USERENV(37c.380) 08:53:40:390 InitializePolicyProcessing: Initialised Machine Mutex/Events USERENV(37c.380) 08:53:40:437 InitializePolicyProcessing: Initialised User Mutex/Events USERENV(37c.380) 08:53:40:437 LibMain: Process Name: \??\C:\WINDOWS\system32\winlogon.exe USERENV(37c.380) 08:53:40:546 Entering CUserProfile::Initialize ... USERENV(37c.380) 08:53:40:562 CUserProfile::Initialize called by winlogon USERENV(37c.380) 08:53:40:562 CUserProfile::Initialize: critical section initialized USERENV(37c.380) 08:53:40:562 CSyncManager::Initialize: critical section initialized USERENV(37c.380) 08:53:40:562 CUserProfile::Initialize: registry key Software\Microsoft\Windows NT\CurrentVersion\ProfileList opened USERENV(37c.380) 08:53:40:562 CUserProfile::Initialize: Proccessing S-1-5-21-1417001333-879983540-839522115-500 USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:40:562 CHashTable::HashAdd: S-1-5-21-1417001333-879983540-839522115-500 added in bucket 19 USERENV(37c.380) 08:53:40:562 CUserProfile::CleanupUserProfile: Enter critical section. USERENV(37c.380) 08:53:40:562 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000100 USERENV(37c.380) 08:53:40:562 CSyncManager::LeaveLock USERENV(37c.380) 08:53:40:562 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:40:562 CHashTable::HashDelete: S-1-5-21-1417001333-879983540-839522115-500 deleted USERENV(37c.380) 08:53:40:562 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:40:562 CUserProfile::CleanupUserProfile: Leave critical section USERENV(37c.380) 08:53:40:562 CUserProfile::Initialize: Proccessing S-1-5-21-1417001333-879983540-839522115-4625 USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:40:562 CHashTable::HashAdd: S-1-5-21-1417001333-879983540-839522115-4625 added in bucket 10 USERENV(37c.380) 08:53:40:562 CUserProfile::CleanupUserProfile: Enter critical section. USERENV(37c.380) 08:53:40:562 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000100 USERENV(37c.380) 08:53:40:562 CSyncManager::LeaveLock USERENV(37c.380) 08:53:40:562 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:40:562 CHashTable::HashDelete: S-1-5-21-1417001333-879983540-839522115-4625 deleted USERENV(37c.380) 08:53:40:562 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:40:562 CUserProfile::CleanupUserProfile: Leave critical section USERENV(37c.380) 08:53:40:562 CUserProfile::Initialize: Proccessing S-1-5-21-1417001333-879983540-839522115-1156 USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:40:562 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:40:562 CHashTable::HashAdd: S-1-5-21-1417001333-879983540-839522115-1156 added in bucket 6 USERENV(37c.380) 08:53:40:562 CUserProfile::CleanupUserProfile: Enter critical section. USERENV(37c.380) 08:53:40:578 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000304 USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:40:578 CHashTable::HashDelete: S-1-5-21-1417001333-879983540-839522115-1156 deleted USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:40:578 CUserProfile::CleanupUserProfile: Leave critical section USERENV(37c.380) 08:53:40:578 CUserProfile::Initialize: Proccessing S-1-5-21-1390067357-573735546-682003330-500 USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:40:578 CHashTable::HashAdd: S-1-5-21-1390067357-573735546-682003330-500 added in bucket 18 USERENV(37c.380) 08:53:40:578 CUserProfile::CleanupUserProfile: Enter critical section. USERENV(37c.380) 08:53:40:578 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000100 USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:40:578 CHashTable::HashDelete: S-1-5-21-1390067357-573735546-682003330-500 deleted USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:40:578 CUserProfile::CleanupUserProfile: Leave critical section USERENV(37c.380) 08:53:40:578 CUserProfile::Initialize: Proccessing S-1-5-21-1390067357-573735546-682003330-1003 USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:40:578 CHashTable::HashAdd: S-1-5-21-1390067357-573735546-682003330-1003 added in bucket 19 USERENV(37c.380) 08:53:40:578 CUserProfile::CleanupUserProfile: Enter critical section. USERENV(37c.380) 08:53:40:578 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000100 USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:40:578 CHashTable::HashDelete: S-1-5-21-1390067357-573735546-682003330-1003 deleted USERENV(37c.380) 08:53:40:578 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:40:578 CUserProfile::CleanupUserProfile: Leave critical section USERENV(37c.380) 08:53:40:578 CUserProfile::Initialize: Proccessing S-1-5-20 USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:40:578 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:40:578 CHashTable::HashAdd: S-1-5-20 added in bucket 4 USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Enter critical section. USERENV(37c.380) 08:53:40:593 CUserProfile::GetRefCountAndFlags: Ref count is 2, state is 00000000 USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Ref Count is not 0 USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:40:593 CHashTable::HashDelete: S-1-5-20 deleted USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Leave critical section USERENV(37c.380) 08:53:40:593 CUserProfile::Initialize: Proccessing S-1-5-19 USERENV(37c.380) 08:53:40:593 CSyncManager::EnterLock USERENV(37c.380) 08:53:40:593 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:40:593 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:40:593 CHashTable::HashAdd: