvKNsGiJRAUnjxz6gMT2KiWVrN+KFyeRC6OazZTb+W912akjzdruw5gj/Pi9L5pALJL0A3+mewWvZ11W9jk7RY98eYebD+ZtJw1u9tvwMe7jZXImZa/seUgXtvM3wbS+GA9RTNeCnoaYymn9tWV3qHM3VZc8ZUubhU5KVH/G1T9kkCVLO2lgFZKJUapnhTWMpWqcUXZdYPzvErbdakQLnAwmtg4e8a0RQCC5XENM/3kfSaiULkIk9o/8XWahfr5g+M6uN71ze4WQJyxA3bIWILi5nqb7UBrVeg==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>TdVdi09e9BfbrcelIokooB11HlfrzfwFpTirX8uIDrk=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>6WF6Pi3ZLLXVVc2uaBy7tSGVEbtyNZP+oQHI4bEcXQqZM3c4P1gHgp+faCjvnrKeGkRVgzlKJoFrIY5NLH5xHFiYJc9LBgVSNyYDQzpD19Y=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>YdTpiCNWCymlQLZiQGYbHdgoOvZAYS5+gSpcPSJPaxE=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>TdVdi09e9BfbrcelIokooCkBSgtuzs5VEwEEsVAobAE=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>toKfXwjolP1kZUEBDCdv9zGjDUl1NssdixmiF1OBR9ONwppDl3bZ+v7VhNkUusJcSphIyio/PkxBsZpcBzQfCpJNKFnevDbSFgbTOyVlNc8=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>uBNxKX+DCBgYMOWxJTyxCkgKqjQlVTl8s4pgRSLvpSU=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>uBNxKX+DCBgYMOWxJTyxCl5wY2YmYb+IBTUiAvurmEA=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>iVV2tV3JWvgXRbJfJil9fw==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>iVV2tV3JWvgXRbJfJil9fw==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>47oeUYgK/LDuhnmHNSeTNAfAA3GJuvxuBCVXzHdCMaUPRCoeQcFQdFvozU4OMxn2fnO6+Tdr4h24jyj7/ZrVHQ==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>U/hLtJZPMPreKNSkiH0ZLhuXBCv1ptV1FZpTUkndLYrwYxNLcshnuUMlaxCNqcaE1xrQFPqHfm97Qad2DZwAcw==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>YimcuRA6yuZsKXy9o6jJ8wjpLKG+8AKb/0gl0DnsOTs=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>YimcuRA6yuZsKXy9o6jJ8wjpLKG+8AKb/0gl0DnsOTs=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>u0rpGa5bH28OzMWBmRoIiHKYWyNN91xrh4PfXE8Bas0Rhij8jbrwckuNS1LTQB+p</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>u0rpGa5bH28OzMWBmRoIiHKYWyNN91xrh4PfXE8Bas0Rhij8jbrwckuNS1LTQB+p</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072F8F, 15:48:28:197 - <NULL>)
00010003(0x80072F8F, 15:48:28:197)
 
Error: (06/24/2015 10:48:21 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072F8F9e4b231b-3e45-41f4-967f-c914f178b6ac
 
Error: (06/24/2015 10:48:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 38%
Total physical RAM: 5596.96 MB
Available physical RAM: 3414.43 MB
Total Pagefile: 9564.96 MB
Available Pagefile: 7170.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:907.34 GB) (Free:878.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by JEFFREYYTAN (administrator) on MRTANNNNNNN on 24-06-2015 23:39:42
Running from C:\Users\JEFFREYYTAN\Downloads
Loaded Profiles: JEFFREYYTAN (Available Profiles: JEFFREYYTAN)
Platform: Windows 8 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-31] (Ruiware LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 165.21.83.88 165.21.100.88
 
FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (YouTube) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-24]
CHR Extension: (Google Search) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-24]
CHR Extension: (Ghostery) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-06-24]
CHR Extension: (Google Wallet) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-24]
CHR Extension: (Gmail) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 23:39 - 2015-06-24 23:40 - 00007960 _____ C:\Users\JEFFREYYTAN\Downloads\FRST.txt
2015-06-24 23:39 - 2015-06-24 23:39 - 02109952 _____ (Farbar) C:\Users\JEFFREYYTAN\Downloads\FRST64.exe
2015-06-24 23:39 - 2015-06-24 23:39 - 00000000 ____D C:\FRST
2015-06-24 23:31 - 2015-06-24 23:31 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-06-24 23:19 - 2015-06-24 23:19 - 01005568 _____ (Farbar) C:\Users\JEFFREYYTAN\Downloads\MiniToolBox.exe
2015-06-24 23:19 - 2015-06-24 23:19 - 00061558 _____ C:\Users\JEFFREYYTAN\Downloads\Result.txt
2015-06-24 23:18 - 2015-06-24 23:18 - 00000117 _____ C:\windows\system32\netcfg-519717.txt
2015-06-24 23:18 - 2015-06-24 23:18 - 00000117 _____ C:\windows\system32\netcfg-516612.txt
2015-06-24 23:18 - 2015-06-24 23:18 - 00000117 _____ C:\windows\system32\netcfg-508859.txt
2015-06-24 23:18 - 2015-06-24 23:18 - 00000117 _____ C:\windows\system32\netcfg-508797.txt
2015-06-24 23:17 - 2015-06-24 23:17 - 00000117 _____ C:\windows\system32\netcfg-508547.txt
2015-06-24 23:09 - 2015-06-24 23:09 - 00000117 _____ C:\windows\system32\netcfg-626827.txt
2015-06-24 23:07 - 2015-06-24 23:11 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\WinPatrol
2015-06-24 23:07 - 2015-06-24 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-06-24 23:07 - 2015-06-24 23:07 - 00000000 ____D C:\ProgramData\InstallMate
2015-06-24 23:07 - 2015-06-24 23:07 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-06-24 23:06 - 2015-06-24 23:08 - 00000000 ____D C:\AdwCleaner
2015-06-24 23:06 - 2015-06-24 23:07 - 01187840 _____ (Ruiware) C:\Users\JEFFREYYTAN\Downloads\wpsetup.exe
2015-06-24 23:05 - 2015-06-24 23:06 - 05630239 _____ (Swearware) C:\Users\JEFFREYYTAN\Downloads\ComboFix.exe
2015-06-24 23:05 - 2015-06-24 23:05 - 02244096 _____ C:\Users\JEFFREYYTAN\Downloads\AdwCleaner.exe
2015-06-24 23:04 - 2015-06-24 23:16 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-515815168-1746495529-2309485121-1001
2015-06-24 23:00 - 2015-06-24 23:00 - 00000117 _____ C:\windows\system32\netcfg-74662.txt
2015-06-24 22:58 - 2015-06-24 22:58 - 00000117 _____ C:\windows\system32\netcfg-851250.txt
2015-06-24 22:56 - 2015-06-24 22:56 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-24 22:56 - 2015-06-24 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-24 22:55 - 2015-06-24 22:55 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-06-24 22:55 - 2015-06-24 22:55 - 00002029 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-06-24 22:51 - 2015-06-24 22:56 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Google
2015-06-24 22:51 - 2015-06-24 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-24 22:51 - 2015-06-24 22:51 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Deployment
2015-06-24 22:51 - 2015-06-24 22:51 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Apps\2.0
2015-06-24 22:50 - 2015-06-24 22:50 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Macromedia
2015-06-24 22:49 - 2015-06-24 22:49 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Samsung
2015-06-24 22:48 - 2015-06-24 22:52 - 00000000 ____D C:\Users\JEFFREYYTAN\Documents\Bluetooth Folder
2015-06-24 22:48 - 2015-06-24 22:48 - 00000117 _____ C:\windows\system32\netcfg-236653.txt
2015-06-24 22:48 - 2015-06-24 22:48 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\ATI
2015-06-24 22:48 - 2015-06-24 22:48 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\BMExplorer
2015-06-24 22:48 - 2015-06-24 22:48 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\ATI
2015-06-24 22:47 - 2015-06-24 22:47 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Atheros
2015-06-24 22:47 - 2015-06-24 22:47 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Power2Go8
2015-06-24 22:46 - 2015-06-24 22:46 - 00001442 _____ C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Synaptics
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Adobe
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\VirtualStore
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 _____ C:\windows\system32\Drivers\144D_SAMSUNG_na_355V4_P07A.mrk
2015-06-24 22:45 - 2015-06-24 23:31 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Packages
2015-06-24 22:45 - 2015-06-24 22:47 - 00000000 ____D C:\Users\JEFFREYYTAN
2015-06-24 22:45 - 2015-06-24 22:45 - 00000020 ___SH C:\Users\JEFFREYYTAN\ntuser.ini
2015-06-24 22:45 - 2012-07-26 16:13 - 00000000 ___RD C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-24 22:45 - 2012-07-26 16:13 - 00000000 ___RD C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-24 22:45 - 2012-07-26 16:13 - 00000000 ___RD C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-24 22:45 - 2012-07-26 16:13 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-24 22:43 - 2015-06-24 22:43 - 00000117 _____ C:\windows\system32\netcfg-303921.txt
2015-06-24 22:41 - 2015-06-24 22:41 - 00000117 _____ C:\windows\system32\netcfg-181834.txt
2015-06-24 22:41 - 2015-06-24 22:41 - 00000117 _____ C:\windows\system32\netcfg-178699.txt
2015-06-24 22:41 - 2015-06-24 22:41 - 00000117 _____ C:\windows\system32\netcfg-173020.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-25 15:38 - 2012-07-26 16:12 - 00000000 ____D C:\windows\system32\Recovery
2015-06-24 23:38 - 2012-07-26 15:59 - 00000000 ____D C:\windows\CbsTemp
2015-06-24 23:35 - 2012-07-26 16:12 - 00000000 ____D C:\windows\system32\sru
2015-06-24 23:31 - 2012-07-26 16:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-06-24 23:23 - 2012-09-19 10:02 - 01215801 _____ C:\windows\WindowsUpdate.log
2015-06-24 23:14 - 2012-09-20 02:20 - 00803478 _____ C:\windows\system32\perfh00C.dat
2015-06-24 23:14 - 2012-09-20 02:20 - 00159308 _____ C:\windows\system32\perfc00C.dat
2015-06-24 23:14 - 2012-09-20 02:14 - 00755256 _____ C:\windows\system32\perfh007.dat
2015-06-24 23:14 - 2012-09-20 02:14 - 00159584 _____ C:\windows\system32\perfc007.dat
2015-06-24 23:14 - 2012-09-20 02:08 - 00794432 _____ C:\windows\system32\perfh010.dat
2015-06-24 23:14 - 2012-09-20 02:08 - 00156832 _____ C:\windows\system32\perfc010.dat
2015-06-24 23:14 - 2012-07-26 15:28 - 03624158 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-24 23:12 - 2012-09-19 10:50 - 00000000 ____D C:\ProgramData\WinClon
2015-06-24 23:10 - 2012-07-26 15:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-24 23:09 - 2012-08-06 05:07 - 00499840 _____ C:\windows\PFRO.log
2015-06-24 23:09 - 2012-07-26 13:26 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-24 22:59 - 2012-07-26 15:19 - 00281088 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-24 22:58 - 2012-09-19 10:48 - 00000000 ____D C:\ProgramData\Norton
2015-06-24 22:54 - 2012-09-19 10:53 - 00000000 ____D C:\ProgramData\PopCap Games
2015-06-24 22:52 - 2012-07-26 16:12 - 00000000 ___HD C:\windows\ELAMBKUP
2015-06-24 22:52 - 2012-07-26 13:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-06-24 22:48 - 2012-09-19 11:10 - 00000000 ____D C:\ProgramData\Atheros
2015-06-24 22:46 - 2012-09-19 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-06-24 22:46 - 2012-07-26 16:12 - 00000000 ____D C:\windows\WinStore
2015-06-24 22:45 - 2012-07-26 16:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel
 
==================== Files in the root of some directories =======
 
2012-09-19 10:58 - 2012-08-08 12:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-09-19 10:58 - 2012-08-07 18:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
Some files in TEMP:
====================
C:\Users\JEFFREYYTAN\AppData\Local\Temp\Quarantine.exe
C:\Users\JEFFREYYTAN\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-06 05:07
 
==================== End of log ============================


#3 jeffrey90

jeffrey90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 24 June 2015 - 11:44 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by JEFFREYYTAN (administrator) on MRTANNNNNNN on 24-06-2015 23:39:42
Running from C:\Users\JEFFREYYTAN\Downloads
Loaded Profiles: JEFFREYYTAN (Available Profiles: JEFFREYYTAN)
Platform: Windows 8 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-31] (Ruiware LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 165.21.83.88 165.21.100.88
 
FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (YouTube) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-24]
CHR Extension: (Google Search) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-24]
CHR Extension: (Ghostery) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-06-24]
CHR Extension: (Google Wallet) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-24]
CHR Extension: (Gmail) - C:\Users\JEFFREYYTAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 23:39 - 2015-06-24 23:40 - 00007960 _____ C:\Users\JEFFREYYTAN\Downloads\FRST.txt
2015-06-24 23:39 - 2015-06-24 23:39 - 02109952 _____ (Farbar) C:\Users\JEFFREYYTAN\Downloads\FRST64.exe
2015-06-24 23:39 - 2015-06-24 23:39 - 00000000 ____D C:\FRST
2015-06-24 23:31 - 2015-06-24 23:31 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-06-24 23:19 - 2015-06-24 23:19 - 01005568 _____ (Farbar) C:\Users\JEFFREYYTAN\Downloads\MiniToolBox.exe
2015-06-24 23:19 - 2015-06-24 23:19 - 00061558 _____ C:\Users\JEFFREYYTAN\Downloads\Result.txt
2015-06-24 23:18 - 2015-06-24 23:18 - 00000117 _____ C:\windows\system32\netcfg-519717.txt
2015-06-24 23:18 - 2015-06-24 23:18 - 00000117 _____ C:\windows\system32\netcfg-516612.txt
2015-06-24 23:18 - 2015-06-24 23:18 - 00000117 _____ C:\windows\system32\netcfg-508859.txt
2015-06-24 23:18 - 2015-06-24 23:18 - 00000117 _____ C:\windows\system32\netcfg-508797.txt
2015-06-24 23:17 - 2015-06-24 23:17 - 00000117 _____ C:\windows\system32\netcfg-508547.txt
2015-06-24 23:09 - 2015-06-24 23:09 - 00000117 _____ C:\windows\system32\netcfg-626827.txt
2015-06-24 23:07 - 2015-06-24 23:11 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\WinPatrol
2015-06-24 23:07 - 2015-06-24 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-06-24 23:07 - 2015-06-24 23:07 - 00000000 ____D C:\ProgramData\InstallMate
2015-06-24 23:07 - 2015-06-24 23:07 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-06-24 23:06 - 2015-06-24 23:08 - 00000000 ____D C:\AdwCleaner
2015-06-24 23:06 - 2015-06-24 23:07 - 01187840 _____ (Ruiware) C:\Users\JEFFREYYTAN\Downloads\wpsetup.exe
2015-06-24 23:05 - 2015-06-24 23:06 - 05630239 _____ (Swearware) C:\Users\JEFFREYYTAN\Downloads\ComboFix.exe
2015-06-24 23:05 - 2015-06-24 23:05 - 02244096 _____ C:\Users\JEFFREYYTAN\Downloads\AdwCleaner.exe
2015-06-24 23:04 - 2015-06-24 23:16 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-515815168-1746495529-2309485121-1001
2015-06-24 23:00 - 2015-06-24 23:00 - 00000117 _____ C:\windows\system32\netcfg-74662.txt
2015-06-24 22:58 - 2015-06-24 22:58 - 00000117 _____ C:\windows\system32\netcfg-851250.txt
2015-06-24 22:56 - 2015-06-24 22:56 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-24 22:56 - 2015-06-24 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-24 22:55 - 2015-06-24 22:55 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-06-24 22:55 - 2015-06-24 22:55 - 00002029 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-06-24 22:51 - 2015-06-24 22:56 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Google
2015-06-24 22:51 - 2015-06-24 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-24 22:51 - 2015-06-24 22:51 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Deployment
2015-06-24 22:51 - 2015-06-24 22:51 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Apps\2.0
2015-06-24 22:50 - 2015-06-24 22:50 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Macromedia
2015-06-24 22:49 - 2015-06-24 22:49 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Samsung
2015-06-24 22:48 - 2015-06-24 22:52 - 00000000 ____D C:\Users\JEFFREYYTAN\Documents\Bluetooth Folder
2015-06-24 22:48 - 2015-06-24 22:48 - 00000117 _____ C:\windows\system32\netcfg-236653.txt
2015-06-24 22:48 - 2015-06-24 22:48 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\ATI
2015-06-24 22:48 - 2015-06-24 22:48 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\BMExplorer
2015-06-24 22:48 - 2015-06-24 22:48 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\ATI
2015-06-24 22:47 - 2015-06-24 22:47 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Atheros
2015-06-24 22:47 - 2015-06-24 22:47 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Power2Go8
2015-06-24 22:46 - 2015-06-24 22:46 - 00001442 _____ C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Synaptics
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Adobe
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\VirtualStore
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 _____ C:\windows\system32\Drivers\144D_SAMSUNG_na_355V4_P07A.mrk
2015-06-24 22:45 - 2015-06-24 23:31 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Local\Packages
2015-06-24 22:45 - 2015-06-24 22:47 - 00000000 ____D C:\Users\JEFFREYYTAN
2015-06-24 22:45 - 2015-06-24 22:45 - 00000020 ___SH C:\Users\JEFFREYYTAN\ntuser.ini
2015-06-24 22:45 - 2012-07-26 16:13 - 00000000 ___RD C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-24 22:45 - 2012-07-26 16:13 - 00000000 ___RD C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-24 22:45 - 2012-07-26 16:13 - 00000000 ___RD C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-24 22:45 - 2012-07-26 16:13 - 00000000 ____D C:\Users\JEFFREYYTAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-24 22:43 - 2015-06-24 22:43 - 00000117 _____ C:\windows\system32\netcfg-303921.txt
2015-06-24 22:41 - 2015-06-24 22:41 - 00000117 _____ C:\windows\system32\netcfg-181834.txt
2015-06-24 22:41 - 2015-06-24 22:41 - 00000117 _____ C:\windows\system32\netcfg-178699.txt
2015-06-24 22:41 - 2015-06-24 22:41 - 00000117 _____ C:\windows\system32\netcfg-173020.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-25 15:38 - 2012-07-26 16:12 - 00000000 ____D C:\windows\system32\Recovery
2015-06-24 23:38 - 2012-07-26 15:59 - 00000000 ____D C:\windows\CbsTemp
2015-06-24 23:35 - 2012-07-26 16:12 - 00000000 ____D C:\windows\system32\sru
2015-06-24 23:31 - 2012-07-26 16:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-06-24 23:23 - 2012-09-19 10:02 - 01215801 _____ C:\windows\WindowsUpdate.log
2015-06-24 23:14 - 2012-09-20 02:20 - 00803478 _____ C:\windows\system32\perfh00C.dat
2015-06-24 23:14 - 2012-09-20 02:20 - 00159308 _____ C:\windows\system32\perfc00C.dat
2015-06-24 23:14 - 2012-09-20 02:14 - 00755256 _____ C:\windows\system32\perfh007.dat
2015-06-24 23:14 - 2012-09-20 02:14 - 00159584 _____ C:\windows\system32\perfc007.dat
2015-06-24 23:14 - 2012-09-20 02:08 - 00794432 _____ C:\windows\system32\perfh010.dat
2015-06-24 23:14 - 2012-09-20 02:08 - 00156832 _____ C:\windows\system32\perfc010.dat
2015-06-24 23:14 - 2012-07-26 15:28 - 03624158 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-24 23:12 - 2012-09-19 10:50 - 00000000 ____D C:\ProgramData\WinClon
2015-06-24 23:10 - 2012-07-26 15:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-24 23:09 - 2012-08-06 05:07 - 00499840 _____ C:\windows\PFRO.log
2015-06-24 23:09 - 2012-07-26 13:26 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-24 22:59 - 2012-07-26 15:19 - 00281088 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-24 22:58 - 2012-09-19 10:48 - 00000000 ____D C:\ProgramData\Norton
2015-06-24 22:54 - 2012-09-19 10:53 - 00000000 ____D C:\ProgramData\PopCap Games
2015-06-24 22:52 - 2012-07-26 16:12 - 00000000 ___HD C:\windows\ELAMBKUP
2015-06-24 22:52 - 2012-07-26 13:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-06-24 22:48 - 2012-09-19 11:10 - 00000000 ____D C:\ProgramData\Atheros
2015-06-24 22:46 - 2012-09-19 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-06-24 22:46 - 2012-07-26 16:12 - 00000000 ____D C:\windows\WinStore
2015-06-24 22:45 - 2012-07-26 16:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel
 
