Heres a few sample of what im seeing in event viewer
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
Impersonation Level: -
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
_____________
Special privileges assigned to new logon.
Subject:
Security ID: NETWORK SERVICE
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E4
Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
______________________
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\guard64.dll
__________________
And the one that troubles me the most is this one:
An attempt was made to query the existence of a blank password for an account.
Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E5
Additional Information:
Caller Workstation: xxxx
Target Account Name: xxxxxxxx
Target Account Domain: xxxxx
_________________
This last event I found a post about it here when googling it, could be system compromised or nasty rootkit malware. WTF is going on?
Im getting tired of this and about to cleanly install a Linux distro to have peace of mind. Someone please help me before I do so.
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
Impersonation Level: -
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
_____________
Special privileges assigned to new logon.
Subject:
Security ID: NETWORK SERVICE
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E4
Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
______________________
Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\guard64.dll
__________________
And the one that troubles me the most is this one:
An attempt was made to query the existence of a blank password for an account.
Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E5
Additional Information:
Caller Workstation: xxxx
Target Account Name: xxxxxxxx
Target Account Domain: xxxxx
_________________
This last event I found a post about it here when googling it, could be system compromised or nasty rootkit malware. WTF is going on?
Im getting tired of this and about to cleanly install a Linux distro to have peace of mind. Someone please help me before I do so.
My Computer
System One
-
- OS
- Windows 8.1 Enterprise x64
- Computer type
- PC/Desktop
- System Manufacturer/Model
- Custom
- CPU
- AMD based
- Motherboard
- AMD based
- Memory
- 16 GB DDR3
- Graphics Card(s)
- Radeon based
- Sound Card
- onboard
- Monitor(s) Displays
- Asus VX238
- Screen Resolution
- 1920x1080
- Hard Drives
- 120 GB SSD
1TB storage
- PSU
- Thermaltake Toughpower XT 775W
- Case
- Thermaltake Dokker
- Cooling
- Xigametek Darknight II
- Keyboard
- Logitech gaming
- Mouse
- Roccat gaming
- Internet Speed
- 30 mb
- Browser
- IE :D
- Antivirus
- Huh?