S-1-5-19 added in bucket 12 USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Enter critical section. USERENV(37c.380) 08:53:40:593 CUserProfile::GetRefCountAndFlags: Ref count is 2, state is 00000000 USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Ref Count is not 0 USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:40:593 CHashTable::HashDelete: S-1-5-19 deleted USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Leave critical section USERENV(37c.380) 08:53:40:593 CUserProfile::Initialize: Proccessing S-1-5-18 USERENV(37c.380) 08:53:40:593 CSyncManager::EnterLock USERENV(37c.380) 08:53:40:593 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:40:593 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:40:593 CHashTable::HashAdd: S-1-5-18 added in bucket 11 USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Enter critical section. USERENV(37c.380) 08:53:40:593 CUserProfile::GetRefCountAndFlags: Ref count is 1, state is 00000000 USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Ref Count is not 0 USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:40:593 CHashTable::HashDelete: S-1-5-18 deleted USERENV(37c.380) 08:53:40:593 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:40:593 CUserProfile::CleanupUserProfile: Leave critical section USERENV(37c.380) 08:53:40:609 CUserProfile::Initialize: RpcServerRegisterIfEx successful USERENV(37c.380) 08:53:40:609 Exiting CUserProfile::Initialize, successful USERENV(3ac.3b0) 08:53:40:671 LibMain: Process Name: C:\WINDOWS\system32\services.exe USERENV(3b8.3bc) 08:53:40:687 LibMain: Process Name: C:\WINDOWS\system32\lsass.exe USERENV(37c.380) 08:53:40:765 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync USERENV(45c.460) 08:53:41:062 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe USERENV(3ac.3b0) 08:53:41:203 LoadUserProfile: Yes, we can impersonate the user. Running as self USERENV(3ac.3b0) 08:53:41:203 ========================================================= USERENV(3ac.3b0) 08:53:41:203 LoadUserProfile: Entering, hToken = <0x298>, lpProfileInfo = 0x6fcf8 USERENV(3ac.3b0) 08:53:41:203 LoadUserProfile: lpProfileInfo->dwFlags = <0x9> USERENV(3ac.3b0) 08:53:41:203 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(3ac.3b0) 08:53:41:203 LoadUserProfile: NULL central profile path USERENV(3ac.3b0) 08:53:41:203 LoadUserProfile: NULL default profile path USERENV(3ac.3b0) 08:53:41:203 LoadUserProfile: NULL server name USERENV(3ac.3b0) 08:53:41:203 GetInterface: Returning rpc binding handle USERENV(37c.4a8) 08:53:41:203 IProfileSecurityCallBack: client authenticated. USERENV(37c.4a8) 08:53:41:203 DropClientContext: Got client token 0000050C, sid = S-1-5-18 USERENV(37c.4a8) 08:53:41:203 MIDL_user_allocate enter USERENV(37c.4a8) 08:53:41:203 DropClientContext: load profile object successfully made USERENV(37c.4a8) 08:53:41:203 DropClientContext: Returning 0 USERENV(3ac.3b0) 08:53:41:203 LoadUserProfile: Calling DropClientToken (as self) succeeded USERENV(37c.398) 08:53:41:203 IProfileSecurityCallBack: client authenticated. USERENV(37c.398) 08:53:41:203 In LoadUserProfileP USERENV(37c.398) 08:53:41:203 LoadUserProfile: Running as client USERENV(37c.398) 08:53:41:203 ========================================================= USERENV(37c.398) 08:53:41:203 LoadUserProfile: Entering, hToken = <0x514>, lpProfileInfo = 0xe30150 USERENV(37c.398) 08:53:41:203 LoadUserProfile: lpProfileInfo->dwFlags = <0x9> USERENV(37c.398) 08:53:41:203 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(37c.398) 08:53:41:203 LoadUserProfile: NULL central profile path USERENV(37c.398) 08:53:41:203 LoadUserProfile: NULL default profile path USERENV(37c.398) 08:53:41:203 LoadUserProfile: NULL server name USERENV(37c.398) 08:53:41:203 LoadUserProfile: User sid: S-1-5-20 USERENV(37c.398) 08:53:41:203 CSyncManager::EnterLock USERENV(37c.398) 08:53:41:203 CSyncManager::EnterLock: No existing entry found USERENV(37c.398) 08:53:41:203 CSyncManager::EnterLock: New entry created USERENV(37c.398) 08:53:41:203 CHashTable::HashAdd: S-1-5-20 added in bucket 4 USERENV(37c.398) 08:53:41:218 LoadUserProfile: Wait succeeded. In critical section. USERENV(37c.398) 08:53:41:218 RestoreUserProfile: Entering USERENV(37c.398) 08:53:41:218 IsCentralProfileReachable: Entering USERENV(37c.398) 08:53:41:218 IsCentralProfileReachable: Null path. Leaving USERENV(37c.398) 08:53:41:218 RestoreUserProfile: Profile path = <> USERENV(37c.398) 08:53:41:218 ExtractProfileFromBackup: A profile already exists USERENV(37c.398) 08:53:41:218 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting USERENV(37c.398) 08:53:41:218 CreateLocalProfileKey: Not setting additional Security USERENV(37c.398) 08:53:41:218 GetExistingLocalProfileImage: Found entry in profile list for existing local profile USERENV(37c.398) 08:53:41:218 GetExistingLocalProfileImage: Local profile image filename = <%SystemDrive%\Documents and Settings\NetworkService> USERENV(37c.398) 08:53:41:218 GetExistingLocalProfileImage: Expanded local profile image filename = USERENV(37c.398) 08:53:41:218 GetExistingLocalProfileImage: No local mandatory profile. Error = 2 USERENV(37c.398) 08:53:41:218 GetExistingLocalProfileImage: Found local profile image file ok USERENV(37c.398) 08:53:41:218 GetExistingLocalProfileImage: Failed to query low profile unload time with error 2 USERENV(37c.398) 08:53:41:218 Local Existing Profile Image is reachable USERENV(37c.398) 08:53:41:218 Local profile name is USERENV(37c.398) 