==================== Files in the root of some directories =======
 
2012-09-19 10:58 - 2012-08-08 12:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-09-19 10:58 - 2012-08-07 18:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
Some files in TEMP:
====================
C:\Users\JEFFREYYTAN\AppData\Local\Temp\Quarantine.exe
C:\Users\JEFFREYYTAN\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-06 05:07
 
==================== End of log ============================


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 29 June 2015 - 11:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/580663 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 jeffrey90

jeffrey90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 July 2015 - 02:18 AM

yes i still need help, i have posted all the info above. thanks

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:49 PM

Posted 01 July 2015 - 04:06 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Is there anything like strange symptoms or alarms from your antivirus program that makes you fear you're infected?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 jeffrey90

jeffrey90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 July 2015 - 05:24 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by jeffrey (administrator) on LIVINGROOM on 01-07-2015 10:22:03
Running from C:\Users\jeffrey\Desktop
Loaded Profiles: jeffrey (Available Profiles: jeffrey)
Platform: Windows 8 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> DefaultScope {EF878356-A90F-4751-9908-9086B52C0B5C} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll [2012-07-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL [2012-06-11] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{58FE4501-52FE-47DF-B17F-2375240D7896}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2015-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-07-01]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx [2012-09-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [143928 2012-06-14] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [1377440 2012-06-11] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1400000.088\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-26] (Symantec Corporation)
U3 EraserUtilDrv11220; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [138912 2012-08-26] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [509088 2012-06-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120827.001\ENG64.SYS [125600 2012-08-26] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120827.001\EX64.SYS [2084000 2012-08-26] (Symantec Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSP64.SYS [753312 2012-05-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMDS64.SYS [485024 2012-05-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1400000.088\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1400000.088\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-09-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1400000.088\Ironx64.SYS [222368 2012-05-25] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMNETS.SYS [431224 2012-05-09] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 10:22 - 2015-07-01 10:22 - 00011610 _____ C:\Users\jeffrey\Desktop\FRST.txt
2015-07-01 10:21 - 2015-07-01 10:22 - 00000000 ____D C:\FRST
2015-07-01 10:21 - 2015-07-01 10:21 - 02112512 _____ (Farbar) C:\Users\jeffrey\Desktop\frst64.exe
2015-07-01 10:18 - 2015-07-01 10:18 - 00000000 ____D C:\Users\jeffrey\AppData\Roaming\Macromedia
2015-07-01 10:17 - 2015-07-01 10:17 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-515815168-1746495529-2309485121-1001
2015-07-01 10:16 - 2015-07-01 10:16 - 00000117 _____ C:\windows\system32\netcfg-557656.txt
2015-07-01 10:16 - 2015-07-01 10:16 - 00000117 _____ C:\windows\system32\netcfg-554723.txt
2015-07-01 10:16 - 2015-07-01 10:16 - 00000117 _____ C:\windows\system32\netcfg-553413.txt
2015-07-01 10:16 - 2015-07-01 10:16 - 00000000 ___RD C:\Users\jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-01 10:14 - 2015-07-01 10:14 - 00000000 ____D C:\Users\jeffrey\AppData\Local\Samsung
2015-07-01 10:13 - 2015-07-01 10:16 - 00000000 ____D C:\Users\jeffrey\Documents\Bluetooth Folder
2015-07-01 10:13 - 2015-07-01 10:13 - 00000000 ____D C:\Users\jeffrey\AppData\Roaming\ATI
2015-07-01 10:13 - 2015-07-01 10:13 - 00000000 ____D C:\Users\jeffrey\AppData\Local\BMExplorer
2015-07-01 10:13 - 2015-07-01 10:13 - 00000000 ____D C:\Users\jeffrey\AppData\Local\ATI
2015-07-01 10:12 - 2015-07-01 10:13 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2015-07-01 10:12 - 2015-07-01 10:12 - 00000000 ____D C:\Users\jeffrey\AppData\Roaming\Atheros
2015-07-01 10:12 - 2015-07-01 10:12 - 00000000 ____D C:\Users\jeffrey\AppData\Local\Power2Go8
2015-07-01 10:11 - 2015-07-01 10:11 - 00000000 ____D C:\Users\jeffrey\AppData\Roaming\Synaptics
2015-07-01 10:10 - 2015-07-01 10:10 - 00001442 _____ C:\Users\jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-01 10:10 - 2015-07-01 10:10 - 00000000 ____D C:\Users\jeffrey\AppData\Roaming\Adobe
2015-07-01 10:10 - 2015-07-01 10:10 - 00000000 _____ C:\windows\system32\Drivers\144D_SAMSUNG_na_355V4_P07A.mrk
2015-07-01 10:09 - 2015-07-01 10:09 - 00000000 ____D C:\Users\jeffrey\AppData\Local\VirtualStore
2015-07-01 10:08 - 2015-07-01 10:11 - 00000000 ____D C:\Users\jeffrey
2015-07-01 10:08 - 2015-07-01 10:10 - 00000000 ____D C:\Users\jeffrey\AppData\Local\Packages
2015-07-01 10:08 - 2015-07-01 10:08 - 00000020 ___SH C:\Users\jeffrey\ntuser.ini
2015-07-01 10:08 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-01 10:08 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-01 10:08 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-01 10:08 - 2012-07-26 09:13 - 00000000 ____D C:\Users\jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 10:17 - 2012-09-19 19:20 - 00803478 _____ C:\windows\system32\perfh00C.dat
2015-07-01 10:17 - 2012-09-19 19:20 - 00159308 _____ C:\windows\system32\perfc00C.dat
2015-07-01 10:17 - 2012-09-19 19:14 - 00755256 _____ C:\windows\system32\perfh007.dat
2015-07-01 10:17 - 2012-09-19 19:14 - 00159584 _____ C:\windows\system32\perfc007.dat
2015-07-01 10:17 - 2012-09-19 19:08 - 00794432 _____ C:\windows\system32\perfh010.dat
2015-07-01 10:17 - 2012-09-19 19:08 - 00156832 _____ C:\windows\system32\perfc010.dat
2015-07-01 10:17 - 2012-07-26 08:28 - 03624158 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-01 10:16 - 2012-09-19 03:02 - 00056400 _____ C:\windows\WindowsUpdate.log
2015-07-01 10:15 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\NDF
2015-07-01 10:14 - 2012-09-19 03:50 - 00000000 ____D C:\ProgramData\WinClon
2015-07-01 10:13 - 2012-09-19 04:10 - 00000000 ____D C:\ProgramData\Atheros
2015-07-01 10:11 - 2012-09-19 03:48 - 00000000 ____D C:\ProgramData\Norton
2015-07-01 10:11 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-07-01 10:10 - 2012-09-19 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-07-01 10:09 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2015-07-01 10:08 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-07-01 10:08 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-01 10:06 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2015-06-30 03:25 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\Recovery

==================== Files in the root of some directories =======

2012-09-19 03:58 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-09-19 03:58 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-08-05 22:07

==================== End of log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by jeffrey at 2015-07-01 10:22:59
Running from C:\Users\jeffrey\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-515815168-1746495529-2309485121-500 - Administrator - Disabled)
Guest (S-1-5-21-515815168-1746495529-2309485121-501 - Limited - Disabled)
jeffrey (S-1-5-21-515815168-1746495529-2309485121-1001 - Administrator - Enabled) => C:\Users\jeffrey

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.0.0.136 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07736EE8-2192-4E15-A52B-5C7F16BCC854} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {136B747D-E273-44A7-B884-43549BDABE9A} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {2AA17891-BAC0-491F-9269-913D94E05CD2} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {3937CFCF-EECD-4C0F-97ED-1282DA2C8671} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {84519659-0E6A-4C20-AC3E-902EEA032291} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {9156DACE-469B-48C9-B8BC-4472E1B779D0} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {AF3FCC9F-E740-4ED1-A117-BCB939A60CB7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {B8DFA1EA-8260-41F2-8276-C7D4E2C68213} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {F9A72E75-EFC4-4DA8-9EC1-B0EDA6185543} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe [2012-07-25] (Symantec Corporation)
Task: {FDB097A1-938C-4124-83C2-54B61EE5956F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2012-09-05 08:50 - 2012-09-05 08:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-09-14 11:18 - 2012-09-14 11:18 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-07-26 08:55 - 2012-07-26 08:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-14 04:42 - 2012-09-14 04:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-08 02:22 - 2012-08-08 02:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-19 03:48 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.0.0.136\wincfi39.dll
2012-09-19 03:55 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0189B57F-AEAF-4419-AFF4-1CC3C37B365B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{56E1CFC4-48E3-4BAB-A573-3C9B21EA376A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8CA8B631-F2D8-48EE-A7AC-032E71050173}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{01004575-EDC3-46D4-AB0C-C9D6CC74F459}] => (Allow) LPort=2869
FirewallRules: [{1F2CE9B7-6B61-4F5B-A09C-8D65E48B87B7}] => (Allow) LPort=1900

==================== Faulty Device Manager Devices =============

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 10:10:52 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/01/2015 10:10:51 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac

Error: (07/01/2015 10:10:51 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

System errors:
=============

Microsoft Office:
=========================
Error: (07/01/2015 10:10:52 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/01/2015 10:10:51 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0x80072EE79e4b231b-3e45-41f4-967f-c914f178b6ac