08:53:41:218 RestoreUserProfile: No central profile. Attempting to load local profile. USERENV(37c.398) 08:53:41:218 MyRegLoadKey: Returning 00000000 USERENV(37c.398) 08:53:41:218 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(37c.398) 08:53:41:218 MyRegLoadKey: Returning 00000000 USERENV(37c.398) 08:53:41:218 CreateClassHive: existing user classes hive found USERENV(37c.398) 08:53:41:234 RestoreUserProfile: About to Leave. Final Information follows: USERENV(37c.398) 08:53:41:234 Profile was successfully loaded. USERENV(37c.398) 08:53:41:234 lpProfile->lpRoamingProfile = <> USERENV(37c.398) 08:53:41:234 lpProfile->lpLocalProfile = USERENV(37c.398) 08:53:41:234 lpProfile->dwInternalFlags = 0x0 USERENV(37c.398) 08:53:41:234 RestoreUserProfile: Leaving. USERENV(37c.398) 08:53:41:234 UpgradeProfile: Entering USERENV(37c.398) 08:53:41:234 UpgradeProfile: Build numbers match USERENV(37c.398) 08:53:41:234 UpgradeProfile: Leaving Successfully USERENV(37c.398) 08:53:41:234 GetProfileType: Profile already loaded. USERENV(37c.398) 08:53:41:234 LoadProfileInfo: Failed to query central profile with error 2 USERENV(37c.398) 08:53:41:234 GetProfileType: ProfileFlags is 0 USERENV(37c.398) 08:53:41:281 Profile Ref Count is 1 USERENV(37c.398) 08:53:41:281 LoadUserProfile: Leaving critical Section. USERENV(37c.398) 08:53:41:281 CSyncManager::LeaveLock USERENV(37c.398) 08:53:41:281 CSyncManager::LeaveLock: Lock released USERENV(37c.398) 08:53:41:281 CHashTable::HashDelete: S-1-5-20 deleted USERENV(37c.398) 08:53:41:281 CSyncManager::LeaveLock: Lock deleted USERENV(37c.398) 08:53:41:281 LoadUserProfile: Impersonated user: 00000514, 00000524 USERENV(3b8.41c) 08:53:41:296 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(3b8.41c) 08:53:41:312 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(37c.398) 08:53:41:328 LoadUserProfile: Reverted to user: 00000000 USERENV(37c.398) 08:53:41:328 LoadUserProfile: Reverted back to user <00000000> USERENV(37c.398) 08:53:41:328 LoadUserProfile: Leaving with a value of 1. USERENV(37c.398) 08:53:41:328 ========================================================= USERENV(37c.398) 08:53:41:328 LoadUserProfileI: returning 0 USERENV(3ac.3b0) 08:53:41:328 LoadUserProfile: Running as self USERENV(3ac.3b0) 08:53:41:328 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded USERENV(3ac.3b0) 08:53:41:328 LoadUserProfile: Returning success. Final Information follows: USERENV(3ac.3b0) 08:53:41:328 lpProfileInfo->UserName = USERENV(3ac.3b0) 08:53:41:328 lpProfileInfo->lpProfilePath = <> USERENV(3ac.3b0) 08:53:41:328 lpProfileInfo->dwFlags = 0x9 USERENV(37c.4a8) 08:53:41:328 IProfileSecurityCallBack: client authenticated. USERENV(37c.4a8) 08:53:41:328 ReleaseClientContext: Releasing context USERENV(37c.4a8) 08:53:41:328 ReleaseClientContext_s: Releasing context USERENV(37c.4a8) 08:53:41:328 MIDL_user_free enter USERENV(3ac.3b0) 08:53:41:328 ReleaseInterface: Releasing rpc binding handle USERENV(3ac.3b0) 08:53:41:328 LoadUserProfile: Returning TRUE. hProfile = <0x31c> USERENV(3ac.3b0) 08:53:41:328 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(4b0.4b4) 08:53:41:375 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe USERENV(508.50c) 08:53:41:484 LibMain: Process Name: C:\WINDOWS\System32\svchost.exe USERENV(3ac.3b0) 08:53:41:500 LoadUserProfile: Yes, we can impersonate the user. Running as self USERENV(3ac.3b0) 08:53:41:500 ========================================================= USERENV(3ac.3b0) 08:53:41:500 LoadUserProfile: Entering, hToken = <0x348>, lpProfileInfo = 0x6fcf8 USERENV(3ac.3b0) 08:53:41:500 LoadUserProfile: lpProfileInfo->dwFlags = <0x9> USERENV(3ac.3b0) 08:53:41:500 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(3ac.3b0) 08:53:41:500 LoadUserProfile: NULL central profile path USERENV(3ac.3b0) 08:53:41:500 LoadUserProfile: NULL default profile path USERENV(3ac.3b0) 08:53:41:500 LoadUserProfile: NULL server name USERENV(3ac.3b0) 08:53:41:500 GetInterface: Returning rpc binding handle USERENV(37c.398) 08:53:41:500 IProfileSecurityCallBack: client authenticated. USERENV(37c.398) 08:53:41:515 DropClientContext: Got client token 0000050C, sid = S-1-5-18 USERENV(37c.398) 08:53:41:515 MIDL_user_allocate enter USERENV(37c.398) 08:53:41:515 DropClientContext: load profile object successfully made USERENV(37c.398) 08:53:41:515 DropClientContext: Returning 0 USERENV(3ac.3b0) 08:53:41:515 LoadUserProfile: Calling DropClientToken (as self) succeeded USERENV(37c.4a8) 08:53:41:515 IProfileSecurityCallBack: client authenticated. USERENV(37c.4a8) 08:53:41:515 In LoadUserProfileP USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: Running as client USERENV(37c.4a8) 08:53:41:515 ========================================================= USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: Entering, hToken = <0x514>, lpProfileInfo = 0xe30150 USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: lpProfileInfo->dwFlags = <0x9> USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: NULL central profile path USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: NULL default profile path USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: NULL server name USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: User sid: S-1-5-20 USERENV(37c.4a8) 08:53:41:515 CSyncManager::EnterLock USERENV(37c.4a8) 08:53:41:515 CSyncManager::EnterLock: No existing entry found USERENV(37c.4a8) 08:53:41:515 CSyncManager::EnterLock: New entry created USERENV(37c.4a8) 08:53:41:515 CHashTable::HashAdd: S-1-5-20 added in bucket 4 USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: Wait succeeded. In critical section. USERENV(37c.4a8) 08:53:41:515 TestIfUserProfileLoaded: Profile already loaded. USERENV(37c.4a8) 08:53:41:515 Profile Ref Count is 2 USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: Leaving critical Section. USERENV(37c.4a8) 08:53:41:515 CSyncManager::LeaveLock USERENV(37c.4a8) 08:53:41:515 CSyncManager::LeaveLock: Lock released USERENV(37c.4a8) 08:53:41:515 CHashTable::HashDelete: S-1-5-20 deleted USERENV(37c.4a8) 08:53:41:515 CSyncManager::LeaveLock: Lock deleted USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: Impersonated user: 00000514, 00000524 USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: Reverted to user: 00000000 USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: Reverted back to user <00000000> USERENV(37c.4a8) 08:53:41:515 LoadUserProfile: Leaving with a value of 1. USERENV(37c.4a8) 08:53:41:515 ========================================================= USERENV(37c.4a8) 08:53:41:515 LoadUserProfileI: returning 0 USERENV(3ac.3b0) 08:53:41:515 LoadUserProfile: Running as self USERENV(3ac.3b0) 08:53:41:515 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded USERENV(3ac.3b0) 08:53:41:515 LoadUserProfile: Returning success. Final Information follows: USERENV(3ac.3b0) 08:53:41:531 lpProfileInfo->UserName = USERENV(3ac.3b0) 08:53:41:531 lpProfileInfo->lpProfilePath = <> USERENV(3ac.3b0) 08:53:41:531 lpProfileInfo->dwFlags = 0x9 USERENV(37c.398) 08:53:41:531 IProfileSecurityCallBack: client authenticated. USERENV(37c.398) 08:53:41:531 ReleaseClientContext: Releasing context USERENV(37c.398) 08:53:41:531 ReleaseClientContext_s: Releasing context USERENV(37c.398) 08:53:41:531 MIDL_user_free enter USERENV(3ac.3b0) 08:53:41:531 ReleaseInterface: Releasing rpc binding handle USERENV(3ac.3b0) 08:53:41:531 LoadUserProfile: Returning TRUE. hProfile = <0x364> USERENV(3ac.3b0) 08:53:41:531 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(578.57c) 08:53:41:578 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe USERENV(3ac.3b0) 08:53:42:031 LoadUserProfile: Yes, we can impersonate the user. Running as self USERENV(3ac.3b0) 08:53:42:031 ========================================================= USERENV(3ac.3b0) 08:53:42:031 LoadUserProfile: Entering, hToken = <0x374>, lpProfileInfo = 0x6fcf8 USERENV(3ac.3b0) 08:53:42:031 LoadUserProfile: lpProfileInfo->dwFlags = <0x9> USERENV(3ac.3b0) 08:53:42:046 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(3ac.3b0) 08:53:42:046 LoadUserProfile: NULL central profile path USERENV(37c.380) 08:53:42:046 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync USERENV(37c.5a4) 08:53:42:062 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync USERENV(3ac.3b0) 08:53:42:046 LoadUserProfile: NULL default profile path USERENV(3ac.3b0) 08:53:42:093 LoadUserProfile: NULL server name USERENV(3ac.3b0) 08:53:42:171 GetInterface: Returning rpc binding handle USERENV(37c.4a8) 08:53:42:171 IProfileSecurityCallBack: client authenticated. USERENV(37c.4a8) 08:53:42:171 DropClientContext: Got client token 000005CC, sid = S-1-5-18 USERENV(37c.4a8) 08:53:42:171 MIDL_user_allocate enter USERENV(37c.4a8) 08:53:42:171 DropClientContext: load profile object successfully made USERENV(37c.4a8) 08:53:42:171 DropClientContext: Returning 0 USERENV(3ac.3b0) 08:53:42:171 LoadUserProfile: Calling DropClientToken (as self) succeeded USERENV(37c.398) 08:53:42:187 IProfileSecurityCallBack: client authenticated. USERENV(37c.398) 08:53:42:187 In LoadUserProfileP USERENV(37c.398) 08:53:42:187 LoadUserProfile: Running as client USERENV(37c.398) 08:53:42:187 ========================================================= USERENV(37c.398) 08:53:42:187 LoadUserProfile: Entering, hToken = <0x548>, lpProfileInfo = 0xe44320 USERENV(37c.398) 08:53:42:187 LoadUserProfile: lpProfileInfo->dwFlags = <0x9> USERENV(37c.398) 08:53:42:187 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(37c.398) 08:53:42:187 LoadUserProfile: NULL central profile path USERENV(37c.398) 08:53:42:187 LoadUserProfile: NULL default profile path USERENV(37c.398) 08:53:42:187 LoadUserProfile: NULL server name USERENV(37c.398) 08:53:42:187 LoadUserProfile: User sid: S-1-5-19 USERENV(37c.398) 08:53:42:187 CSyncManager::EnterLock USERENV(37c.398) 08:53:42:187 CSyncManager::EnterLock: No existing entry found USERENV(37c.398) 08:53:42:187 CSyncManager::EnterLock: New entry created USERENV(37c.398) 08:53:42:187 CHashTable::HashAdd: S-1-5-19 added in bucket 12 USERENV(37c.398) 08:53:42:187 LoadUserProfile: Wait succeeded. In critical section. USERENV(37c.398) 08:53:42:187 RestoreUserProfile: Entering USERENV(37c.398) 08:53:42:187 IsCentralProfileReachable: Entering USERENV(37c.398) 08:53:42:187 IsCentralProfileReachable: Null path. Leaving USERENV(37c.398) 08:53:42:187 RestoreUserProfile: Profile path = <> USERENV(37c.398) 08:53:42:187 ExtractProfileFromBackup: A profile already exists USERENV(37c.398) 08:53:42:187 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting USERENV(37c.398) 08:53:42:187 CreateLocalProfileKey: Not setting additional Security USERENV(37c.398) 08:53:42:187 GetExistingLocalProfileImage: Found entry in profile list for existing local profile USERENV(37c.398) 08:53:42:187 GetExistingLocalProfileImage: Local profile image filename = <%SystemDrive%\Documents and Settings\LocalService> USERENV(37c.398) 08:53:42:187 