Error: (07/01/2015 10:10:51 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EE700010001(0x00000000, 10:10:51:137 - https://activation.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=DM)
00020001(0x00000000, 10:10:51:215)
00030001(0x00000000, 10:10:51:231 - https://activation.sls.microsoft.com)
00030002(0x00000000, 10:10:51:231 - 0)
00040001(0x00000000, 10:10:51:231 - https://activation.sls.microsoft.com)
00040002(0x00000000, 10:10:51:277 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 10:10:51:293 - 0, 1)
00040006(0x00000001, 10:10:51:293 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 10:10:51:293 - 0)
00020008(0x80072EE7, 10:10:51:340 - SOAPAction: "http://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>MlJ2CmbfLWtE4Evs5g2V3rCaz9AO5AUyq+ACg0UYIcYLaNLyiB9Fz7o98P9IuDQ0Ll8y0aqvrHLJYl/GK5bs6k5uVsQT/qLFA2ub5mlePHlfOk2F7xiUKlAI39RGxRLt6OGzZ/NsFLTGEkm8Z19detRu5nZhoXTtvyLXXE9Q/OTbkn17hwGtyJieZ6a9Qdoaf6NXA4sP2vq7um6JnXKnGdQB6BVatSoz1HAaCUV/UP7zaLpgT61tlPpoKSA3WHyZ0FA1ngsd55H2j84SAMUVXMuCIlUMCYTBqwE1bRTfTo0WvfK5vcYQyMg/J69ICzJLYYjZqpA0RVFjwpG/vVqPPSk0F4A1kndnJdjJ2MQYBmZVuyd1u6hkUETkz0J8cTDw6weL5SKyF4YarLotBk1USEsO6pCoMXxQj4sQTTM/LfR+E07FTuq+dvElhRTE/ZqM+n49twf6RaHFgOvXAhbrmng3D7un+zI6YDS5if0GkB3w0z3TQ9ZeJqohUmbghL/NMFh8d2TWYbbfIBpNtI08xXGejeUXCM94U25kKoRSVOJTO9px079MSLK+fPPE5ooSH02Fz1IXSFmHcCVOemKyUneX9xsjQW8kKChY2EwiI9Ga0vuEz22lcp7OV5+x7PmMWvIqRY47Mv11fAchBYU5raVcc6yXK0RpWARNOuo0aXl25zcvIQqUoZHercQeOvxp3zQpChoj0Cxwnj3Qt/OmkvhUXvmuWITc8IKidLapJDkSdIDoSJhdIVwoYSyuHmg35UST5TcIdaYWY6AR+AG202mcPKzgKgp/zxa/SKcBl8AGZRuOAPUqJKmPjq/jE7WEKwlSj9QpnLUqFmBvmwal567c+C++/6KikLCb45vx8AIwHhnAg6adDeoLylVLGOwlLqoqf60fh1+PDaEw2DODlocKSnYNyUfAPvWxceIt8ZcsATI/e/HtgH3c4k3TWpBxkqioQWIsDX3JfSOLpF1A6bGBX8CRX0tqy1tibzrLIubtoW9oHGd9pUaBKu7xOFmRNLHWKrVQpUiPeZCPin7kwBkc8OqOdtMsIB9Ll+VvvpQWw7KvKy3q+dJoWOdXGowhbEBjgXS6STcdzvBWyJwz+8ttLqCDtZySRX9j2d5T+OqX5dQhik8nZNnGj9Cb/790E/mstNyRz4H3vt6c+fBYkMYjLlgtmtBcJhTE6u7g6DkulUzxNUKcviQHWDNET0N3Toi2t8EjKMpoEXnELhZpOsdJ74kHcK86iQSzSoqddeHmK/LAmBPP8jJdHUwVyLGopdlDETGQMyGy+FEZSlw6XA4ma8wa22Lss8MSdtI2Y/VJ3Px09wX9rC2IVKxeGzSlyx/lOhHplIj2+yeu+VaN0bE6fckpTKRytSl3ab5D0zyMv44YI30MN2Hj0HFbM5LaJROMGlhkfnIjmzGhqPWGbN3THj5eMY2UGVAmI+lctme8zG/woyjM0PPTdB0YHK5+ONy6uBCML1K+Z/f9iqLn4uwMwKnZQyEiXnSkJk3lOw+CyuEP1Mt41EeIWhV08egIGJG7DCc51Wt9sS0X2WZ3MhzxXPekdy5ZDUg+9ePn3vwbEO4PpxgY7zxJhoE5YInEgiKfo94ZzzWcARpVYBy97drt2E9EIG5SRBGMp30ljwODpuM1h9pMRMSPKyzDcIzIQ9iUZo7iRuX4rpoICvJeqAFgZUW4EPR+DEab69UNVB7SvQ2JOK3lDflVLcxZNiUKA8WA+wLBa7Tda8rTNIy+Uf4Uqn9KoETA0CNWWxLmY8WXp3X3BukQTX6bIE1lkvbeOayoI9w71/QW8VRfn77G3tItyj1E0dcKR+8mgMIG37TJYiwSV0u5WnEhKZr+0GkIAoU62DfhF1a/yhSTKMr9lhU4Y6+T57Am8JX3187vFflGVUJ4QS7/V54tITPmBO1o7KC57+z1+JFIhNJR5HmF+u4GJnguIySruSyv0bxzZhc0m4//vKIGnQ+Yco9GSPL90gXwK6Wq9qTO4VKt8xSEQqrHqFvc6POeLMGdymyL6cKx4T6ptqDPvudrNVnyz7aCr4ZpqeWo9gcaxnLIA89+X/DNfJ6QEqo3/6ZN9L3J+5RK0N+Gp2qfpZksBsLEX7E5hlP1w4jzYZUV1yaEOwb9wU6h6B+dzxoNkGc3kq10q+s1PPZixetZvxCK7CGv/vOJehQlU/2NiJG9/19pWccI3oigknPcfEfRnzEhkT1QRq1TOS8W6876K4qzeq0IiGXqZEA7zh7A+I8UnX6ZO7JcUWJqYGPAQBNEQQTYdy3UdWgVSR5JzAXsRMs1TxRBP8goGX7nF2C4uQaWwnxQtPZFT98dhKfEO0eWARwvV8DrC+dsnCATKjINhEUeh6M/yReg+z4Rj+xmqRGG4OhkJRG6taGKYZVW4Lk938YvIOGEMkgBoF+yfQ7MOzNHBJfccutmSMbhBameqgNwDietXZASkmhTWfiLayPOlkpvoTlR25l+MPjkMKF0otVe89aPvmJBK2smZaClnIEwj0eSfBPXA96dHwQ6RNPJ75IZ4NaUjgEiipUzhWKRgKavbnzddbu1okolWnponwP5Jbd1Vt1kEzGgDG2YIYDk7BaZr/HXjiv5JZWadvGdA1FmVP5ir2HV60jM+veDnp1dORDLPbEtpjIENsfTKFzh0O2fOALKCvGAtOh4pXXHDu4983XM0N+mQFMeow/uQOInAswgajnD/S5llKHdo9orA4q+83F5f1R54HQoXBoGKV8BhVblo5iwa6wIEb4sgGXXIHPCAiI5JrgDgC3iZrkkw2F7XQ456R/kjYjrR6ikLuev6xVb3hJo6RVErWdz53dQkd6cQVb9cL+brEr9s3qaPv6jN8ZEGpz7hFO1aMBdqZiRcL+wyJgItBTXnsXLzuXEnlTa5C0GNJjEpJmEFyc8bBTm3ee/D6OC57ENhJ2Pj9H4woIZjpakJ9xFcRRBDNf/h9ZQ99LzxI2KXPy8K+IISc01MZd0pj0CVTuEjkGWDiootKJIbnsQCp+sJlARAstEcYZbURJqiTBe4XlogSRno0IFjbzG6EI2PD+p9PNoR2Hd2mLuAzWmR7m0JWUkRRCiCtuIFSM8BgCXzVqndN/GQBODNWQenQAxsBHBwca5r95nxBU9Yg9xlKZbKYzM9SajUEJPm48AjyLpXk+Ljwg/bvqgzCdZLMUxZrxf3ppHj5VBv6yH6zXYy4OKz0EDhvCJV89IMSeMxZEMa4aXPmFWeUmRHsKL6F4OkxbLCFIy+JzH/wTGZGqqYvrmOTNufuOfv2zhBQL2sDwxOpnmd2AvWXddgphOerlZBa6MNnbvYcdrH4vwWgyBvcHsYRlwXJo9lDdxOCAtrz+dVGt7JvgSlSuZvhd1en2X5tNS0kY++tM6IDYTxnRJ5TOlp40cdpH3pYQfhCmAdA2tOl2raV8a3seEPPVk93lSex8ARALt9P84UupB9FUzcndJ6/ovJpHyBvwiGaXZN/gB+7/gpAY3L2ztjc+L6vtUocLwvFmjrNu7mi7yQKTl50FP3iRzwoi0gjgEh6BkZyud0iW+kjHSe1yPI38hKO/uqbl/mdeSZ4RWvce4/64wYjYVIrJvaI06681FHboMz2JAaeDX9dPxfmfHMFt40BgnZLOAkwpkbH2TiQVwgUUe4xncTKhOPOHkK5p18uTxvp87p8ZTn41e+plyJ9px5JVRniCeEToa5RwOgUe4z8lNjoJ7BNJOdsah8s3o+h3Okpp98t4dWvueHPFK+o8YtkaKCKRpZJXnaBABQc/sIyOys/8ZDcaDkynB7EaHNW/+dTcbxMHug5QsStk6iCRqrc28LdF4G38h36JQF5ZelY4DUA3swc5dNMT7txPxjasseip+Blydiw1/acbUkbSNDj+rg3MdFrQaaAZWozgD36i0UJzPQGt62nWyWytRgKHjWtYU8o8T9mn9f8vTyszINh4TfkpYdOEMy0dss2QcC6FCx3WaI+V1Z9JQ6NYcK8qWFW4mst5wGgPkvUT+UO2lp947b+SzMLwPFHuCiQbJKepXzJzkkqNwX4JkeygahjPA3vdwaiRoXcWwOsrM6LRNfGAIg2/ou0xhdy6EFBuQ2J6iaxVk4gEMhzdB21SpnrbiSMnZxPB62KMZtaNnksSuGkHLYJJvCWtUF1vDZnsUDUb+j47pju7wyAt1MkT5lt5zCX808obISfXjvPpPRARhJeIRhrYMlMbXXJ0b8RLb4o4yWSZYVH+MRZa7gJ+/rulw/wdOxapZdmdUDrtr7ADPtHwhgXylrSYsxL+xEaXAwNgOk92neNWWgZPcagLFioyS4YFHLpDca6Hkg4OwMlpgTAcu/PBbaxjafijQjnUHWpXk9jz0r1KUg9I1nO3cuGyjTZxSDyXzYx/Xm1oZRK3Rj4PAPEQbYTE+bmlR1IRanmhdo7Zo8wP4lBAP/g4RYuSR5rGd8vJVG5GkDeiZSxYyfKHjljYSJp8mWfgLkGek7qD+0ITWn6dMWupuV0p79426AmmMdQBnuEa+rEpH2RohBvhPYrbZTrX+5YDaqZIO/MLimhzzH18JRXtOAQItBYv6U5Wr+hvaUxufN7WDMWSPlHrooWLfpf7Q5aNl84YztyUycOQp7AFtlQPtcDfPx8M+4rUQRdbYtt81IyVw2CbFGE/Lwo20Orwp2tFSVIJxwC65l0PvTGwuYnu/d6Rzk4Mo11PFQ2L4LLimfgMTJ4Z8kxI+39w7GvH5z9aS7n/v5rgpSaLUtL2Jiz7B5vOKpf6G6g/mmH1RGXhngolIs+1dQchEhICI/dk8YQ+cPNNl6TGg/QHizQrF0SMcj4RBWqs+OlXxgBwEckzXdDpxVxA09H/HuuNccxyj1jAyTi2+G3qfZ3VD8KFSjy0jsuofOmvWOwaqbKFZXVbHupuOSYAtrHjb88hCQkmwE5BGXTBrAxrBzQXEGVX1XGdKx795WWbWqTumdhBHW+05TDkNQIRf8sxBY+irAB3xMceubymDOzLvl5y66Ke4uqbB/mCa6NtTe71DmSwiUnVIZkC1+2dtr0GU9QdUIYjPNX5T49qq6BChdMWtgMqWnPpaWPJr/i6BCfOIYPEJa+y7Nq7TJHkTyexpcKErNznqEBVZ8Pzeu4g9dZ75M3/Mdq8+SDBzJ30eje49r/CPHa4rjMv+hs1NyTYlqdYsqyJ3ex0wkb4Gye8VGZnwjNeUoRP1FZqimpL8nQKqdCZuFG+l78KrGXrvV7M8ozdYFc+2uM08rrLFhnJboFHrIWtX0r18IuT+knk073Her4exyhqBF60yzmS0DA8dLWq39xO/7Fy1aFSAOqcnphWJx/eb/mso3VxA+yNtdWRpB8BxSLXIkLFFO/CQrkW+nQ5EsEViaoUnNVcWJeLboy/2RlBNH3xRubrZk4pSqaebUsMJAMa0o6uH72XNh2FRqMSdzw6X/y26l/kRpkgFS/KPaTqmLCxtKA31/a9T1POLiTC4b66aQ9VjGXhGTZkbT/WPdtBKvt4YIHM+o5O4qwIH0PMwkEatqt0/QDXjGrqkQwsTr15weMiCagbcRDrmHP3YvXNbx+O5r4hldDpMZorOrOpFmjnekgL9G1Bp8ZxwuotzhTeFL04dIS7i9YqVfgw0pVZkvMBQqxE5+nX8kX/GIwFlkKmDmPzenFk3rYURelxZipEly1nitcSde+iyKrhap2e7pjAJECR5P0zi9B4I1Ezi21Sr3hotMBghUiCbwe7A2qLH9ZfOMO0IW/6b4nl/G2Ai8F+wX157SUCPKChiwHZCaTgXjdDHyIcAKqZOZL928sA0IR8Kv2yFDheii1sulhEjrfOUrt3Tco7leYHIWZV2uiwUHa5NTM/KEt6DOrFBR9hZe1IHl2gmIxLOkrz9XVQiqwWzT9G+kdLssNJY0VkRuKUvTkjKWZ1d74vEO7A6oZx/AgL3ebZjf3S24LGYJe/oebMasKDwZSZYB1ksX9GR0tqvScJn+r55ZsWR2Qecq7D7VkEHiHnTdGmDuqY4j818/ITMFql46yvKcbg3gSvvC0tDC+yIzEA7w19+XqPUgV5DjVqHlviCP707ws+4i/QPpkCIE8Zyh/YmjxqIV/IuskzQsskcjQUXDEjj80uGq3iaeE69UNU34fl8DfwyTJkfB0kKjiIzpGFx+WX6vdajNgRNEIbmy3ETTpI94NBT0y/ZQs/NVQJRT7hbb+R7WMrvYMn6ITQxeMhMYrNYQG/RtIlZxds66VsJsTXg3L954mkozpeSoPEaf5A1VKyu6lwG88DSz97SupzyG6k+A7myAJee5lL+0Z4DwC/I7+0Xn/EUvuVzSbinITBtEHOPTqMwLLEEjSy9H95AOYY+H7B3vCNnyvuYCZED7PHWQRVj+ttLas2DkMNsZ0w9dFKoKxSdlZZKG83g8s8o8mIuvLs15JlFkO6JMAN1rZzyIhFD8Brf3zHRW8dZuVodH03j2CHIZ8sTwKhe0pB2EKshk6roN+JDancc0jKx/F+wlE9+Sy0wFCXORtLfvcKA34DYyWfY4vsFzoGZrSZ3Ow97buJCwGAwRGWMbuUaBLF5A/ezFxfRU7MJ9ucipErIcXXJSAccZQTXB/9GUGVhi4Tk555+XLOYBiSKwz0mJXFFDDyEslwzjkSC7Z7HoZTXfCeEE+NF3cTd/uZjExDMyup2Y1lY97Ty/C24G7XiNF3wXfvJhmNee9ZXFYboz2g8be2E8U23MwIaCuvOXBUIvk1McA9XhHiEpfl8kDYNrXh6NeU6Y1LpT9NfXjhk7r9El28+hQyR7E6d3NruOE11NeIABkw0hiu3bOuw1yrUFnfaIytPE6q7q2PW7DyRG48WPVq3+c37+xDp9igbZrRPyoJOo2/iR6Hw1Btp0p0+rSQGlOCKtx1xbdKx5rYskknu3bME0MUnZivmIs2UGuK+zhFuwRXt0PFhNPNlPx6mLrKjU4L9i1yy8RBfj9y90RJLzwOe0iJT1y8a23vQfNWm06YcKDv2OZxt+lBr9QJI/8zgzk0Vk7Ka9Z1TuSeRAWnDHuFG5zVoP4yX0r7lP/L6M0gVvAauqI01sgnIbHc6LrcrK8FwW1jHpPZQChMK9TjqTYTAXb4002yjNQ3Pi7jGMTxXX8VXQQ2Ozg5OP4wn7ROy9VUNtYm23NCdJx4zzCwHOd5Wb4xe1YIvVxiWJI//BcATk3IpCxJwXbwgNZcM3ibOcT1mKWQapnhgr7JCwZeZZKNCeTGTiNELjD1hm/pb4F6U1Qsi7Z96zVVoZUnFzxp4okilPaog0+vPRqYOwSGA5op2tE8nzGiNc5qjLrX5wTczdJYQC5L9mdHodUlyvzgaI8f7B8DahzJ2uxweHmyComamJ6EVSa2l96ewJBLnZG2Qvili7tHCMDGiZdKqUnQIikHt9xgvjbU9PelydeHm2Ub8mfPvzGizowfA+/dFeC4k9eoIMc/2ooQo0aJVGv2/Sa78Vbv2pksJ0gvUzdyLx3IrzutBRWWiUERKp7PQG3TW7mxemUMMTM3PBQwrMm3fU0awpu5ELt32vkvoBz8lmTHa+NILShWRRttFA7SHd/EmjpaDRYQnoEycs6NUQUijDUZNVjyYjH+Nx2VENbZBIb6v8t4S61zWCUFU/XOu2F0oFId8tM/PbFDDJob1gz2z06havd+KnnewAj14sDH0QYnNLVuMK44OfdyKqmHfbZNGNLvrrvXBgQ+aQvCveYEb+f8JTV/Z5xocMjuknYpyKARmGmTYsdSQLTAZg7Btaq5NZO88i3hdxxGU6f0aG+Wd3mp7/wCG+35mnr3Hec/d0Csm1AvTB4OVfW6hxGJaE9ZRMYZPMtGH5sZjzBTvpREFkKX/aW4Gj8OJ+7IiKw8u8Y+zQZ4/AawTUd16pPhajfelHBXyyR9ye5lcN+mmtcvZSMXrq3X0aPlR/HFhsw7shQU98a04epCMFPKCB1nR7LfOP6NoXBlAs2Mi7taZXssC/5FJjyb2N4xRj3ik09/zAwqRZCWzb+44jk297WjOrQdnpVJZGeChWBgYgmHlw1gbsA14KnPwm8CZaJxTEpGyOrmInzEFacVbadVUMKC3r0r/2mVBhzzjPi7FY5wLgzoEqV/C5x1q6dX+aqAvfcE3I6MLqeMRp8ZBUaF2aMgDaFBGjoCA9COh+v081DqaqdOpJ6h6k5YJJmT6arXyBPHQgOMf1ihd5oCz4C9rtCJuEFZeEEAdUXDfimaAri4rpMF8v4UqjFqceqzTl8GVKVcUbgGE6GIvJsoXau7kmOFRbez0ZplomBKfCjDQfcvwKnPCesQaLFsjvcgMLxOF4Xs8WXlSAyduRn5DiFF7+QFMtPLz8vrI48Zt8a97JLZ9F9xfZnyACLfGBm1rwbULsHamgi8R199kKJZytIXHK37uP8qSqt567zrh25J9f8wIcnu90S2BawQfPFxuM20SbmMiQ+lGI3IfQLipTTVvUvaX/gwjWmo0cTRR+oHxBee+Axpoce1XsuwAjam5DqasjTu7SA3SLxs0F9cc2k7584s9W64+jwS7RExBGeegi0f/WT871YkODi2LZNPpKQ82nyJoS3wy2mnf73aQw6E0a+TXrnlo97gX5e2e8S8hANzqW4VvzKsD/1RZpqLoklV2gJvIgwDDNq/4eizd6RVcp05Ar/z9VFYWNnrlTuMYlBJId95eVPPiZhRLoLLViAVM2SKo8bOUAjFmPjIyAzhKzaulJDlCY2fWEDsp61+FFBZ7CSNWEGl+M6x6noau9xY1Xu3IGCAb/5CT/LwdrMxIWaDrXqbmdhkPYpj5vKNPf1ZG04ppBEph9fm8kcyZJNsGYwyclYRAUQwhF2SOnijGBBVnfhTaO55dD5TRLxK6Ce5klEaD5Uw2visZLbQujxvTkm1S8vIH9MxQdRZRRM5KvOSwpPnZEDzvslHVdpoBuvtt6MwHf81J/9Y3U1gg8rrraN6aKFL1GF10vi62KCM+bzosT2eCEsLujjhRJQAcS8C8QnwBzq1NTnAEie6cT5YVV6n+TwkklJJgDVqqRLHOeh2s06ucCR0zjYZENh4xjUOlj55dfPsb2CqRXqkw6gC0cFyOfTsEBUkX8FPVr4zAgV0gpXGWZBIiGx6uxRg5hfmbypoaA8Uwn0uoJhOn8r/i1bSZnpEf0cMx5/cyCnMEtpyGXVbR7QA91Xf/2a6ReTx41VqUmgLUAc8QF60/uoPW9KSoucGmmIG9AljHHdpy566bxAFIwa4cxsgh7D/WUpNGwBulklK/xn6ifjnv0VJSCjPWnrp4BshEX0tPQk3JWN0EHvkw31Z5AZa2LFVW//UQF1nc+eqUrsA96BnMddMh/57aiKxU3D5TvrfnQqzQy2Ix+iu1BeVc5grdoaKKBASGPjFYDTW5HZ5H1P6MCQHNHPhBoN/chtw6bZxHrC9KCD5gEz0gDkxRmJYDOJ41ieV5Lnbgdt7pRk2XMGElvLW1HZux8FSVPiuM5GOfvL9LEedqtj9KxiVDlOTzG8HniBxE41S12huMLu2Y7htgbCTMhF1HzrTtGEK9Dnp/vx5sIAy4soDGJw11p8hlI6wVyvFlpsFmo9C79UcnxtElrJ8CNWqcW6NricxetJZ/AtjSk+pTsyGJ+ybfiO4IVVKtWxQjaTjUkMo32eAjcTLmaxODsa4coro05kqYzEgbSVJ7ogYPrUf0zXRb8sD97GgK++kEWsCb/IDYxf5fhQ6zdkvhUTse9ZVEo12ODUdIxGm/Y2rBfk+Yy03cInLUNbYhGvVrp75JLRA/Pt9Y6LjFQxZtxwRNyBQLLxRfzTBh0BnW3K7UuYStXxWKt4yTpi66Z2947nEdyFRb31CkYu+c73Tk8gNlfojccSSkQMPoSvFADveEO17pdpB6fuEmplKDcre6xhUA6oAQEVOfkJ9PPJ4IW0egetNIdh8jCumrowgziQu2lH3XIzXxBODiXe+vKyfIUVCOZFxozCAdjWrcQJ1AdX3ghlc9TMVvQC7snJJafmycy3rBdHnO/RP8/8/ITxNfxO0aRXNCo+htsWKoq6dCdHvr7JzA3rqifkAVFftT5I52Vg9pYMNQB3toSDrL82OsIWx8xh1b5OW4g1J0nE6sxxpOwZxCSslDsaKVQpKtbzJ8PqFDQrH5Ql5TThPT33SQHps363zF6aDiYCjHTOOFkmo4mjLd4qCGgY9t5VjqvWatx4dCgC0PJfIF/ZzfPqfBTC0NFwgB3S6UhY0yU1YY8FvkUqukjb5+M6b5Fg44E6IXTUQ5vI/Jgy8kMYjZuu92X/IwDCA1H79ekE4RmbCyZHMSmP64iWCZLo2F3SUhFlBjuqsERQ+JxZ9lWzWosDIQSdoQlLpAxa8V3Xt5Gr7mYw7MTnrHqVI6mTozhgT7Ise3HdtiPbj2vzdhZvFeNFeRJTkccaXv7tYTRyXHYQOZf4KYELhEzydNapJ2PsqK2guL1YTnKrf1LuxYIL3Y2s4mIgaA1Y7wTFm7im1MHfVwhktgJSFXohLuU3Wgi6QKeLlVShhggwxCAZyKP08USllCV98RefrBmkNYmdw5KES2fTyeG+g9rGJOFV6f3U/X6rrVaN8FqPIfeUiNaNPMnLrbfH1RFpQA4qj6gYIrrAbgaEmkD0E9gR6Fd3/TfOYP6IQOlRWB68AgLReY9RBznveeLxj31nKANh18awyEJclydIDjs2V3fENbUEWwLqhX8/L2M0TrTEb2AD/d+HQDfIP0pCS1Vqldv5urZnv+USg3vDvOF8Ip6XJ0UCn89vGeYEnUt7G4/p00olcx8J8TKIkdYI0NXnxt049sxuBDQ3p4C9MmlgrxNjpoUHwinM+DqrpgU4BiQa92kiVVeiPwAgxfxWbjR5in0qMYunaDzxhT4C2d0YZxudok8WGUFkWqZgitjA/PlYhLnWZ1mcz415GqdQPJW4YACxM91Ag32X7w2m6JxNgsAULApaxG9SiRQrqmiilp4ctYVgFiMi2RqgQLU3quyfYZQWApx9UOEYnGBzwW84ab8zvYoNE+2akTWrHjmeZyWnBey9QPBv6hZdp8YC6Oo4l+b3uDqo6lCQWatYG3wS1djqoFF03NQCsmMwslFN89y832L0O7W41TB/j/fEgfbxNKr1V3jfFj7peXSy0BHo/d6RB66q0B+yDZvH24T09zKayU75T6Rn87GG7o8ZbnENK27bBCLtr1aEmCamoruWAC7K8cv1z8prBhGYYQ6Ds0x4DQEFWvt0QpPh8HIGAmyvug+5T/Ps0moiLgizk+wwwlOzkZxtoTiz007VJFJL7z39VcdqQmyc6ZwoPqG5vHMOsPn0vUqF2WQaQ1AzDHhcCJp7m3JS9qmJtQRyinyDOAewMt9WRTX6voR6RmpON1+EgKsGINJ/3Mw4ljRDdfRf9TN/IDzT/63RgvNhhf2crbTLQXrQhVWBSY2nf/z62EXcp5OcDoRkoBW3oGVYhsqcxQ696iSAlhrFjWd6K8KkFVXzh9hjKWnYncgGRuygTd9rzjoDzSltHgcZsXGh75iiSJfSBxYj0gCjaJCpnRlt2RZAoAQyZu1O9FNN8B77+WWM6k/FAb5UinmOBWWLSo1yPi3ZWkVMeMK7LytRFYQwsX8oLwWtRyGo2Zs/wMMySIP7BcGE28krPZdJjgPLwIYITYWba9+DLVMF4wWFc+iBWLj6xihSYtiwsseiVZKlDPoNAjhFLQqLl0kMKQX/xNQkJjyHhJ8j6c7arNqeKfZe0fVz2H95ErFmheV9Evq2rx7aW4KHk6dtH9rEPc+nI0/ZPwQRgnESZfjnYoUOw6AVnjYzXwjpCt8rrQeOwRpLp5GWjFho/VmyKYLqEiJ9rcmODydtdH/n70bYAyTlFCEzcUmzzjR44sBQPuZhJ4w1egL9bZ7OFgzDN6zg0zQsrxquDn4ojq7JWywTN/V4F+K3bJK6yeYbZygWhQxqzgOWmgP4ZN7lW5V1Wqp2SEpXqlcf++9erQ7lHlBSR2sReX7nF2lah6dc9mnwm8T+Wha1AQOq+oRvfgMHlBMSgxEtdg5bUdj+sKCH79iefVZ7y6fiHxKvYw5KZ0T0d0JsTMGo3RrQXx38liVNwkpXEFUODIuRm68LBnRa8+KXIHYeCgdcCToJYd8xiEIZ2IibZ0Yhm0hCYQRAUa3Bg4lSqhewgQh3zBxMDGDyYD5CJdguDGFhBeFgQ3Ll3L37+C49y7CU2xGPK+sEm5bQ2uwQfQwHSp42LR+zA0oKvNKjkFvM1HW5fDe+DiCF+x47g5Ibp2d+/iOqW16ExIalZqkOxhQRJu3srWJQF4GH7rcn848u7Xd/FDJijN0xy8A4FEPhunSRBRq5DYJjj4karHCGqBlXMjyAaSiZSfC5CoOMaTE0gseDVjRpOZ9NjbbMbqo3RjNXgojv0hcMDZDBZFKFupdZ9uq9WsOMmclY8vKYvVkrU+25i+bip3oVwvrNjMW4LLBsmmYubdC6EVxysvoWSucwDDRs9C0Lvis3/xIcj256WxUYuwiQsBeK5dUC7Oy2xvxR8iXusVAz1rDn75cR55himMEyTkshw3FLp+7fxaJUvWU2oKyefelTao4BTKazm64haXP6oLRHFjPwAmR0dwDAMtuX8+sZASCYEwHufN/4Xsry38d6WckVqx7g8QzAjJfV3DWYN2TZeC7OOKqlAr97P98gn8u9s0KLSznVsTdgiB5l1PRR0GsZk+y1Y4z7TWu58dVKGpR/AAUtrokYZUhBQ5gYi6UwqkcaK6WEmQuz0B467vlBjYcjKu3QCzZTOH+IiOHkrshaDO2pRmgEKdIxbwZZ9FJ7a2dxVHtxwsT4NuWpvVYNV1IZ0zu7fQ4ERgW/9KKQYjcmLfGcdsBX4AXq0Sj4xTVQxbTH8NKMzECQks2gAZ4AEUIdM801Aqu+iZ2jZSU/77Je2oqErseDjAQUR/Dnm/tMo06JOU7IVo+N6T3rJK0jZctY+d/FSVuAS0Co4kppqnnXOMK7E5ZzmsGI5UfExTK6wfIYXBOnkDEBwv+9FTLk6g3bLHgEnUfrviMMOJtMlUQkDDIQyTZJvu6DzzOQNqLbXtLceXiwGARTqpHCzEVbbqxBGvhqy4UdGkaaQe5AI//Ke5ihq9vUGzg9nBr3UxidyYJygSJ0zadfzJyRRUpBLsvD4w6+2N82NVssUeZ4W98YA8AS7bgmwPue8Y3o/D1Hf/w7UEW4uaT5XjuTPvKUGE1twFL5HkbdeD+w/Uh9nH4B9YDxJ/tgT2yz9Ju1JIyvm4seuhqRkRgPm6yYVR7MCUGyawBNMBCbIowaLB361gIfa1bKdcUEoY7IsgwmMMU0+jfZMGymprL0eX1Zr+Ip8l5FL3eY+8PenHsv/ScmvAHVFQd5a5Hr1/y4hqKmwv1gYKzSPMySruHUhJLl7oLuEeHfFb3l8fQ6BJSjGGg4NrtU8klVnW6nB1J2u8qCSmLFpb8nlQE/RXNPRp8rxPCfvlLZiwnvhHMuPyDkpehukalG9h7kJi+LPRtgAC4nByBPIuB95c5HVK+MOzQu14b2kLd2UOWCp3bYoINdCOe+sxwLX3S5UQ5GYNmCFCkynXeT7UN1a88bHk7HFA6F1Yb6uiGApWSY8NfkElJLv4q2yxCLR0WEpIEJpuUR8AxmzNm3APN0GuVHTg2fUMTkNVpAv9q//LvZE1833vJfep4haLOnHd7FuVMIjbjnVMreasLme4TfEwA3OfRMjWZXTT7NH3xeHjiTSkW5s1EGPwxrkmTv301Nu66ji5bDTfwYxuyJ4OgqUtCG7vIaKm8xQufFuZhVx20ITcxuIdtQkC6VrzRq5TH5tajumHmIICVwUqbM3lWNZB/zOUfgdZA7DJGs/OVDTAu5GRnPw0b3EcKbek5MS3harBVyvMf0Ni/hkniv/e2+XIL9ulGUG4MJn/tH68OLTRJEROLwqIOicg2CM8g3+FrZCj3eKulliL0QgJviE1Vrm4k6wKtZxvdn4h5XGore9bI1+PMMa7Cja/mxdD6iz1x4C1YBGhuhER0144cuznR2IcoML5tBLdjrgVX2LxtPM+7GZ39PDkobu/9JCO5y2kzaSZQUOuT/YJkv6dssI3C18UHYqRMbKnsu9sfG8KgFtCOvpEaX/sVkBqPfsUjqcxyvzOuccuMvf8oc3XLlyn5E3c/BR3w5dk+r/L323fGjgN0cermrHNK2DyGqUlReVPAGRjEIk4h9pToSTebYgtoLqf9GAt044MWMz71jAAhR5hVUa/fzvP1s6P6nC6eOdpwkktow173dJUvHMYne2aiADJT8cw2XEMBC2K8/MTwZ6iLNNp5Be4GA==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[16]"><TokenEntry><Name>SessionKey</Name><Value>Kbr4IZ6Jc84u3TqeGl2vPjiNVwWz1BKIssMUJRdNCIkpytfXgfltLGk66VudWvDNdtr93USh0PdKIZre2fiZzlJimPEEVQ0UfNpwWRd1I/OeIqfGDF3Wz4cmYZETHJcWPE/v6MbrCADpkVQeGN2C1O7Tt9Zh8cXJK6qm7tFxWs+3ybUX47Q9kPrNFUWaHfQRNRtgOYFTlCuwqLfi1DvFvyQGWGZkSTsaWJBcZKlITzrmgyCA19gLF0+UbCKv8U2b/xq9UMD/smyEbH0E9ETCxTZGvSyweiLfaWKGETyIuvSqoXjTZEFSP2TyWBC90DARwM4DTg5Fq85hpRvFHHQG8A==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>0qfvZXZcS2s6Un6foGKkGk6N1pw571IlC9pK5x34hiI=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>DNksJ39km22ip8Std+r0euAvEm4PhsSN3kLXkc1nZ5I3BiESWx9N1btUfYRdRijiZZCSfl0pH8Q/tb4a27e8fAP1uia6OETT0Eo4HZ7uYdc=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>HU0nGhG2y1k4JBaiQ3tuQ2I2ow5/oammE7aWPFAYiG8=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>0qfvZXZcS2s6Un6foGKkGg7jtpHN+VX+CyqrswJXHNQ=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>iKhbT+SHoPWkUyOTtqwOn3jonNkaIsJ4aXd/aS2CZKZJc3WcS53GIZnQHHJN7pXTrllOrQnRhQ2dB77tW/BeHCrJ4FzKoDw4MFLk2uEPX3w=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>mUxayeCaEyKN14iDQSLeJFCFCbFUy/kNbupttxW4J80=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>mUxayeCaEyKN14iDQSLeJHbLD1vbTuHTj0WIsxD4+tU=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>gXj/+W7w9HQ1fgoWUVGOCA==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>gXj/+W7w9HQ1fgoWUVGOCA==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>UhMjwyA1ZtZjk1OPFyvI1KmG1C86zQpv3+XXIlpeUbMLY0AOslROI+vjptupZM7V+aPVsLhxp3++TG5U5tL7ZA==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>tU2WjNh+sJM5TJW15QpLzp63j6qLvGaDpyKse7pmAyy4WrIV7B7UGngPTgpSk/QOE6pmVKjNe5N+JZNCV4gLkQ==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>J2aAn6Z3tS+p5/e3v9g1uSaS6zsbog663tSqN1O81MQ=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>J2aAn6Z3tS+p5/e3v9g1uSaS6zsbog663tSqN1O81MQ=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>QbTwpU03EjVik0u2e3IWpOialMCKjQPMlcRmclpHbV+2M4PVoBXL9+4QwLuwd1ta</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>QbTwpU03EjVik0u2e3IWpOialMCKjQPMlcRmclpHbV+2M4PVoBXL9+4QwLuwd1ta</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 10:10:51:355 - <NULL>)
00010003(0x80072EE7, 10:10:51:355)