GetExistingLocalProfileImage: Expanded local profile image filename = USERENV(37c.398) 08:53:42:187 GetExistingLocalProfileImage: No local mandatory profile. Error = 2 USERENV(37c.398) 08:53:42:187 GetExistingLocalProfileImage: Found local profile image file ok USERENV(37c.398) 08:53:42:187 GetExistingLocalProfileImage: Failed to query low profile unload time with error 2 USERENV(37c.398) 08:53:42:187 Local Existing Profile Image is reachable USERENV(37c.398) 08:53:42:187 Local profile name is USERENV(37c.398) 08:53:42:187 RestoreUserProfile: No central profile. Attempting to load local profile. USERENV(37c.398) 08:53:42:187 MyRegLoadKey: Returning 00000000 USERENV(37c.398) 08:53:42:187 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(37c.398) 08:53:42:203 MyRegLoadKey: Returning 00000000 USERENV(37c.398) 08:53:42:203 CreateClassHive: existing user classes hive found USERENV(37c.398) 08:53:42:203 RestoreUserProfile: About to Leave. Final Information follows: USERENV(37c.398) 08:53:42:203 Profile was successfully loaded. USERENV(37c.398) 08:53:42:203 lpProfile->lpRoamingProfile = <> USERENV(37c.398) 08:53:42:203 lpProfile->lpLocalProfile = USERENV(37c.398) 08:53:42:203 lpProfile->dwInternalFlags = 0x0 USERENV(37c.398) 08:53:42:203 RestoreUserProfile: Leaving. USERENV(37c.398) 08:53:42:203 UpgradeProfile: Entering USERENV(37c.398) 08:53:42:203 UpgradeProfile: Build numbers match USERENV(37c.398) 08:53:42:203 UpgradeProfile: Leaving Successfully USERENV(37c.398) 08:53:42:203 GetProfileType: Profile already loaded. USERENV(37c.398) 08:53:42:203 LoadProfileInfo: Failed to query central profile with error 2 USERENV(37c.398) 08:53:42:203 GetProfileType: ProfileFlags is 0 USERENV(37c.398) 08:53:42:203 Profile Ref Count is 1 USERENV(37c.398) 08:53:42:203 LoadUserProfile: Leaving critical Section. USERENV(37c.398) 08:53:42:203 CSyncManager::LeaveLock USERENV(37c.398) 08:53:42:203 CSyncManager::LeaveLock: Lock released USERENV(37c.398) 08:53:42:203 CHashTable::HashDelete: S-1-5-19 deleted USERENV(37c.398) 08:53:42:203 CSyncManager::LeaveLock: Lock deleted USERENV(37c.398) 08:53:42:203 LoadUserProfile: Impersonated user: 00000548, 000005c4 USERENV(3b8.400) 08:53:42:218 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(3b8.400) 08:53:42:218 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(37c.398) 08:53:42:218 LoadUserProfile: Reverted to user: 00000000 USERENV(37c.398) 08:53:42:218 LoadUserProfile: Reverted back to user <00000000> USERENV(37c.398) 08:53:42:218 LoadUserProfile: Leaving with a value of 1. USERENV(37c.398) 08:53:42:218 ========================================================= USERENV(37c.398) 08:53:42:218 LoadUserProfileI: returning 0 USERENV(3ac.3b0) 08:53:42:218 LoadUserProfile: Running as self USERENV(3ac.3b0) 08:53:42:234 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded USERENV(3ac.3b0) 08:53:42:234 LoadUserProfile: Returning success. Final Information follows: USERENV(3ac.3b0) 08:53:42:234 lpProfileInfo->UserName = USERENV(3ac.3b0) 08:53:42:234 lpProfileInfo->lpProfilePath = <> USERENV(3ac.3b0) 08:53:42:234 lpProfileInfo->dwFlags = 0x9 USERENV(37c.4a8) 08:53:42:234 IProfileSecurityCallBack: client authenticated. USERENV(37c.4a8) 08:53:42:234 ReleaseClientContext: Releasing context USERENV(37c.4a8) 08:53:42:234 ReleaseClientContext_s: Releasing context USERENV(37c.4a8) 08:53:42:234 MIDL_user_free enter USERENV(3ac.3b0) 08:53:42:234 ReleaseInterface: Releasing rpc binding handle USERENV(3ac.3b0) 08:53:42:234 LoadUserProfile: Returning TRUE. hProfile = <0x340> USERENV(3ac.3b0) 08:53:42:234 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(5d4.5d8) 08:53:42:265 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe USERENV(664.668) 08:53:42:546 LibMain: Process Name: C:\WINDOWS\system32\spoolsv.exe USERENV(6e4.6f8) 08:53:48:718 LibMain: Process Name: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe USERENV(37c.69c) 08:53:52:062 SetFgRefreshInfo: Next User Fg policy Synchronous, Reason: NonCachedCredentials. USERENV(7f0.7f4) 08:53:52:171 LibMain: Process Name: C:\WINDOWS\system32\mpnotify.exe USERENV(37c.5a4) 08:53:52:281 ApplyGroupPolicy: Entering. Flags = f USERENV(37c.5a4) 08:53:52:281 ProcessGPOs: USERENV(37c.5a4) 08:53:52:281 ProcessGPOs: USERENV(37c.5a4) 08:53:52:281 ProcessGPOs: Starting computer Group Policy (Async forground) processing... USERENV(37c.5a4) 08:53:52:281 ProcessGPOs: USERENV(37c.5a4) 08:53:52:281 ProcessGPOs: USERENV(37c.5a4) 08:53:52:281 EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0 USERENV(37c.5a4) 08:53:52:281 EnterCriticalPolicySectionEx: Machine critical section has been claimed. Handle = 0x65c USERENV(37c.5a4) 08:53:52:281 EnterCriticalPolicySectionEx: Leaving successfully. USERENV(37c.5a4) 08:53:52:281 ProcessGPOs: Machine role is 2. USERENV(37c.5a4) 08:53:52:406 PingComputer: Adapter speed 100000000 bps USERENV(37c.5a4) 08:53:52:421 PingComputer: First time: 19 USERENV(37c.5a4) 08:53:52:500 PingComputer: Second time: 77 USERENV(138.120) 08:53:52:484 LibMain: Process Name: C:\Program Files\Citrix\ICA Client\ssoncom.exe USERENV(37c.5a4) 08:53:52:531 PingComputer: First time: 20 USERENV(37c.5a4) 08:53:52:593 PingComputer: Second time: 39 USERENV(37c.5a4) 08:53:52:640 PingComputer: First time: 21 USERENV(37c.5a4) 08:53:52:687 PingComputer: Second time: 45 USERENV(37c.5a4) 08:53:52:687 PingComputer: Transfer rate: 969 Kbps Loop count: 3 USERENV(37c.380) 08:53:52:796 LoadUserProfile: Yes, we can impersonate the user. Running