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 5595.04 MB
Available physical RAM: 2971.29 MB
Total Pagefile: 9563.04 MB
Available Pagefile: 6697.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:907.34 GB) (Free:878.14 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:49 PM

Posted 01 July 2015 - 05:26 AM

?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 jeffrey90

jeffrey90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 July 2015 - 05:29 AM

I can't open the logfile due to I don't have any access ...



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:49 PM

Posted 01 July 2015 - 05:30 AM

Is there anything like strange symptoms or alarms from your antivirus program that makes you fear you're infected?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 jeffrey90

jeffrey90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 July 2015 - 05:37 AM

Okay, to be frank, I think that my router got infected.. Because almost all my devices got compromised. And his just staying right above me.. So mostly what I do or any repair to my computer eventually he knew about it.

 

Level Date and Time Source Event ID Task Category
Information 1/7/2015 10:30:55 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPRequestAdditionalSoftware
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: USB\VID_04CA&PID_0061&REV_0100
P3: 6.2.0.0
P4: 0809
P5: input.inf
P6: *
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_8fe8ab30228a4218d4af398d39f5360d52b6b_cab_1281bc3d

Analysis symbol:
Rechecking for solution: 0
Report ID: df1fb3d4-1fd3-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:30:55 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPGenericDriverFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: USB\VID_04CA&PID_0061&REV_0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_fd9292e0443a109bb488259d06ba8f3e4a3d2f6_cab_1281bc3d

Analysis symbol:
Rechecking for solution: 0
Report ID: df1fb3d3-1fd3-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:30:49 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPGenericDriverFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: ROOT\BasicDisplay
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_144ff570b3e3a146bbc16ce959228d37863c14f7_cab_1121a43a

Analysis symbol:
Rechecking for solution: 0
Report ID: db6ecfbd-1fd3-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:30:49 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPGenericDriverFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: HID\BtIaHidDevice
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_9095ffd956c42d64f5bceb3769af4b22e7a9d0_cab_1121a43a

Analysis symbol:
Rechecking for solution: 0
Report ID: db6ecfbc-1fd3-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:30:49 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPGenericDriverFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: USB\VID_2232&PID_1029&REV_0025&MI_00
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_e09cea24934dd95e4f82c7cfc13bf93dc1863e78_cab_1121a42b

Analysis symbol:
Rechecking for solution: 0
Report ID: db6ecfbb-1fd3-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:30:49 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPRequestAdditionalSoftware
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: HID\VEN_SAM&DEV_0714
P3: 6.2.0.0
P4: 0809
P5: input.inf
P6: *
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_ade780c0bc75513c21647fd347af67bbf787d6bf_cab_1121a42b

Analysis symbol:
Rechecking for solution: 0
Report ID: db6ecfba-1fd3-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:30:49 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPGenericDriverFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: HID\VEN_SAM&DEV_0714
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_922068f71ffab0d1532e739261dde368efac628_cab_1121a41b

Analysis symbol:
Rechecking for solution: 0
Report ID: db6ecfb9-1fd3-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:30:49 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPGenericDriverFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: ACPI\VEN_SYN&DEV_2601
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_bd695aed1c5efa3b4b88343716352c61c7a_cab_1121a40b

Analysis symbol:
Rechecking for solution: 0
Report ID: db6ecfb8-1fd3-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:28:10 AM Windows Error Reporting 1001 None "Fault bucket -1147409366, type 5
Event Name: RADAR_PRE_LEAK_WOW64
Response: Not available
Cab Id: 0

Problem signature:
P1: IEXPLORE.EXE
P2: 10.0.9200.16384
P3: 6.2.9200.2.0.0
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\Users\jeffrey\AppData\Local\Temp\RDR32F3.tmp\empty.txt

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report ID: 7c0e4249-1fd3-11e5-be86-50b7c355cd02
Report Status: 0
Hashed bucket: 9762397733e070048580ab2233b52b78"
Information 1/7/2015 10:26:00 AM VSS 8224 None The VSS service is shutting down due to idle timeout.
Information 1/7/2015 10:23:11 AM Windows Error Reporting 1001 None "Fault bucket -1146754394, type 5
Event Name: RADAR_PRE_LEAK_64
Response: Not available
Cab Id: 0

Problem signature:
P1: svchost.exe_netsvcs
P2: 6.2.9200.16384
P3: 6.2.9200.2.0.0
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\Users\jeffrey\AppData\Local\Temp\RDR9FC7.tmp\empty.txt

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report ID: c959908b-1fd2-11e5-be86-50b7c355cd02
Report Status: 0
Hashed bucket: 89fc610de6729ae2a80f6290b94417bb"
Information 1/7/2015 10:21:46 AM Windows Error Reporting 1001 None "Fault bucket -908799784, type 5
Event Name: PnPGenericDriverFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: USB\VID_04CA&PID_0061&REV_0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_fd9292e0443a109bb488259d06ba8f3e4a3d2f6_01ed5c04

Analysis symbol:
Rechecking for solution: 0
Report ID: b77eab43-1fd0-11e5-be86-50b7c355cd02
Report Status: 0
Hashed bucket: 8141a51b7a76e9f69ae962ac97c174bd"
Information 1/7/2015 10:21:46 AM Windows Error Reporting 1001 None "Fault bucket -774892896, type 5
Event Name: PnPRequestAdditionalSoftware
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: USB\VID_04CA&PID_0061&REV_0100
P3: 6.2.0.0
P4: 0809
P5: input.inf
P6: *
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_8fe8ab30228a4218d4af398d39f5360d52b6b_01ed5b2a

Analysis symbol:
Rechecking for solution: 0
Report ID: b77eab44-1fd0-11e5-be86-50b7c355cd02
Report Status: 0
Hashed bucket: d60028f3e3503863c0f19355861c90f0"
Information 1/7/2015 10:21:46 AM Windows Error Reporting 1001 None "Fault bucket -1304444936, type 5
Event Name: PnPDriverNotFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: MONITOR\AUO21EC
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\Windows\Temp\DMI1267.tmp.log.xml

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_33934f4bce2981b473d694dd281e6811412898de_01ed5a4f

Analysis symbol:
Rechecking for solution: 0
Report ID: b77eab45-1fd0-11e5-be86-50b7c355cd02
Report Status: 0
Hashed bucket: a96d5f635000bf78e7ee24e9fe9eceef"
Information 1/7/2015 10:21:45 AM Windows Error Reporting 1001 None "Fault bucket 467157136, type 5
Event Name: ScriptedDiagFailure
Response: Not available
Cab Id: 0

Problem signature:
P1: Microsoft Windows.NetworkDiagnostics.1.0
P2: 2425254287
P3: 1.0.0.0
P4: Default
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\Users\jeffrey\AppData\Local\Temp\msdt\_88ADC82E-5856-47D7-9C66-694A558EA92A_\PkgBAA7.cab

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft Window_602163d6a5d3a9c45b8325886f6f4ff094cb237a_061556e6

Analysis symbol:
Rechecking for solution: 0
Report ID: bc0488c1-1fd1-11e5-be86-50b7c355cd02
Report Status: 0
Hashed bucket: ba9c3bc28a072cf38e613dd1cf6a358e"
Information 1/7/2015 10:19:45 AM Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: <CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436>.
Information 1/7/2015 10:18:52 AM Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: <CN=thawte Primary Root CA - G3, OU=""© 2008 thawte, Inc. - For authorized use only"", OU=Certification Services Division, O=""thawte, Inc."", C=US> Sha1 thumbprint: <F18B538D1BE903B6A6F056435B171589CAF36BF2>."
Information 1/7/2015 10:18:52 AM Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: <CN=thawte Primary Root CA - G3, OU=""© 2008 thawte, Inc. - For authorized use only"", OU=Certification Services Division, O=""thawte, Inc."", C=US> Sha1 thumbprint: <F18B538D1BE903B6A6F056435B171589CAF36BF2>."
Information 1/7/2015 10:18:51 AM Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: <CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25>.
Information 1/7/2015 10:18:49 AM Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: <CN=GTE CyberTrust Global Root, OU=""GTE CyberTrust Solutions, Inc."", O=GTE Corporation, C=US> Sha1 thumbprint: <97817950D81C9670CC34D809CF794431367EF474>."
Information 1/7/2015 10:18:49 AM Microsoft-Windows-CAPI2 4097 None "Successful auto update of third-party root certificate:: Subject: <CN=GTE CyberTrust Global Root, OU=""GTE CyberTrust Solutions, Inc."", O=GTE Corporation, C=US> Sha1 thumbprint: <97817950D81C9670CC34D809CF794431367EF474>."
Information 1/7/2015 10:17:58 AM Microsoft-Windows-LoadPerf 1000 None Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Information 1/7/2015 10:17:57 AM Microsoft-Windows-LoadPerf 1001 None Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Information 1/7/2015 10:17:44 AM Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: <CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE> Sha1 thumbprint: <D4DE20D05E66FC53FE1A50882C78DB2852CAE474>.
Information 1/7/2015 10:17:44 AM Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: <CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE> Sha1 thumbprint: <D4DE20D05E66FC53FE1A50882C78DB2852CAE474>.
Information 1/7/2015 10:17:41 AM Microsoft-Windows-CAPI2 4097 None Successful auto update of third-party root certificate:: Subject: <OU=Equifax Secure Certificate Authority, O=Equifax, C=US> Sha1 thumbprint: <D23209AD23D314232174E40D7F9D62139786633A>.
Information 1/7/2015 10:17:41 AM Microsoft-Windows-CAPI2 4111 None Successful automatic update of third-party root list with effective date: ‎Thursday, ‎18 ‎June ‎2015 9:25:35 PM.
Information 1/7/2015 10:17:41 AM Microsoft-Windows-CAPI2 4108 None "Successful auto delete of third-party root certificate:: Subject: <OU=Class 3 Public Primary Certification Authority, O=""VeriSign, Inc."", C=US> Sha1 thumbprint: <4F65566336DB6598581D584A596C87934D5F2AB4>."
Information 1/7/2015 10:17:41 AM Microsoft-Windows-CAPI2 4109 None "Successful auto property update of third-party root certificate:: Subject: <OU=Class 3 Public Primary Certification Authority, O=""VeriSign, Inc."", C=US> Sha1 thumbprint: <742C3192E607E424EB4549542BE1BBC53E6174E2>."
Information 1/7/2015 10:17:24 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
"
Information 1/7/2015 10:17:24 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2115-06-07T09:17:24Z. Reason: RulesEngine.
Information 1/7/2015 10:16:53 AM Microsoft-Windows-Security-SPP 8197 None "SLUI.exe was launched with the following command-line parameters:
RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;Trigger=TimerEvent"
Information 1/7/2015 10:16:53 AM Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule.
Kernel policies:
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0x00000000;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=BG67T;ProductKeyType=OEM:DM;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=OEM_DM"
Information 1/7/2015 10:16:50 AM Microsoft-Windows-Security-SPP 8197 None "SLUI.exe was launched with the following command-line parameters:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=NetworkAvailable"
Information 1/7/2015 10:16:50 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 625cc89b-693d-45c4-9967-123877fc41e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 9e4b231b-3e45-41f4-967f-c914f178b6ac, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )]
3: bf4b3af6-c071-496d-bfcc-5f0dc12c7798, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: c752c2e0-7c17-4af4-bba6-6f8aa1e698bc, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]

"
Information 1/7/2015 10:16:50 AM Microsoft-Windows-Security-SPP 8197 None "SLUI.exe was launched with the following command-line parameters:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=NetworkAvailable"
Information 1/7/2015 10:16:48 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 625cc89b-693d-45c4-9967-123877fc41e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 9e4b231b-3e45-41f4-967f-c914f178b6ac, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )]
3: bf4b3af6-c071-496d-bfcc-5f0dc12c7798, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: c752c2e0-7c17-4af4-bba6-6f8aa1e698bc, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]

"
Information 1/7/2015 10:16:48 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 625cc89b-693d-45c4-9967-123877fc41e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 9e4b231b-3e45-41f4-967f-c914f178b6ac, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )]
3: bf4b3af6-c071-496d-bfcc-5f0dc12c7798, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: c752c2e0-7c17-4af4-bba6-6f8aa1e698bc, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]

"
Information 1/7/2015 10:16:43 AM Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Security-SPP-Reserved-EnableNotificationMode) (Telnet-Client-EnableTelnetClient) (Telnet-Server-EnableTelnetServer) (TiffIFilterLicensing-EnableTiffIFilter)
App Id=55c92734-d682-4d71-983e-d6ec3f16059f
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac"
Information 1/7/2015 10:16:43 AM Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Security-SPP-Reserved-EnableNotificationMode) (Telnet-Client-EnableTelnetClient) (Telnet-Server-EnableTelnetServer) (TiffIFilterLicensing-EnableTiffIFilter)
App Id=55c92734-d682-4d71-983e-d6ec3f16059f
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac"
Information 1/7/2015 10:16:40 AM Microsoft-Windows-Security-SPP 12304 None Successfully acquired genuine ticket for template Id {88d92734-d682-4d71-983e-d6ec3f16059f}
Information 1/7/2015 10:16:40 AM Microsoft-Windows-Security-SPP 12305 None Genuine state set to genuine for application Id 55c92734-d682-4d71-983e-d6ec3f16059f
Information 1/7/2015 10:16:40 AM Microsoft-Windows-Security-SPP 12304 None Successfully acquired genuine ticket for template Id {88d92734-d682-4d71-983e-d6ec3f16059f}
Information 1/7/2015 10:16:40 AM Microsoft-Windows-Security-SPP 12305 None Genuine state set to genuine for application Id 55c92734-d682-4d71-983e-d6ec3f16059f
Information 1/7/2015 10:16:38 AM Microsoft-Windows-CAPI2 4112 None Successful automatic update of disallowed certificate list with effective date: ‎Tuesday, ‎24 ‎March ‎2015 12:21:10 AM.
Information 1/7/2015 10:16:37 AM Microsoft-Windows-Security-SPP 20489 None "Genuine validation data collection ended.
"
Information 1/7/2015 10:16:37 AM Microsoft-Windows-Security-SPP 20489 None "Genuine validation data collection ended.
"
Information 1/7/2015 10:16:37 AM Microsoft-Windows-Security-SPP 1033 None "These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Server-EnableTelnetServer) (TiffIFilterLicensing-EnableTiffIFilter)
App Id=55c92734-d682-4d71-983e-d6ec3f16059f
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac"
Information 1/7/2015 10:16:36 AM Microsoft-Windows-Security-SPP 20482 None "Health check passed.
"
Information 1/7/2015 10:16:36 AM Microsoft-Windows-Security-SPP 20481 None "Health check initiated.
"
Information 1/7/2015 10:16:36 AM Microsoft-Windows-Security-SPP 20482 None "Health check passed.
"
Information 1/7/2015 10:16:35 AM Microsoft-Windows-Security-SPP 20481 None "Health check initiated.
"
Information 1/7/2015 10:16:33 AM Microsoft-Windows-Security-SPP 20488 None "Genuine validation data collection started.
"
Information 1/7/2015 10:16:32 AM Microsoft-Windows-Security-SPP 20488 None "Genuine validation data collection started.
"
Information 1/7/2015 10:16:31 AM Microsoft-Windows-Security-SPP 1067 None "Genuine information set for application. 0x00000000, 9e4b231b-3e45-41f4-967f-c914f178b6ac, SL_ACTIVATION_VALIDATION_IN_PROGRESS.
"
Information 1/7/2015 10:16:30 AM Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license.
License Title=XrML 2.1 License - {msft:sl/EUL/ACTIVATED/PRIVATE}
License Id=8b763b0c-f283-48c3-8900-9629f2c4039a"
Information 1/7/2015 10:16:30 AM Microsoft-Windows-Security-SPP 1004 None "The Software Protection service has successfully installed the license.
License Title=XrML 2.1 License - {msft:sl/EUL/ACTIVATED/PUBLIC}
License Id=594b536b-4fb6-4f99-aab2-2a9dc9eb797c"
Information 1/7/2015 10:16:30 AM Microsoft-Windows-Security-SPP 1013 None "Acquisition of End User License was successful.
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac"
Information 1/7/2015 10:16:26 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
6.2.9200.16384"
Information 1/7/2015 10:16:25 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 625cc89b-693d-45c4-9967-123877fc41e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 9e4b231b-3e45-41f4-967f-c914f178b6ac, 1, 1 [(0 )(1 )(2 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F009)])]
3: bf4b3af6-c071-496d-bfcc-5f0dc12c7798, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: c752c2e0-7c17-4af4-bba6-6f8aa1e698bc, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]

"
Information 1/7/2015 10:16:25 AM Microsoft-Windows-Security-SPP 1066 None "Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
"
Information 1/7/2015 10:16:25 AM Microsoft-Windows-Security-SPP 900 None "The Software Protection service is starting.
Parameters:trigger=network;sessionid=0"
Information 1/7/2015 10:15:38 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: ScriptedDiagFailure
Response: Not available
Cab Id: 0

Problem signature:
P1: Microsoft Windows.NetworkDiagnostics.1.0
P2: 2425254287
P3: 1.0.0.0
P4: Default
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\Users\jeffrey\AppData\Local\Temp\msdt\_88ADC82E-5856-47D7-9C66-694A558EA92A_\PkgBAA7.cab

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Window_602163d6a5d3a9c45b8325886f6f4ff094cb237a_cab_11dfbcc9

Analysis symbol:
Rechecking for solution: 0
Report ID: bc0488c1-1fd1-11e5-be86-50b7c355cd02
Report Status: 2
Hashed bucket: "
Information 1/7/2015 10:15:38 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: ScriptedDiagFailure
Response: Not available
Cab Id: 0

Problem signature:
P1: Microsoft Windows.NetworkDiagnostics.1.0
P2: 2425254287
P3: 1.0.0.0
P4: Default
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\Users\jeffrey\AppData\Local\Temp\msdt\_88ADC82E-5856-47D7-9C66-694A558EA92A_\PkgBAA7.cab

These files may be available here:
C:\Users\jeffrey\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Window_602163d6a5d3a9c45b8325886f6f4ff094cb237a_cab_11dfbcc9

Analysis symbol:
Rechecking for solution: 0
Report ID: bc0488c1-1fd1-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:15:28 AM ESENT 103 (1) "msiexec (2736) Instance: The database engine stopped the instance (0).
 
Dirty Shutdown: 0
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.109, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.110, [10] 0.062, [11] 0.062, [12] 0.000, [13] 0.032, [14] 0.000, [15] 0.000."
Information 1/7/2015 10:15:27 AM ESENT 327 (1) "msiexec (2736) Instance: The database engine detached a database (1, C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb). (Time=0 seconds)
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.577, [7] 0.000, [8] 0.000, [9] 0.078, [10] 0.032, [11] 0.171, [12] 0.000.
Revived Cache: 0"
Information 1/7/2015 10:12:54 AM Microsoft-Windows-LoadPerf 1000 None Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Information 1/7/2015 10:12:40 AM Microsoft-Windows-LoadPerf 1001 None Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Information 1/7/2015 10:12:22 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
"
Information 1/7/2015 10:12:22 AM Microsoft-Windows-Security-SPP 16384 None Successfully scheduled Software Protection service for re-start at 2015-07-02T09:10:01Z. Reason: RulesEngine.
Information 1/7/2015 10:12:12 AM SecurityCenter 1 None The Windows Security Center Service has started.
Information 1/7/2015 10:11:11 AM NIS 35 None The 'NIS' service has started.
Information 1/7/2015 10:11:08 AM Microsoft-Windows-CEIP 1005 None Customer Experience Improvement Program data was successfully consolidated into files that will be sent to Microsoft for analysis. These files will be sent only if the user has opted to join the Windows Customer Experience Improvement Program.
Error 1/7/2015 10:10:52 AM Microsoft-Windows-Security-SPP 8198 None "License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1"
Information 1/7/2015 10:10:52 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 625cc89b-693d-45c4-9967-123877fc41e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 9e4b231b-3e45-41f4-967f-c914f178b6ac, 1, 1 [(0 )(1 )(2 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F009)])]
3: bf4b3af6-c071-496d-bfcc-5f0dc12c7798, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: c752c2e0-7c17-4af4-bba6-6f8aa1e698bc, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]

"
Information 1/7/2015 10:10:52 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 625cc89b-693d-45c4-9967-123877fc41e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 9e4b231b-3e45-41f4-967f-c914f178b6ac, 1, 1 [(0 )(1 )(2 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F009)])]
3: bf4b3af6-c071-496d-bfcc-5f0dc12c7798, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: c752c2e0-7c17-4af4-bba6-6f8aa1e698bc, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]

"
Error 1/7/2015 10:10:51 AM Microsoft-Windows-Security-SPP 1014 None "Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac"
Error 1/7/2015 10:10:51 AM Microsoft-Windows-Security-SPP 8200 None "License acquisition failure details.
hr=0x80072EE7"
Information 1/7/2015 10:10:49 AM Microsoft-Windows-Security-SPP 8230 None "The rules engine successfully re-evaluated the schedule.
Kernel policies:
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastConsumptionReason=0xc004f009;LastNotificationId=NeverActivated;LicenseState=SL_LICENSING_STATUS_NOTIFICATION;PartialProductKey=BG67T;ProductKeyType=OEM:DM;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;ruleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;uxDifferentiator=OEM_DM"
Information 1/7/2015 10:10:30 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.

Warning 1/7/2015 10:10:28 AM Microsoft-Windows-Winlogon 6006 None The winlogon notification subscriber <AUInstallAgent> took 104 second(s) to handle the notification event (StartShell).
Information 1/7/2015 10:10:26 AM Microsoft-Windows-Search 1005 Search service The Windows Search Service has successfully created the new search index.

Information 1/7/2015 10:10:24 AM NIS 34 None The 'NIS' service is starting.
Warning 1/7/2015 10:09:43 AM Microsoft-Windows-Winlogon 6005 None The winlogon notification subscriber <AUInstallAgent> is taking a long time to handle the notification event (StartShell).
Information 1/7/2015 10:08:51 AM ESENT 326 (1) "msiexec (2736) Instance: The database engine attached a database (1, C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb). (Time=0 seconds)
 
Internal Timing Sequence: [1] 0.000, [2] 0.140, [3] 0.390, [4] 0.000, [5] 0.078, [6] 0.125, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000.
Saved Cache: 1"
Information 1/7/2015 10:08:51 AM ESENT 105 (1) "msiexec (2736) Instance: The database engine started a new instance (0). (Time=0 seconds)
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.016, [4] 0.171, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000."
Information 1/7/2015 10:08:50 AM ESENT 102 (1) msiexec (2736) Instance: The database engine (6.02.9200.0000) is starting a new instance (0).
Information 1/7/2015 10:08:43 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 1/7/2015 10:08:39 AM ESENT 325 (1) "SearchIndexer (2388) Windows: The database engine created a new database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=1 seconds)
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.327, [4] 0.874, [5] 0.016, [6] 0.093, [7] 0.063, [8] 0.000, [9] 0.171, [10] 0.297, [11] 0.000."
Information 1/7/2015 10:08:37 AM ESENT 105 (1) "SearchIndexer (2388) Windows: The database engine started a new instance (0). (Time=3 seconds)
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.110, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.359."
Information 1/7/2015 10:08:33 AM ESENT 102 (1) SearchIndexer (2388) Windows: The database engine (6.02.9200.0000) is starting a new instance (0).
Information 1/7/2015 10:08:32 AM Microsoft-Windows-Search 1004 Search service The Windows Search service is creating the new search index {Reason: Full Index Reset}.

Information 1/7/2015 10:08:31 AM Microsoft-Windows-Search 1010 Search service The Windows Search Service has successfully removed the old search index.