as self USERENV(37c.380) 08:53:52:796 ========================================================= USERENV(37c.380) 08:53:52:796 LoadUserProfile: Entering, hToken = <0x534>, lpProfileInfo = 0x6e3e0 USERENV(37c.380) 08:53:52:796 LoadUserProfile: lpProfileInfo->dwFlags = <0x0> USERENV(37c.380) 08:53:52:812 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(37c.380) 08:53:52:812 LoadUserProfile: NULL central profile path USERENV(37c.380) 08:53:52:812 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\server\netlogon\Default User> USERENV(37c.380) 08:53:52:812 LoadUserProfile: NULL server name USERENV(37c.380) 08:53:52:812 LoadUserProfile: In console winlogon process USERENV(37c.380) 08:53:52:812 In LoadUserProfileP USERENV(37c.380) 08:53:52:812 ========================================================= USERENV(37c.380) 08:53:52:812 LoadUserProfile: Entering, hToken = <0x534>, lpProfileInfo = 0x6e3e0 USERENV(37c.380) 08:53:52:812 LoadUserProfile: lpProfileInfo->dwFlags = <0x0> USERENV(37c.380) 08:53:52:812 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(37c.380) 08:53:52:812 LoadUserProfile: NULL central profile path USERENV(37c.380) 08:53:52:812 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\server\netlogon\Default User> USERENV(37c.380) 08:53:52:812 LoadUserProfile: NULL server name USERENV(37c.380) 08:53:52:812 LoadUserProfile: User sid: S-1-5-21-1417001333-879983540-839522115-4625 USERENV(37c.380) 08:53:52:812 CSyncManager::EnterLock USERENV(37c.380) 08:53:52:812 CSyncManager::EnterLock: No existing entry found USERENV(37c.380) 08:53:52:812 CSyncManager::EnterLock: New entry created USERENV(37c.380) 08:53:52:812 CHashTable::HashAdd: S-1-5-21-1417001333-879983540-839522115-4625 added in bucket 10 USERENV(37c.380) 08:53:52:812 LoadUserProfile: Wait succeeded. In critical section. USERENV(37c.380) 08:53:52:812 RestoreUserProfile: Entering USERENV(37c.380) 08:53:52:812 RestoreUserProfile: User is a Admin USERENV(37c.380) 08:53:52:812 IsCentralProfileReachable: Entering USERENV(37c.380) 08:53:52:812 IsCentralProfileReachable: Null path. Leaving USERENV(37c.380) 08:53:52:812 RestoreUserProfile: Profile path = <> USERENV(37c.380) 08:53:52:812 ExtractProfileFromBackup: A profile already exists USERENV(37c.380) 08:53:52:812 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting USERENV(37c.380) 08:53:52:812 CreateLocalProfileKey: Not setting additional Security USERENV(37c.380) 08:53:52:812 GetExistingLocalProfileImage: Found entry in profile list for existing local profile USERENV(37c.380) 08:53:52:812 GetExistingLocalProfileImage: Local profile image filename = <%SystemDrive%\Documents and Settings\myname> USERENV(37c.380) 08:53:52:812 GetExistingLocalProfileImage: Expanded local profile image filename = USERENV(37c.380) 08:53:52:812 GetExistingLocalProfileImage: No local mandatory profile. Error = 2 USERENV(37c.380) 08:53:52:828 GetExistingLocalProfileImage: Found local profile image file ok USERENV(37c.380) 08:53:52:828 GetExistingLocalProfileImage: Failed to query low profile unload time with error 2 USERENV(37c.380) 08:53:52:828 Local Existing Profile Image is reachable USERENV(37c.380) 08:53:52:828 Local profile name is USERENV(37c.380) 08:53:52:828 RestoreUserProfile: No central profile. Attempting to load local profile. USERENV(37c.380) 08:53:52:843 MyRegLoadKey: Returning 00000000 USERENV(37c.380) 08:53:52:843 MyRegLoadKey: Returning 00000000 USERENV(37c.380) 08:53:52:843 CreateClassHive: existing user classes hive found USERENV(37c.380) 08:53:52:843 RestoreUserProfile: About to Leave. Final Information follows: USERENV(37c.380) 08:53:52:843 Profile was successfully loaded. USERENV(37c.380) 08:53:52:843 lpProfile->lpRoamingProfile = <> USERENV(37c.380) 08:53:52:843 lpProfile->lpLocalProfile = USERENV(37c.380) 08:53:52:843 lpProfile->dwInternalFlags = 0x100 USERENV(37c.380) 08:53:52:843 RestoreUserProfile: Leaving. USERENV(37c.380) 08:53:52:843 UpgradeProfile: Entering USERENV(37c.380) 08:53:52:843 UpgradeProfile: Build numbers match USERENV(37c.380) 08:53:52:843 UpgradeProfile: Leaving Successfully USERENV(37c.380) 08:53:52:843 GetProfileType: Profile already loaded. USERENV(37c.380) 08:53:52:843 LoadProfileInfo: Failed to query central profile with error 2 USERENV(37c.380) 08:53:52:843 GetProfileType: ProfileFlags is 0 USERENV(37c.380) 08:53:52:921 Profile Ref Count is 1 USERENV(37c.380) 08:53:52:921 LoadUserProfile: Leaving critical Section. USERENV(37c.380) 08:53:52:921 CSyncManager::LeaveLock USERENV(37c.380) 08:53:52:921 CSyncManager::LeaveLock: Lock released USERENV(37c.380) 08:53:52:921 CHashTable::HashDelete: S-1-5-21-1417001333-879983540-839522115-4625 deleted USERENV(37c.380) 08:53:52:921 CSyncManager::LeaveLock: Lock deleted USERENV(37c.380) 08:53:52:921 LoadUserProfile: Impersonated user: 00000534, 00000000 USERENV(37c.380) 08:53:52:937 LoadUserProfile: Reverted to user: 00000000 USERENV(37c.380) 08:53:52:937 LoadUserProfile: Leaving with a value of 1. USERENV(37c.380) 08:53:52:937 ========================================================= USERENV(37c.380) 08:53:52:937 LoadUserProfile: LoadUserProfileP succeeded USERENV(37c.380) 08:53:52:937 LoadUserProfile: Returning success. Final Information follows: USERENV(37c.380) 08:53:52:937 lpProfileInfo->UserName = USERENV(37c.380) 08:53:52:937 lpProfileInfo->lpProfilePath = <> USERENV(37c.380) 08:53:52:937 lpProfileInfo->dwFlags = 0x0 USERENV(37c.380) 08:53:52:937 LoadUserProfile: Returning TRUE. hProfile = <0x670> USERENV(37c.380) 08:53:53:078 IsSyncForegroundPolicyRefresh: Synchronous, Reason: NonCachedCredentials USERENV(37c.18c) 08:53:53:078 IsSyncForegroundPolicyRefresh: Synchronous, Reason: NonCachedCredentials USERENV(3ac.444) 08:55:21:264 LoadUserProfile: Yes, we can impersonate the user. Running as self USERENV(3ac.444) 08:55:21:264 ========================================================= USERENV(3ac.444) 08:55:21:264 LoadUserProfile: Entering, hToken = <0x30c>, lpProfileInfo = 0x69f6ec USERENV(3ac.444) 08:55:21:264 LoadUserProfile: lpProfileInfo->dwFlags = <0x9> USERENV(3ac.444) 08:55:21:264 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(3ac.444) 08:55:21:264 LoadUserProfile: NULL central profile path USERENV(3ac.444) 08:55:21:264 LoadUserProfile: NULL default profile path USERENV(3ac.444) 08:55:21:264 LoadUserProfile: NULL server name USERENV(3ac.444) 08:55:21:264 GetInterface: Returning rpc binding handle USERENV(37c.20c) 08:55:21:264 IProfileSecurityCallBack: client authenticated. USERENV(37c.20c) 08:55:21:264 DropClientContext: Got client token 00000684, sid = S-1-5-18 USERENV(37c.20c) 08:55:21:264 MIDL_user_allocate enter USERENV(37c.20c) 08:55:21:264 DropClientContext: load profile object successfully made USERENV(37c.20c) 08:55:21:264 DropClientContext: Returning 0 USERENV(3ac.444) 08:55:21:264 LoadUserProfile: Calling DropClientToken (as self) succeeded USERENV(37c.4a8) 08:55:21:264 IProfileSecurityCallBack: client authenticated. USERENV(37c.4a8) 08:55:21:264 In LoadUserProfileP USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: Running as client USERENV(37c.4a8) 08:55:21:264 ========================================================= USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: Entering, hToken = <0x690>, lpProfileInfo = 0xe44698 USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: lpProfileInfo->dwFlags = <0x9> USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: lpProfileInfo->lpUserName = USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: NULL central profile path USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: NULL default profile path USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: NULL server name USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: User sid: S-1-5-19 USERENV(37c.4a8) 08:55:21:264 CSyncManager::EnterLock USERENV(37c.4a8) 08:55:21:264 CSyncManager::EnterLock: No existing entry found USERENV(37c.4a8) 08:55:21:264 CSyncManager::EnterLock: New entry created USERENV(37c.4a8) 08:55:21:264 CHashTable::HashAdd: S-1-5-19 added in bucket 12 USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: Wait succeeded. In critical section. USERENV(37c.4a8) 08:55:21:264 TestIfUserProfileLoaded: Profile already loaded. USERENV(37c.4a8) 08:55:21:264 Profile Ref Count is 2 USERENV(37c.4a8) 08:55:21:264 LoadUserProfile: Leaving critical Section. USERENV(37c.4a8) 08:55:21:280 CSyncManager::LeaveLock USERENV(37c.4a8) 08:55:21:280 CSyncManager::LeaveLock: Lock released USERENV(37c.4a8) 08:55:21:280 CHashTable::HashDelete: S-1-5-19 deleted USERENV(37c.4a8) 08:55:21:280 CSyncManager::LeaveLock: Lock deleted USERENV(37c.4a8) 08:55:21:280 LoadUserProfile: Impersonated user: 00000690, 00000694 USERENV(37c.4a8) 08:55:21:280 LoadUserProfile: Reverted to user: 00000000 USERENV(37c.4a8) 08:55:21:280 LoadUserProfile: Reverted back to user <00000000> USERENV(37c.4a8) 08:55:21:280 LoadUserProfile: Leaving with a value of 1. USERENV(37c.4a8) 08:55:21:280 ========================================================= USERENV(37c.4a8) 08:55:21:280 LoadUserProfileI: returning 0 USERENV(3ac.444) 08:55:21:280 LoadUserProfile: Running as self USERENV(3ac.444) 08:55:21:296 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded USERENV(3ac.444) 08:55:21:296 LoadUserProfile: Returning success. Final Information follows: USERENV(3ac.444) 08:55:21:296 lpProfileInfo->UserName = USERENV(3ac.444) 08:55:21:296 lpProfileInfo->lpProfilePath = <> USERENV(3ac.444) 08:55:21:296 lpProfileInfo->dwFlags = 0x9 USERENV(37c.398) 08:55:21:296 IProfileSecurityCallBack: client authenticated. USERENV(37c.398) 08:55:21:296 ReleaseClientContext: Releasing context USERENV(37c.398) 08:55:21:296 ReleaseClientContext_s: Releasing context USERENV(37c.398) 08:55:21:296 MIDL_user_free enter USERENV(3ac.444) 08:55:21:296 ReleaseInterface: Releasing rpc binding handle USERENV(3ac.444) 08:55:21:296 LoadUserProfile: Returning TRUE. hProfile = <0x258> USERENV(3ac.444) 08:55:21:296 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available. USERENV(2f0.2f4) 08:55:21:358 LibMain: Process Name: C:\WINDOWS\System32\alg.exe USERENV(37c.5a4) 08:55:21:654 ProcessGPOs: network name is 192.168.150.0 USERENV(37c.5a4) 08:55:21:935 ProcessGPOs: User name is: CN=Workastation_1,CN=Computers,DC=domainname,DC=domainname,,DC=domainname,, Domain name is: Domainname USERENV(37c.5a4) 08:55:21:935 ProcessGPOs: Domain controller is: \\Domainname Domain DN is Domainname USERENV(37c.5a4) 08:55:21:935 ReadGPExtensions: Rsop entry point not found for gptext.dll. USERENV(37c.5a4) 08:55:21:935 ReadGPExtensions: Rsop entry point not found for dskquota.dll. USERENV(37c.5a4) 08:55:21:935 ReadGPExtensions: Rsop entry point not found for gptext.dll. USERENV(37c.5a4) 08:55:21:935 ReadGPExtensions: Rsop entry point not found for iedkcs32.dll. USERENV(37c.5a4) 08:55:21:935 ReadGPExtensions: Rsop entry point not found for scecli.dll. USERENV(37c.5a4) 08:55:21:935 ReadGPExtensions: Rsop entry point not found for