Warning 1/7/2015 10:08:31 AM Microsoft-Windows-Search 1008 Search service The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Information 1/7/2015 10:08:31 AM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
Information 1/7/2015 10:08:22 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPDriverNotFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: MONITOR\AUO21EC
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\Windows\Temp\DMI1267.tmp.log.xml

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_33934f4bce2981b473d694dd281e6811412898de_cab_01e11795

Analysis symbol:
Rechecking for solution: 0
Report ID: b77eab45-1fd0-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:08:21 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
Information 1/7/2015 10:08:22 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPRequestAdditionalSoftware
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: USB\VID_04CA&PID_0061&REV_0100
P3: 6.2.0.0
P4: 0809
P5: input.inf
P6: *
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_8fe8ab30228a4218d4af398d39f5360d52b6b_cab_01e114a8

Analysis symbol:
Rechecking for solution: 0
Report ID: b77eab44-1fd0-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:08:22 AM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: PnPGenericDriverFound
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2: USB\VID_04CA&PID_0061&REV_0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_fd9292e0443a109bb488259d06ba8f3e4a3d2f6_cab_01e11351

Analysis symbol:
Rechecking for solution: 0
Report ID: b77eab43-1fd0-11e5-be86-50b7c355cd02
Report Status: 4
Hashed bucket: "
Information 1/7/2015 10:08:11 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
Information 1/7/2015 10:08:06 AM AdobeARMservice 0 None "The description for Event ID 0 from source AdobeARMservice cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Service started
"
Information 1/7/2015 10:08:06 AM Microsoft-Windows-Security-SPP 902 None "The Software Protection service has started.
6.2.9200.16384"
Information 1/7/2015 10:08:02 AM Microsoft-Windows-Security-SPP 1003 None "The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 625cc89b-693d-45c4-9967-123877fc41e4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 9e4b231b-3e45-41f4-967f-c914f178b6ac, 1, 1 [(0 )(1 )(2 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F009)])]
3: bf4b3af6-c071-496d-bfcc-5f0dc12c7798, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: c752c2e0-7c17-4af4-bba6-6f8aa1e698bc, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )]

"
Information 1/7/2015 10:07:59 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. 

"
Information 1/7/2015 10:06:53 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. 

"
Information 1/7/2015 10:04:57 AM Microsoft-Windows-WMI 5617 None Windows Management Instrumentation Service subsystems initialized successfully
Information 1/7/2015 10:04:56 AM Microsoft-Windows-WMI 5615 None Windows Management Instrumentation Service started sucessfully
Warning 1/7/2015 10:04:41 AM Microsoft-Windows-User Profiles Service 1534 None "Profile notification of event Delete for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is The system cannot find the path specified.
.

"
Warning 1/7/2015 10:04:40 AM Microsoft-Windows-User Profiles Service 1534 None "Profile notification of event Delete for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is ???.

"
Information 1/7/2015 10:04:36 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. 

"
Information 1/7/2015 10:07:59 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds.  The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
Information 19/9/2012 9:45:16 AM Microsoft-Windows-User Profiles Service 1532 None "The User Profile Service has stopped. 

"
Warning 19/9/2012 9:45:15 AM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

 DETAIL -
 2 user registry handles leaked from \Registry\User\S-1-5-21-515815168-1746495529-2309485121-500:
Process 1252 (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-515815168-1746495529-2309485121-500
Process 1012 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-515815168-1746495529-2309485121-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
"
Information 19/9/2012 9:45:16 AM VSS 8225 None The VSS service is shutting down due to shutdown event from the Service Control Manager.
Information 19/9/2012 9:45:16 AM Microsoft-Windows-Security-SPP 903 None "The Software Protection service has stopped.
"
Information 19/9/2012 9:45:16 AM Microsoft-Windows-Search 1013 Search service Windows Search Service stopped normally.

Information 19/9/2012 9:45:16 AM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 19/9/2012 9:45:12 AM Microsoft-Windows-Search 1003 Search service The Windows Search Service started.

Information 19/9/2012 9:45:11 AM Microsoft-Windows-Search 1013 Search service Windows Search Service stopped normally.

Information 19/9/2012 9:45:11 AM ESENT 103 (1) "SearchIndexer (2904) Windows: The database engine stopped the instance (0).
 
Dirty Shutdown: 0
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.577, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.156, [10] 0.016, [11] 0.046, [12] 0.000, [13] 0.000, [14] 0.016, [15] 0.000."


Keywords Date and Time Source Event ID Task Category
Audit Success 1/7/2015 10:32:13 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:32:13 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:26:40 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:26:40 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:26:19 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:26:19 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:23:00 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:23:00 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:23:00 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:23:00 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:21:43 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:21:43 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:21:43 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:21:43 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:20:35 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:20:35 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: jeffrey
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: jeffrey
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: jeffrey
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: jeffrey
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:16:33 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:12:01 AM Microsoft-Windows-Security-Auditing 6406 Other System Events "Norton Internet Security registered to Windows Firewall to control filtering for the following:
BootTimeRuleCategory, StealthRuleCategory, FirewallRuleCategory."
Audit Success 1/7/2015 10:11:39 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:11:39 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:11:39 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Guest
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:11:39 AM Microsoft-Windows-Security-Auditing 4797 User Account Management "An attempt was made to query the existence of a blank password for an account.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403

Additional Information:
 Caller Workstation: LIVINGROOM
 Target Account Name: Administrator
 Target Account Domain: livingroom"
Audit Success 1/7/2015 10:08:41 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:08:41 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:08:30 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x2930E

Privileges:  SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:08:30 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   2

Impersonation Level:  Impersonation

New Logon:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x29403
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x27c
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Workstation Name: LIVINGROOM
 Source Network Address: 127.0.0.1
 Source Port:  0

Detailed Authentication Information:
 Logon Process:  User32
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:08:30 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   2

Impersonation Level:  Impersonation

New Logon:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon ID:  0x2930E
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x27c
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Workstation Name: LIVINGROOM
 Source Network Address: 127.0.0.1
 Source Port:  0

Detailed Authentication Information:
 Logon Process:  User32
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:08:30 AM Microsoft-Windows-Security-Auditing 4648 Logon "A logon was attempted using explicit credentials.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
 Account Name:  jeffrey
 Account Domain:  livingroom
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Target Server:
 Target Server Name: localhost
 Additional Information: localhost

Process Information:
 Process ID:  0x27c
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Network Address: 127.0.0.1
 Port:   0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command."
Audit Success 1/7/2015 10:08:29 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:08:29 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:08:13 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  NULL SID
 Account Name:  -
 Account Domain:  -
 Logon ID:  0x0

Logon Type:   3

Impersonation Level:  Impersonation

New Logon:
 Security ID:  ANONYMOUS LOGON
 Account Name:  ANONYMOUS LOGON
 Account Domain:  NT AUTHORITY
 Logon ID:  0x1640D
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x0
 Process Name:  -

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  NtLmSsp
 Authentication Package: NTLM
 Transited Services: -
 Package Name (NTLM only): NTLM V1
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:08:09 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:08:09 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:08:05 AM Microsoft-Windows-Security-Auditing 5024 Other System Events The Windows Firewall service started successfully.
Audit Success 1/7/2015 10:08:03 AM Microsoft-Windows-Security-Auditing 5033 Other System Events The Windows Firewall Driver started successfully.
Audit Success 1/7/2015 10:08:02 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:08:02 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:59 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:07:59 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:58 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:07:58 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:58 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Privileges:  SeAssignPrimaryTokenPrivilege
   SeAuditPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:07:58 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:53 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  Window Manager\DWM-1
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon ID:  0xEECA

Privileges:  SeAssignPrimaryTokenPrivilege
   SeAuditPrivilege"
Audit Success 1/7/2015 10:07:53 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  Window Manager\DWM-1
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon ID:  0xEEB9

Privileges:  SeAssignPrimaryTokenPrivilege
   SeAuditPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:07:53 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   2

Impersonation Level:  Impersonation

New Logon:
 Security ID:  Window Manager\DWM-1
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon ID:  0xEECA
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x27c
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:53 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   2

Impersonation Level:  Impersonation

New Logon:
 Security ID:  Window Manager\DWM-1
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon ID:  0xEEB9
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x27c
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:53 AM Microsoft-Windows-Security-Auditing 4648 Logon "A logon was attempted using explicit credentials.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Target Server:
 Target Server Name: localhost
 Additional Information: localhost

Process Information:
 Process ID:  0x27c
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Network Address: -
 Port:   -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command."
Audit Success 1/7/2015 10:07:51 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  NETWORK SERVICE
 Account Name:  NETWORK SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E4

Privileges:  SeAssignPrimaryTokenPrivilege
   SeAuditPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:07:51 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  NETWORK SERVICE
 Account Name:  NETWORK SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E4
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:51 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:07:51 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  LIVINGROOM$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2b4
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:48 AM Microsoft-Windows-Security-Auditing 4902 Audit Policy Change "The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x8C78"
Audit Success 1/7/2015 10:07:46 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  NULL SID
 Account Name:  -
 Account Domain:  -
 Logon ID:  0x0

Logon Type:   0

Impersonation Level:  -

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x4
 Process Name:  

Network Information:
 Workstation Name: -
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  -
 Authentication Package: -
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:07:46 AM Microsoft-Windows-Security-Auditing 4608 Security State Change "Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized."
Audit Success 1/7/2015 10:06:50 AM Microsoft-Windows-Security-Auditing 4733 Security Group Management "A member was removed from a security-enabled local group.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Member:
 Security ID:  livingroom\jeffrey
 Account Name:  -

Group:
 Security ID:  BUILTIN\Users
 Group Name:  Users
 Group Domain:  Builtin

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4732 Security Group Management "A member was added to a security-enabled local group.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Member:
 Security ID:  livingroom\jeffrey
 Account Name:  -

Group:
 Security ID:  BUILTIN\Administrators
 Group Name:  Administrators
 Group Domain:  Builtin

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4724 User Account Management "An attempt was made to reset an account's password.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom

Changed Attributes:
 SAM Account Name: jeffrey
 Display Name:  <value not set>
 User Principal Name: -
 Home Directory:  <value not set>
 Home Drive:  <value not set>
 Script Path:  <value not set>
 Profile Path:  <value not set>
 User Workstations: <value not set>
 Password Last Set: 01/07/2015 18:06:49
 Account Expires:  <never>
 Primary Group ID: 513
 AllowedToDelegateTo: -
 Old UAC Value:  0x14
 New UAC Value:  0x214
 User Account Control: 
  'Don't Expire Password' - Enabled
 User Parameters: -
 SID History:  -
 Logon Hours:  All

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom

Changed Attributes:
 SAM Account Name: -
 Display Name:  -
 User Principal Name: -
 Home Directory:  -
 Home Drive:  -
 Script Path:  -
 Profile Path:  -
 User Workstations: -
 Password Last Set: -
 Account Expires:  -
 Primary Group ID: -
 AllowedToDelegateTo: -
 Old UAC Value:  -
 New UAC Value:  -
 User Account Control: -
 User Parameters: -
 SID History:  -
 Logon Hours:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4724 User Account Management "An attempt was made to reset an account's password.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom

Changed Attributes:
 SAM Account Name: jeffrey
 Display Name:  <value not set>
 User Principal Name: -
 Home Directory:  <value not set>
 Home Drive:  <value not set>
 Script Path:  <value not set>
 Profile Path:  <value not set>
 User Workstations: <value not set>
 Password Last Set: 01/07/2015 18:06:49
 Account Expires:  <never>
 Primary Group ID: 513
 AllowedToDelegateTo: -
 Old UAC Value:  0x14
 New UAC Value:  0x14
 User Account Control: -
 User Parameters: -
 SID History:  -
 Logon Hours:  All

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom

Changed Attributes:
 SAM Account Name: jeffrey
 Display Name:  <value not set>
 User Principal Name: -
 Home Directory:  <value not set>
 Home Drive:  <value not set>
 Script Path:  <value not set>
 Profile Path:  <value not set>
 User Workstations: <value not set>
 Password Last Set: <never>
 Account Expires:  <never>
 Primary Group ID: 513
 AllowedToDelegateTo: -
 Old UAC Value:  0x15
 New UAC Value:  0x14
 User Account Control: 
  Account Enabled
 User Parameters: <value not set>
 SID History:  -
 Logon Hours:  All

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4722 User Account Management "A user account was enabled.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom"
Audit Success 1/7/2015 10:06:49 AM Microsoft-Windows-Security-Auditing 4732 Security Group Management "A member was added to a security-enabled local group.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Member:
 Security ID:  livingroom\jeffrey
 Account Name:  -

Group:
 Security ID:  BUILTIN\Users
 Group Name:  Users
 Group Domain:  Builtin

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:06:48 AM Microsoft-Windows-Security-Auditing 4720 User Account Management "A user account was created.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

New Account:
 Security ID:  livingroom\jeffrey
 Account Name:  jeffrey
 Account Domain:  livingroom

Attributes:
 SAM Account Name: jeffrey
 Display Name:  <value not set>
 User Principal Name: -
 Home Directory:  <value not set>
 Home Drive:  <value not set>
 Script Path:  <value not set>
 Profile Path:  <value not set>
 User Workstations: <value not set>
 Password Last Set: <never>
 Account Expires:  <never>
 Primary Group ID: 513
 Allowed To Delegate To: -
 Old UAC Value:  0x0
 New UAC Value:  0x15
 User Account Control: 
  Account Disabled
  'Password Not Required' - Enabled
  'Normal Account' - Enabled
 User Parameters: <value not set>
 SID History:  -
 Logon Hours:  All

Additional Information:
 Privileges  -"
Audit Success 1/7/2015 10:06:48 AM Microsoft-Windows-Security-Auditing 4728 Security Group Management "A member was added to a security-enabled global group.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Member:
 Security ID:  livingroom\jeffrey
 Account Name:  -

Group:
 Security ID:  livingroom\None
 Group Name:  None
 Group Domain:  livingroom

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4737 Security Group Management "A security-enabled global group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  livingroom\None
 Group Name:  None
 Group Domain:  WIN-7NPRVPD3CIV

Changed Attributes:
 SAM Account Name: None
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\None
 Account Domain:  WIN-7NPRVPD3CIV
 Old Account Name: None
 New Account Name: None

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4737 Security Group Management "A security-enabled global group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  livingroom\None
 Group Name:  None
 Group Domain:  WIN-7NPRVPD3CIV

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\Guest
 Account Name:  Guest
 Account Domain:  WIN-7NPRVPD3CIV

Changed Attributes:
 SAM Account Name: Guest
 Display Name:  <value not set>
 User Principal Name: -
 Home Directory:  <value not set>
 Home Drive:  <value not set>
 Script Path:  <value not set>
 Profile Path:  <value not set>
 User Workstations: <value not set>
 Password Last Set: <never>
 Account Expires:  <never>
 Primary Group ID: 513
 AllowedToDelegateTo: -
 Old UAC Value:  0x215
 New UAC Value:  0x215
 User Account Control: -
 User Parameters: <value not set>
 SID History:  -
 Logon Hours:  All

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\Guest
 Account Name:  Guest
 Account Domain:  WIN-7NPRVPD3CIV

Changed Attributes:
 SAM Account Name: Guest
 Display Name:  <value not set>
 User Principal Name: -
 Home Directory:  <value not set>
 Home Drive:  <value not set>
 Script Path:  <value not set>
 Profile Path:  <value not set>
 User Workstations: <value not set>
 Password Last Set: <never>
 Account Expires:  <never>
 Primary Group ID: 513
 AllowedToDelegateTo: -
 Old UAC Value:  0x215
 New UAC Value:  0x215
 User Account Control: -
 User Parameters: <value not set>
 SID History:  -
 Logon Hours:  All

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\Administrator
 Account Name:  Administrator
 Account Domain:  WIN-7NPRVPD3CIV

Changed Attributes:
 SAM Account Name: Administrator
 Display Name:  <value not set>
 User Principal Name: -
 Home Directory:  <value not set>
 Home Drive:  <value not set>
 Script Path:  <value not set>
 Profile Path:  <value not set>
 User Workstations: <value not set>
 Password Last Set: 26/07/2012 16:27:03
 Account Expires:  <never>
 Primary Group ID: 513
 AllowedToDelegateTo: -
 Old UAC Value:  0x211
 New UAC Value:  0x211
 User Account Control: -
 User Parameters: <value not set>
 SID History:  -
 Logon Hours:  All

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  livingroom\Administrator
 Account Name:  Administrator
 Account Domain:  WIN-7NPRVPD3CIV

Changed Attributes:
 SAM Account Name: Administrator
 Display Name:  <value not set>
 User Principal Name: -
 Home Directory:  <value not set>
 Home Drive:  <value not set>
 Script Path:  <value not set>
 Profile Path:  <value not set>
 User Workstations: <value not set>
 Password Last Set: 26/07/2012 16:27:03
 Account Expires:  <never>
 Primary Group ID: 513
 AllowedToDelegateTo: -
 Old UAC Value:  0x211
 New UAC Value:  0x211
 User Account Control: -
 User Parameters: <value not set>
 SID History:  -
 Logon Hours:  All

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Remote Management Users
 Group Name:  Remote Management Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: Remote Management Users
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\Remote Management Users
 Account Domain:  Builtin
 Old Account Name: Remote Management Users
 New Account Name: Remote Management Users

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Remote Management Users
 Group Name:  Remote Management Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Event Log Readers
 Group Name:  Event Log Readers
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: Event Log Readers
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\Event Log Readers
 Account Domain:  Builtin
 Old Account Name: Event Log Readers
 New Account Name: Event Log Readers

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Event Log Readers
 Group Name:  Event Log Readers
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\IIS_IUSRS
 Group Name:  IIS_IUSRS
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: IIS_IUSRS
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\IIS_IUSRS
 Account Domain:  Builtin
 Old Account Name: IIS_IUSRS
 New Account Name: IIS_IUSRS

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\IIS_IUSRS
 Group Name:  IIS_IUSRS
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Distributed COM Users
 Group Name:  Distributed COM Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: Distributed COM Users
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\Distributed COM Users
 Account Domain:  Builtin
 Old Account Name: Distributed COM Users
 New Account Name: Distributed COM Users

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Distributed COM Users
 Group Name:  Distributed COM Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Performance Log Users
 Group Name:  Performance Log Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: Performance Log Users
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\Performance Log Users
 Account Domain:  Builtin
 Old Account Name: Performance Log Users
 New Account Name: Performance Log Users

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Performance Log Users
 Group Name:  Performance Log Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Performance Monitor Users
 Group Name:  Performance Monitor Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: Performance Monitor Users
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\Performance Monitor Users
 Account Domain:  Builtin
 Old Account Name: Performance Monitor Users
 New Account Name: Performance Monitor Users

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Performance Monitor Users
 Group Name:  Performance Monitor Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Guests
 Group Name:  Guests
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: Guests
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\Guests
 Account Domain:  Builtin
 Old Account Name: Guests
 New Account Name: Guests

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Guests
 Group Name:  Guests
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Users
 Group Name:  Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: Users
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\Users
 Account Domain:  Builtin
 Old Account Name: Users
 New Account Name: Users

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Users
 Group Name:  Users
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Administrators
 Group Name:  Administrators
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: Administrators
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4781 User Account Management "The name of an account was changed:

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Target Account:
 Security ID:  BUILTIN\Administrators
 Account Domain:  Builtin
 Old Account Name: Administrators
 New Account Name: Administrators

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:05:04 AM Microsoft-Windows-Security-Auditing 4735 Security Group Management "A security-enabled local group was changed.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Group:
 Security ID:  BUILTIN\Administrators
 Group Name:  Administrators
 Group Domain:  Builtin

Changed Attributes:
 SAM Account Name: -
 SID History:  -

Additional Information:
 Privileges:  -"
Audit Success 1/7/2015 10:04:42 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:04:42 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2bc
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:37 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:04:37 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2bc
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:25 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5

Privileges:  SeAssignPrimaryTokenPrivilege
   SeAuditPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:04:25 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  LOCAL SERVICE
 Account Name:  LOCAL SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E5
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2bc
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:25 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:04:25 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2bc
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:25 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:04:25 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2bc
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:18 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  Window Manager\DWM-1
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon ID:  0xF123

Privileges:  SeAssignPrimaryTokenPrivilege
   SeAuditPrivilege"
Audit Success 1/7/2015 10:04:18 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  Window Manager\DWM-1
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon ID:  0xF112

Privileges:  SeAssignPrimaryTokenPrivilege
   SeAuditPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:04:18 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   2

Impersonation Level:  Impersonation

New Logon:
 Security ID:  Window Manager\DWM-1
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon ID:  0xF123
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x284
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:18 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   2

Impersonation Level:  Impersonation

New Logon:
 Security ID:  Window Manager\DWM-1
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon ID:  0xF112
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x284
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:18 AM Microsoft-Windows-Security-Auditing 4648 Logon "A logon was attempted using explicit credentials.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
 Account Name:  DWM-1
 Account Domain:  Window Manager
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Target Server:
 Target Server Name: localhost
 Additional Information: localhost

Process Information:
 Process ID:  0x284
 Process Name:  C:\Windows\System32\winlogon.exe

Network Information:
 Network Address: -
 Port:   -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command."
Audit Success 1/7/2015 10:04:17 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  NETWORK SERVICE
 Account Name:  NETWORK SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E4

Privileges:  SeAssignPrimaryTokenPrivilege
   SeAuditPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:04:17 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  NETWORK SERVICE
 Account Name:  NETWORK SERVICE
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E4
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2bc
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:17 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 1/7/2015 10:04:17 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x2bc
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:14 AM Microsoft-Windows-Security-Auditing 4902 Audit Policy Change "The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x8EBF"
Audit Success 1/7/2015 10:04:12 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  NULL SID
 Account Name:  -
 Account Domain:  -
 Logon ID:  0x0

Logon Type:   0

Impersonation Level:  -

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x4
 Process Name:  

Network Information:
 Workstation Name: -
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  -
 Authentication Package: -
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 1/7/2015 10:04:12 AM Microsoft-Windows-Security-Auditing 4608 Security State Change "Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized."
Audit Success 19/9/2012 9:45:15 AM Microsoft-Windows-Security-Auditing 4647 Logoff "User initiated logoff:

Subject:
 Security ID:  livingroom\Administrator
 Account Name:  Administrator
 Account Domain:  WIN-7NPRVPD3CIV
 Logon ID:  0x200B0

This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event."
Audit Success 19/9/2012 9:45:16 AM Microsoft-Windows-Eventlog 1100 Service shutdown The event logging service has shut down.
Audit Success 19/9/2012 9:45:13 AM Microsoft-Windows-Security-Auditing 4738 User Account Management "A user account was changed.

Subject:
 Security ID:  livingroom\Administrator
 Account Name:  Administrator
 Account Domain:  WIN-7NPRVPD3CIV
 Logon ID:  0x200B0

Target Account:
 Security ID:  livingroom\Administrator
 Account Name:  Administrator
 Account Domain:  WIN-7NPRVPD3CIV

Changed Attributes:
 SAM Account Name: -
 Display Name:  -
 User Principal Name: -
 Home Directory:  -
 Home Drive:  -
 Script Path:  -
 Profile Path:  -
 User Workstations: -
 Password Last Set: -
 Account Expires:  -
 Primary Group ID: -
 AllowedToDelegateTo: -
 Old UAC Value:  0x210
 New UAC Value:  0x211
 User Account Control: 
  Account Disabled
 User Parameters: -
 SID History:  -
 Logon Hours:  -

Additional Information:
 Privileges:  -"
Audit Success 19/9/2012 9:45:13 AM Microsoft-Windows-Security-Auditing 4725 User Account Management "A user account was disabled.

Subject:
 Security ID:  livingroom\Administrator
 Account Name:  Administrator
 Account Domain:  WIN-7NPRVPD3CIV
 Logon ID:  0x200B0

Target Account:
 Security ID:  livingroom\Administrator
 Account Name:  Administrator
 Account Domain:  WIN-7NPRVPD3CIV"
Audit Success 19/9/2012 9:45:12 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 19/9/2012 9:45:12 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x29c
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 19/9/2012 9:45:05 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 19/9/2012 9:45:05 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x29c
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 19/9/2012 9:45:05 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege"
Audit Success 19/9/2012 9:45:05 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.

Subject:
 Security ID:  SYSTEM
 Account Name:  WIN-7NPRVPD3CIV$
 Account Domain:  WORKGROUP
 Logon ID:  0x3E7

Logon Type:   5

Impersonation Level:  Impersonation

New Logon:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3E7
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

Process Information:
 Process ID:  0x29c
 Process Name:  C:\Windows\System32\services.exe

Network Information:
 Workstation Name: 
 Source Network Address: -
 Source Port:  -

Detailed Authentication Information:
 Logon Process:  Advapi 
 Authentication Package: Negotiate
 Transited Services: -
 Package Name (NTLM only): -
 Key Length:  0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
 - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
 - Transited services indicate which intermediate services have participated in this logon request.
 - Package name indicates which sub-protocol was used among the NTLM protocols.
 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested."
Audit Success 19/9/2012 9:45:03 AM Microsoft-Windows-Eventlog 1102 Log clear "The audit log was cleared.
Subject:
 Security ID: livingroom\Administrator
 Account Name: Administrator
 Domain Name: WIN-7NPRVPD3CIV
 Logon ID: 0x200B0"



#12 jeffrey90

jeffrey90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 July 2015 - 05:38 AM

Level Date and Time Source Event ID Task Category
Error 1/7/2015 10:25:51 AM Schannel 36888 None A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
Information 1/7/2015 10:23:00 AM Service Control Manager 7040 None The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
Information 1/7/2015 10:21:33 AM Microsoft-Windows-Kernel-General 15 None Hive \??\C:\windows\System32\config\COMPONENTS was reorganized with a starting size of 48766976 bytes and an ending size of 48766976 bytes.
Information 1/7/2015 10:20:33 AM Microsoft-Windows-FilterManager 6 None File System Filter 'eeCtrl' (6.1, ‎2012‎-‎08‎-‎01T00:36:51.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:20:29 AM Service Control Manager 7045 None "A service was installed in the system.

Service Name:  Symantec Eraser Control driver
Service File Name:  C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
Service Type:  kernel mode driver
Service Start Type:  demand start
Service Account:  "
Information 1/7/2015 10:16:42 AM Microsoft-Windows-WindowsUpdateClient 19 Windows Update Agent Installation Successful: Windows successfully installed the following update: Update for Windows (KB2740448)
Information 1/7/2015 10:16:42 AM Microsoft-Windows-WindowsUpdateClient 19 Windows Update Agent Installation Successful: Windows successfully installed the following update: Update for Windows (KB2740443)
Information 1/7/2015 10:16:25 AM Microsoft-Windows-UserPnp 20003 (7005) Driver Management has concluded the process to add Service tunnel for Device Instance ID ROOT\*ISATAP\0000 with the following status: 0.
Information 1/7/2015 10:16:25 AM Service Control Manager 7045 None "A service was installed in the system.

Service Name:  Microsoft Tunnel Miniport Adapter Driver
Service File Name:  \SystemRoot\system32\DRIVERS\tunnel.sys
Service Type:  kernel mode driver
Service Start Type:  demand start
Service Account:  "
Information 1/7/2015 10:16:04 AM BTHUSB 18 None Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during start-up.
Information 1/7/2015 10:15:25 AM Microsoft-Windows-Diagnostics-Networking 4000 Diagnosis Success "The Network Diagnostics Framework has completed the diagnosis phase of operation. The following repair option was offered:

Helper Class Name: AutoConfig Helper Class

Root Cause: None of the networks that you have previously connected to are in range
There are other wireless networks available.

Root Cause Guid: {C9EB22DF-F679-4B2A-B9D2-2F1436A8B655}

Repair option: Connect to an available wireless network
You have not chosen to connect to any of the available wireless networks.

RepairGuid: {6AEFFF5C-B33E-4A07-9989-B2532A3DCB6A}

Seconds required for repair: 300

Security context required for repair: 0

Interface: WiFi ({58FE4501-52FE-47DF-B17F-2375240D7896})"
Information 1/7/2015 10:15:25 AM Microsoft-Windows-Diagnostics-Networking 6100 Helper Class Info "Details about wireless connectivity diagnosis:

For complete information about this session see the wireless connectivity information event.

Helper Class: Auto Configuration
 Initialise status: Success

Information for connection being diagnosed
 Interface GUID: 58fe4501-52fe-47df-b17f-2375240d7896
 Interface name: Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
 Interface type: Native WiFi

Result of diagnosis: Problem found

Root cause:
<DiagnosticsText><Title><![CDATA[None of the networks that you have previously connected to are in range]]></Title><Description><![CDATA[There are other wireless networks available.]]></Description><Parameters><Parameter><Name><![CDATA[SSID]]></Name><Value><![CDATA[]]></Value></Parameter></Parameters><Extensions><Extension><Name><![CDATA[Keyword]]></Name><Value><![CDATA[connect]]></Value></Extension><Extension><Name><![CDATA[Keyword]]></Name><Value><![CDATA[wireless network]]></Value></Extension><Extension

Detailed root cause:
None of the networks you have connected to before are in range
There are other wireless networks available.

Repair option:
Connect to an available wireless network
You have not chosen to connect to any of the available wireless networks.

"
Information 1/7/2015 10:15:25 AM Microsoft-Windows-Diagnostics-Networking 6100 Helper Class Info "Details about wireless connectivity diagnosis:

Information for connection being diagnosed
 Interface GUID: 58fe4501-52fe-47df-b17f-2375240d7896
 Interface name: Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
 Interface type: Native WiFi

Connection incident diagnosed
 Auto Configuration ID: 1

List of visible access point(s): 14 item(s) total, 14 item(s) displayed
        BSSID  BSS Type PHY Signal(dB) Chnl/freq    SSID
-------------------------------------------------------------------------
00-26-75-FA-61-FD Infra  <unknown> -44  2  JFFY53115
78-54-2E-8B-19-AF Infra  <unknown> -83  6  housewife
00-1A-2B-4F-98-5F Infra  g -57  6  elite@sg
C0-A0-BB-F8-EB-D4 Infra  <unknown> -84  13  dlink-EBD4
00-26-75-C4-1A-A4 Infra  <unknown> -86  8  Singtel7002-1AA3
00-26-75-88-30-FC Infra  <unknown> -92  8  (Unnamed Network)
00-26-75-E6-9D-90 Infra  <unknown> -87  10  SINGTEL-9D8F
00-26-75-C1-F5-D4 Infra  <unknown> -84  10  Singtel7002-F5D3
00-26-75-9D-13-F4 Infra  g -81  9  Singtel7002-13F3
16-0C-C3-E0-53-28 Infra  <unknown> -88  9  SINGTEL-3521
00-26-75-9B-E2-72 Infra  <unknown> -89  9  SINGTEL-E271
16-0C-C3-F2-39-F8 Infra  <unknown> -93  3  SINGTEL-5524
B0-E7-54-C0-8F-C6 Infra  <unknown> -90  8  SINGTEL-1455
00-26-75-C0-B9-66 Infra  <unknown> -88  9  Singtel7002-B965

Connection History

 Information for Auto Configuration ID 1

  List of visible networks: 14 item(s) total, 14 item(s) displayed
  BSS Type PHY Security Signal(RSSI) Compatible SSID
  ------------------------------------------------------------------------------
  Infra  <unknown> Yes  100 Yes  JFFY53115
  Infra  <unknown> Yes  34 Yes  housewife
  Infra  g Yes  86 Yes  elite@sg
  Infra  <unknown> Yes  32 Yes  dlink-EBD4
  Infra  <unknown> Yes  28 Yes  Singtel7002-1AA3
  Infra  <unknown> Yes  10 Yes  (Unnamed Network)
  Infra  <unknown> Yes  26 Yes  SINGTEL-9D8F
  Infra  <unknown> Yes  32 Yes  Singtel7002-F5D3
  Infra  g Yes  38 Yes  Singtel7002-13F3
  Infra  <unknown> Yes  18 Yes  SINGTEL-3521
  Infra  <unknown> Yes  16 Yes  SINGTEL-E271
  Infra  <unknown> Yes  8 Yes  SINGTEL-5524
  Infra  <unknown> Yes  14 Yes  SINGTEL-1455
  Infra  <unknown> Yes  18 Yes  Singtel7002-B965

  List of preferred networks: 1 item(s)
   Profile: JFFY53115(5G)
    SSID: JFFY53115(5G)
    SSID length: 13
    Connection mode: Infra
    Security: Yes
    Set by group policy: No
    Connect even if network is not broadcasting: No
    Connectable: No
     Reason: 0x00028002

"
Information 1/7/2015 10:15:25 AM Microsoft-Windows-Diagnostics-Networking 6100 Helper Class Info "Details about network adapter diagnosis:

Network adapter WiFi driver information:

   Description . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Manufacturer  . . . . . . . . . : Qualcomm Atheros Communications Inc.
   Provider  . . . . . . . . . . . : Qualcomm Atheros Communications Inc.
   Version   . . . . . . . . . . . : 10.0.0.75
   Inf File Name . . . . . . . . . : C:\windows\INF\oem1.inf
   Inf File Date . . . . . . . . . : Tuesday, 31 July 2012  1:18:24 PM
   Section Name  . . . . . . . . . : ATHR_DEV_OS61_3119s.ndi
   Hardware ID . . . . . . . . . . : pci\ven_168c&dev_0032&subsys_4105144d
   Instance Status Flags . . . . . : 0x180200a
   Device Manager Status Code  . . : 0
   IfType  . . . . . . . . . . . . : 71
   Physical Media Type . . . . . . : 9
"
Information 1/7/2015 10:13:53 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Zolmo.JamiesRecipes_40cj6885yhw56\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:52 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\WinStore_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:51 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:50 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\SymantecCorporation.NortonStudio_v68kp9n051hdp\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:49 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:48 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:46 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.XboxLIVEGames_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:46 AM Service Control Manager 7040 None The start type of the Windows Defender Service service was changed from auto start to demand start.
Information 1/7/2015 10:13:45 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.WinJS.1.0_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:43 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.WinJS.1.0.RC_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:38 AM Service Control Manager 7040 None The start type of the Windows Defender Mini-Filter Driver service was changed from boot start to demand start.
Information 1/7/2015 10:13:37 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:37 AM Microsoft-Windows-FilterManager 1 None File System Filter 'WdFilter' (Version 6.2, ‎2012‎-‎07‎-‎26T03:29:23.000000000Z) unloaded successfully.
Information 1/7/2015 10:13:37 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:36 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.Reader_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:35 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\microsoft.microsoftskydrive_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:33 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.FreshPaint_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:32 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.Camera_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:32 AM Service Control Manager 7040 None The start type of the Windows Defender Boot Driver service was changed from boot start to demand start.
Information 1/7/2015 10:13:31 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.Bing_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:29 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:28 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.BingTravel_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:22 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:14 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.Adera_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:11 AM Microsoft-Windows-FilterManager 6 None File System Filter 'BHDrvx64' (6.1, ‎2012‎-‎06‎-‎05T20:46:48.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:13:11 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\MAGIX.MusicMakerJam_a2t3txkz9j1jw\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:05 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\GAMELOFTSA.SharkDash_0pp20fcewvvtj\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:03 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Evernote.Evernote_q4d96b2w5wcc2\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:03 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\D22CCC44.Merriam-WebsterDictionary_mbv6ra3y34fnr\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:13:00 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\CyberLinkCorp.ss.SPlayer_h7cwzt5medr84\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:56 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\CyberLinkCorp.ss.SGallery_h7cwzt5medr84\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:53 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\CyberLinkCorp.ss.SCamera_h7cwzt5medr84\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:50 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:49 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\6E04A0BD.PhotoEditor_ez4k4b2fwzhzt\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:42 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\6E04A0BD.FamilyStory_ez4k4b2fwzhzt\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:40 AM Service Control Manager 7040 None The start type of the IKE and AuthIP IPsec Keying Modules service was changed from demand start to auto start.
Information 1/7/2015 10:12:40 AM SRTSP 2003 None Symantec Antivirus minifilter successfully loaded.
Information 1/7/2015 10:12:38 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\6E04A0BD.3483954CEF3A0_ez4k4b2fwzhzt\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:18 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:18 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:14 AM Microsoft-Windows-FilterManager 6 None File System Filter 'SRTSP' (6.1, ‎2012‎-‎05‎-‎24T07:28:47.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:12:09 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:12:01 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\microsoft.windowsphotos_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:11:55 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:11:43 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\windows\system32\config\elam was cleared updating 2 keys and creating 1 modified pages.
Information 1/7/2015 10:11:18 AM Service Control Manager 7040 None The start type of the BHDrvx64 service was changed from system start to demand start.
Information 1/7/2015 10:11:18 AM Service Control Manager 7040 None The start type of the Symantec Iron Driver service was changed from system start to demand start.
Information 1/7/2015 10:11:18 AM Service Control Manager 7040 None The start type of the Symantec Network Security WFP Driver service was changed from system start to demand start.
Information 1/7/2015 10:11:18 AM Service Control Manager 7040 None The start type of the Symantec Real Time Storage Protection (PEL) x64 service was changed from system start to demand start.
Information 1/7/2015 10:11:18 AM Service Control Manager 7040 None The start type of the IDSVia64 service was changed from system start to demand start.
Information 1/7/2015 10:11:18 AM Service Control Manager 7040 None The start type of the Symantec Extended File Attributes service was changed from boot start to demand start.
Information 1/7/2015 10:11:18 AM Service Control Manager 7040 None The start type of the Norton Internet Security Settings Manager service was changed from system start to demand start.
Information 1/7/2015 10:11:18 AM Service Control Manager 7040 None The start type of the Symantec Data Store service was changed from boot start to demand start.
Information 1/7/2015 10:11:11 AM Microsoft-Windows-FilterManager 6 None File System Filter 'SymEFA' (6.0, ‎2012‎-‎05‎-‎19T02:29:56.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the BHDrvx64 service was changed from demand start to system start.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the Symantec Iron Driver service was changed from demand start to system start.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the Symantec Network Security WFP Driver service was changed from demand start to system start.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the Symantec Real Time Storage Protection (PEL) x64 service was changed from demand start to system start.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the IDSVia64 service was changed from demand start to system start.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the Symantec Extended File Attributes service was changed from demand start to boot start.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the Norton Internet Security Settings Manager service was changed from demand start to system start.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the Symantec Data Store service was changed from demand start to boot start.
Information 1/7/2015 10:11:10 AM Service Control Manager 7040 None The start type of the Symantec ELAM Driver service was changed from demand start to boot start.
Information 1/7/2015 10:10:12 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:09:54 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.VCLibs.110_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:09:43 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\windows\AppCompat\Programs\Amcache.hve was cleared updating 12 keys and creating 3 modified pages.
Information 1/7/2015 10:09:19 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\Users\jeffrey\AppData\Local\Packages\Microsoft.VCLibs.110.00_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:08:41 AM Microsoft-Windows-GroupPolicy 1501 None The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy.
Information 1/7/2015 10:08:31 AM Microsoft-Windows-Winlogon 7001 (1101) User Log-on Notification for Customer Experience Improvement Program
Information 1/7/2015 10:08:29 AM Microsoft-Windows-UserPnp 20001 (7005) Driver Management concluded the process to install driver monitor.inf_amd64_4ff27d8fea37720b\monitor.inf for Device Instance ID DISPLAY\AUO21EC\4&1877CF8&0&UID1536 with the following status: 0x0.
Information 1/7/2015 10:08:28 AM Microsoft-Windows-UserPnp 20003 (7005) Driver Management has concluded the process to add Service monitor for Device Instance ID DISPLAY\AUO21EC\4&1877CF8&0&UID1536 with the following status: 0.
Information 1/7/2015 10:08:13 AM Service Control Manager 7026 None "The following boot-start or system-start driver(s) did not load:
dam"
Information 1/7/2015 10:08:02 AM Microsoft-Windows-WLAN-AutoConfig 4000 None "WLAN AutoConfig service has successfully started.
"
Information 1/7/2015 10:08:01 AM Microsoft-Windows-DHCPv6-Client 51046 Service State Event DHCPv6 client service is started
Information 1/7/2015 10:08:01 AM Microsoft-Windows-Dhcp-Client 50036 Service State Event DHCPv4 client service is started
Information 1/7/2015 10:07:59 AM APXACC 11 (1) The Accelerator (NDIS6, 3.9.36.2) has started successfully.
Information 1/7/2015 10:07:58 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 3 keys and creating 1 modified pages.
Information 1/7/2015 10:07:57 AM Microsoft-Windows-FilterManager 6 None File System Filter 'luafv' (6.2, ‎2012‎-‎07‎-‎26T03:29:13.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:07:39 AM BTHUSB 18 None Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during start-up.
Information 1/7/2015 10:07:37 AM Microsoft-Windows-Kernel-Processor-Power 55 (47) "Processor 3 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle © States (2 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 1900
Maximum performance percentage: 100
Minimum performance percentage: 73
Minimum throttle percentage: 73"
Information 1/7/2015 10:07:37 AM Microsoft-Windows-Kernel-Processor-Power 55 (47) "Processor 2 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle © States (2 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 1900
Maximum performance percentage: 100
Minimum performance percentage: 73
Minimum throttle percentage: 73"
Information 1/7/2015 10:07:37 AM Microsoft-Windows-Kernel-Processor-Power 55 (47) "Processor 1 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle © States (2 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 1900
Maximum performance percentage: 100
Minimum performance percentage: 73
Minimum throttle percentage: 73"
Information 1/7/2015 10:07:37 AM Microsoft-Windows-Kernel-Processor-Power 55 (47) "Processor 0 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle © States (2 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 1900
Maximum performance percentage: 100
Minimum performance percentage: 73
Minimum throttle percentage: 73"
Information 1/7/2015 10:07:20 AM Microsoft-Windows-Kernel-Power 125 (86) "ACPI thermal zone \_TZ.TZ00 has been enumerated.            
_PSV = 0K            
_TC1 = 0            
_TC2 = 0            
_TSP = 0ms            
_AC0 = 0K            
_AC1 = 0K            
_AC2 = 0K            
_AC3 = 0K            
_AC4 = 0K            
_AC5 = 0K            
_AC6 = 0K            
_AC7 = 0K            
_AC8 = 0K            
_AC9 = 0K            
_CRT = 483K            
_HOT = 463K"
Information 1/7/2015 10:07:17 AM Microsoft-Windows-Ntfs 98 None Volume \\?\Volume{24c65d8a-6bc4-4e8c-acb2-6846130624cc} (\Device\HarddiskVolume5) is healthy.  No action is needed.
Information 1/7/2015 10:07:16 AM Microsoft-Windows-Ntfs 98 None Volume \\?\Volume{8b80285a-b9f3-46b4-8ab7-a0b22e89893f} (\Device\HarddiskVolume1) is healthy.  No action is needed.
Information 1/7/2015 10:07:15 AM Microsoft-Windows-FilterManager 6 None File System Filter 'npsvctrig' (6.2, ‎2012‎-‎07‎-‎26T03:27:33.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:07:13 AM Microsoft-Windows-Ntfs 98 None Volume C: (\Device\HarddiskVolume4) is healthy.  No action is needed.
Information 1/7/2015 10:07:12 AM Microsoft-Windows-FilterManager 6 None File System Filter 'WdFilter' (6.2, ‎2012‎-‎07‎-‎26T03:29:23.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:07:12 AM Microsoft-Windows-FilterManager 6 None File System Filter 'FileInfo' (6.2, ‎2012‎-‎07‎-‎26T03:28:02.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:07:11 AM Microsoft-Windows-Kernel-Boot 30 None The firmware reported boot metrics.
Information 1/7/2015 10:07:11 AM Microsoft-Windows-Kernel-Boot 32 None The bootmgr spent 0 ms waiting for user input.
Information 1/7/2015 10:07:11 AM Microsoft-Windows-Kernel-Boot 18 None There are 0x1 boot options on this system.
Information 1/7/2015 10:07:11 AM Microsoft-Windows-Kernel-Boot 27 None The boot type was 0x0.
Information 1/7/2015 10:07:11 AM Microsoft-Windows-Kernel-Boot 20 None The last shutdown's success status was true. The last boot's success status was true.
Information 1/7/2015 10:07:11 AM Microsoft-Windows-Kernel-General 12 None The operating system started at system time ‎2015‎-‎07‎-‎01T09:07:11.498935300Z.
Information 1/7/2015 10:07:00 AM Microsoft-Windows-Kernel-General 13 None The operating system is shutting down at system time ‎2015‎-‎07‎-‎01T09:07:00.320568200Z.
Information 1/7/2015 10:06:58 AM Microsoft-Windows-Kernel-Power 109 (103) The kernel power manager has initiated a shutdown transition.
Information 1/7/2015 10:06:53 AM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Information 1/7/2015 10:06:53 AM Microsoft-Windows-Dhcp-Client 50037 Service State Event DHCPv4 client service is stopped. ShutDown Flag value is 1
Information 1/7/2015 10:06:53 AM Microsoft-Windows-DHCPv6-Client 51047 Service State Event DHCPv6 client service is stopped. ShutDown Flag value is 1
Information 1/7/2015 10:06:52 AM User32 1074 None "The process C:\windows\system32\winlogon.exe (WIN-7NPRVPD3CIV) has initiated the restart of computer livingroom on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned)
 Reason Code: 0x80020003
 Shutdown Type: restart
 Comment: "
Information 1/7/2015 10:06:50 AM Microsoft-Windows-Kernel-General 1 None "The system time has changed to ‎2015‎-‎07‎-‎01T09:06:50.539232800Z from ‎2015‎-‎07‎-‎01T09:06:50.539232800Z.

Change Reason: System time adjusted to the new time zone."
Information 1/7/2015 10:05:58 AM Microsoft-Windows-FilterManager 6 None File System Filter 'luafv' (6.2, ‎2012‎-‎07‎-‎26T11:29:13.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:05:56 AM Microsoft-Windows-DHCPv6-Client 51046 Service State Event DHCPv6 client service is started
Information 1/7/2015 10:05:56 AM Microsoft-Windows-Dhcp-Client 50036 Service State Event DHCPv4 client service is started
Information 1/7/2015 10:04:31 AM Microsoft-Windows-WLAN-AutoConfig 4000 None "WLAN AutoConfig service has successfully started.
"
Information 1/7/2015 10:04:25 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \??\C:\windows\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 31 keys and creating 11 modified pages.
Information 1/7/2015 10:04:14 AM Microsoft-Windows-Kernel-General 16 None The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 43 keys and creating 4 modified pages.
Information 1/7/2015 10:04:05 AM BTHUSB 18 None Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during start-up.
Information 1/7/2015 10:04:02 AM Microsoft-Windows-Kernel-Processor-Power 55 (47) "Processor 3 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle © States (2 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 1900
Maximum performance percentage: 100
Minimum performance percentage: 73
Minimum throttle percentage: 73"
Information 1/7/2015 10:04:02 AM Microsoft-Windows-Kernel-Processor-Power 55 (47) "Processor 2 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle © States (2 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 1900
Maximum performance percentage: 100
Minimum performance percentage: 73
Minimum throttle percentage: 73"
Information 1/7/2015 10:04:02 AM Microsoft-Windows-Kernel-Processor-Power 55 (47) "Processor 1 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle © States (2 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 1900
Maximum performance percentage: 100
Minimum performance percentage: 73
Minimum throttle percentage: 73"
Information 1/7/2015 10:04:02 AM Microsoft-Windows-Kernel-Processor-Power 55 (47) "Processor 0 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle © States (2 state(s))

Performance state type: ACPI Performance (P) / Throttle (T) States
Nominal Frequency (MHz): 1900
Maximum performance percentage: 100
Minimum performance percentage: 73
Minimum throttle percentage: 73"
Information 1/7/2015 10:03:45 AM Microsoft-Windows-Kernel-Power 125 (86) "ACPI thermal zone \_TZ.TZ00 has been enumerated.            
_PSV = 0K            
_TC1 = 0            
_TC2 = 0            
_TSP = 0ms            
_AC0 = 0K            
_AC1 = 0K            
_AC2 = 0K            
_AC3 = 0K            
_AC4 = 0K            
_AC5 = 0K            
_AC6 = 0K            
_AC7 = 0K            
_AC8 = 0K            
_AC9 = 0K            
_CRT = 483K            
_HOT = 463K"
Information 1/7/2015 10:03:38 AM Microsoft-Windows-Ntfs 98 None Volume \\?\Volume{24c65d8a-6bc4-4e8c-acb2-6846130624cc} (\Device\HarddiskVolume5) is healthy.  No action is needed.
Information 1/7/2015 10:03:37 AM Microsoft-Windows-Ntfs 98 None Volume \\?\Volume{8b80285a-b9f3-46b4-8ab7-a0b22e89893f} (\Device\HarddiskVolume1) is healthy.  No action is needed.
Critical 1/7/2015 10:03:36 AM Microsoft-Windows-Kernel-Power 41 (63) The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Information 1/7/2015 10:03:36 AM Microsoft-Windows-FilterManager 6 None File System Filter 'npsvctrig' (6.2, ‎2012‎-‎07‎-‎26T11:27:33.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:03:34 AM Microsoft-Windows-Ntfs 98 None Volume C: (\Device\HarddiskVolume4) is healthy.  No action is needed.
Information 1/7/2015 10:03:30 AM Microsoft-Windows-FilterManager 6 None File System Filter 'WdFilter' (6.2, ‎2012‎-‎07‎-‎26T11:29:23.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:03:30 AM Microsoft-Windows-FilterManager 6 None File System Filter 'FileInfo' (6.2, ‎2012‎-‎07‎-‎26T11:28:02.000000000Z) has successfully loaded and registered with Filter Manager.
Information 1/7/2015 10:03:29 AM Microsoft-Windows-Kernel-Boot 30 None The firmware reported boot metrics.
Information 1/7/2015 10:03:29 AM Microsoft-Windows-Kernel-Boot 32 None The bootmgr spent 0 ms waiting for user input.
Information 1/7/2015 10:03:29 AM Microsoft-Windows-Kernel-Boot 18 None There are 0x1 boot options on this system.
Information 1/7/2015 10:03:29 AM Microsoft-Windows-Kernel-Boot 27 None The boot type was 0x0.
Information 1/7/2015 10:03:29 AM Microsoft-Windows-Kernel-Boot 20 None The last shutdown's success status was false. The last boot's success status was true.
Information 1/7/2015 10:07:58 AM EventLog 6013 None The system uptime is 46 seconds.
Information 1/7/2015 10:07:58 AM EventLog 6005 None The Event log service was started.
Information 1/7/2015 10:07:58 AM EventLog 6009 None Microsoft ® Windows ® 6.02. 9200  Multiprocessor Free.
Information 1/7/2015 10:07:58 AM EventLog 6011 None The NetBIOS name and DNS host name of this machine have been changed from WIN-7NPRVPD3CIV to LIVINGROOM.
Information 1/7/2015 10:03:29 AM Microsoft-Windows-Kernel-General 12 None The operating system started at system time ‎2015‎-‎07‎-‎01T09:03:29.499125400Z.
Information 19/9/2012 9:45:16 AM Microsoft-Windows-Dhcp-Client 50037 Service State Event DHCPv4 client service is stopped. ShutDown Flag value is 1
Information 19/9/2012 9:45:16 AM Microsoft-Windows-DHCPv6-Client 51047 Service State Event DHCPv6 client service is stopped. ShutDown Flag value is 1
Information 19/9/2012 9:45:16 AM Microsoft-Windows-Winlogon 7002 (1102) User Log-off Notification for Customer Experience Improvement Program
Information 19/9/2012 9:45:16 AM EventLog 6006 None The Event log service was stopped.
Information 19/9/2012 9:45:14 AM Microsoft-Windows-UserModePowerService 12 (10) Process C:\Windows\System32\atieclxx.exe (process ID:1448) reset policy scheme from {A4FBB262-970B-46FE-B300-EF2F00A96E0C} to {A4FBB262-970B-46FE-B300-EF2F00A96E0C}
Information 19/9/2012 9:45:14 AM Microsoft-Windows-UserModePowerService 12 (10) Process C:\Windows\System32\atieclxx.exe (process ID:1448) reset policy scheme from {A4FBB262-970B-46FE-B300-EF2F00A96E0C} to {A4FBB262-970B-46FE-B300-EF2F00A96E0C}
Information 19/9/2012 9:45:14 AM Microsoft-Windows-UserModePowerService 12 (10) Process C:\Windows\System32\atieclxx.exe (process ID:1448) reset policy scheme from {A4FBB262-970B-46FE-B300-EF2F00A96E0C} to {A4FBB262-970B-46FE-B300-EF2F00A96E0C}
Information 19/9/2012 9:45:14 AM Microsoft-Windows-UserModePowerService 12 (10) Process C:\Windows\System32\atieclxx.exe (process ID:1448) reset policy scheme from {A4FBB262-970B-46FE-B300-EF2F00A96E0C} to {A4FBB262-970B-46FE-B300-EF2F00A96E0C}
Information 19/9/2012 9:45:14 AM User32 1074 None "The process C:\Windows\system32\sysprep\sysprep.exe (WIN-7NPRVPD3CIV) has initiated the restart of computer WIN-7NPRVPD3CIV on behalf of user WIN-7NPRVPD3CIV\Administrator for the following reason: No title for this reason could be found
 Reason Code: 0x40002
 Shutdown Type: restart
 Comment: "
Information 19/9/2012 9:45:12 AM Service Control Manager 7040 None The start type of the Windows Search service was changed from disabled to auto start.
Information 19/9/2012 9:45:10 AM Service Control Manager 7040 None The start type of the Windows Search service was changed from auto start to disabled.
Information 19/9/2012 9:45:03 AM Microsoft-Windows-Eventlog 104 Log clear The Setup log file was cleared.
Information 19/9/2012 9:45:03 AM Microsoft-Windows-Eventlog 104 Log clear The Application log file was cleared.
Information 19/9/2012 9:45:03 AM Microsoft-Windows-Eventlog 104 Log clear The System log file was cleared.



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:49 PM

Posted 01 July 2015 - 05:42 AM

Reset your router to factory settings. Perform an upgrade of the firmware and change the router password.

For the computer:

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 jeffrey90

jeffrey90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 01 July 2015 - 12:06 PM

I've done all this step and all of the sudden my computer shut down and password have been changed. I have to reformat my laptop again. Sigh... Now I really think is my network got problem. Is it possible people can just get on my network and done some changes? Because my WAN is quite wide.

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:49 PM

Posted 01 July 2015 - 12:54 PM

Reset your router to factory settings. Perform an upgrade of the firmware and change the router password.


That's all I can recommend.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users