C:\WINDOWS\System32\cscui.dll. USERENV(37c.5a4) 08:55:21:935 ReadGPExtensions: Rsop entry point not found for gptext.dll. USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2} USERENV(37c.5a4) 08:55:21:935 ReadStatus: Read Extension's Previous status successfully. USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {25537BA6-77A8-11D2-9B6C-0000F8080861} USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66} USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39} USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3} USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A} USERENV(37c.5a4) 08:55:21:935 ReadStatus: Read Extension's Previous status successfully. USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} USERENV(37c.5a4) 08:55:21:935 ReadExtStatus: Reading Previous Status for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} USERENV(37c.5a4) 08:55:21:935 ReadStatus: Read Extension's Previous status successfully. USERENV(37c.5a4) 08:55:21:950 ReadExtStatus: Reading Previous Status for extension {C631DF4C-088F-4156-B058-4375F0853CD8} USERENV(37c.5a4) 08:55:21:950 ReadExtStatus: Reading Previous Status for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7} USERENV(37c.5a4) 08:55:21:950 ReadStatus: Read Extension's Previous status successfully. USERENV(37c.5a4) 08:55:21:950 ReadExtStatus: Reading Previous Status for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27} USERENV(37c.5a4) 08:55:21:950 ProcessGPOs: Calling GetGPOInfo for normal policy mode USERENV(37c.5a4) 08:55:21:950 GetGPOInfo: ******************************** USERENV(37c.5a4) 08:55:21:950 GetGPOInfo: Entering... USERENV(37c.5a4) 08:55:22:059 GetGPOInfo: Server connection established. USERENV(508.368) 08:55:22:169 GetProfileType: Profile already loaded. USERENV(508.368) 08:55:22:169 LoadProfileInfo: Failed to query central profile with error 2 USERENV(508.368) 08:55:22:169 GetProfileType: ProfileFlags is 0 USERENV(37c.5a4) 08:55:25:551 GetGPOInfo: Bound successfully. USERENV(37c.5a4) 08:55:25:567 SearchDSObject: Searching USERENV(37c.5a4) 08:55:25:582 SearchDSObject: Found GPO(s): <[LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domainname,DC=domainname,DC=domainaname;0]> USERENV(37c.5a4) 08:55:25:582 ProcessGPO: ============================== USERENV(37c.5a4) 08:55:25:582 ProcessGPO: Deferring search for USERENV(37c.5a4) 08:55:25:645 SearchDSObject: Searching USERENV(37c.5a4) 08:55:25:676 SearchDSObject: No GPO(s) for this object. USERENV(37c.5a4) 08:55:25:676 EvaluateDeferredGPOs: Searching for GPOs in cn=policies,cn=system,DC=doaminname,DC=domainname,DC=domainname USERENV(37c.5a4) 08:55:25:738 ProcessGPO: ============================== USERENV(37c.5a4) 08:55:25:738 ProcessGPO: Searching USERENV(37c.5a4) 08:55:25:738 ProcessGPO: Machine has access to this GPO. USERENV(37c.5a4) 08:55:25:738 ProcessGPO: GPO passes the filter check. USERENV(37c.5a4) 08:55:25:738 ProcessGPO: Found functionality version of: 2 USERENV(37c.5a4) 08:55:25:738 ProcessGPO: Found file system path of: <\\domainname\sysvol\domainname\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}> USERENV(37c.5a4) 08:55:25:956 ProcessGPO: Found common name of: <{31B2F340-016D-11D2-945F-00C04FB984F9}> USERENV(37c.5a4) 08:55:25:956 ProcessGPO: Found display name of: USERENV(37c.5a4) 08:55:25:956 ProcessGPO: Found machine version of: GPC is 212, GPT is 212 USERENV(37c.5a4) 08:55:25:956 ProcessGPO: Found flags of: 0 USERENV(37c.5a4) 08:55:25:956 ProcessGPO: Found extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{91B5EEE3-57B6-4E09-94F2-980C70C789B2}{46B1A9E6-7FA4-4DC8-B95F-8DE79C3D4B8A}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{C6DC5466-785A-11D2-84D0-00C04FB169F7}{942A8E4F-A261-11D1-A760-00C04FB9603F}] USERENV(37c.5a4) 08:55:25:956 ProcessGPO: ============================== USERENV(37c.5a4) 08:55:25:988 GetGPOInfo: GPO Политика локальной группы doesn't contain any data since the version number is 0. It will be skipped. USERENV(37c.5a4) 08:55:25:988 GetGPOInfo: Leaving with 1 USERENV(37c.5a4) 08:55:25:988 GetGPOInfo: ******************************** USERENV(37c.5a4) 08:55:26:019 ProcessGPOs: Logging Data for Target . USERENV(37c.5a4) 08:55:26:019 ProcessGPOs: OpenThreadToken failed with error 1008, assuming thread is not impersonating USERENV(37c.5a4) 08:55:26:019 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:019 ProcessGPOs: Processing extension Реестр USERENV(37c.5a4) 08:55:26:019 ReadStatus: Read Extension's Previous status successfully. USERENV(37c.5a4) 08:55:26:019 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:26:019 CheckGPOs: No GPO changes and no security group membership change and extension Реестр has NoGPOChanges set. USERENV(37c.5a4) 08:55:26:019 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:019 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:019 ProcessGPOs: Processing extension Беспроводной USERENV(37c.5a4) 08:55:26:019 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:26:034 CheckGPOs: No GPO changes but couldn't read extension Беспроводной's status or policy time. USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: Extension Беспроводной skipped because both deleted and changed GPO lists are empty. USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: Processing extension Folder Redirection USERENV(37c.5a4) 08:55:26:034 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:26:034 CheckGPOs: No GPO changes but couldn't read extension Folder Redirection's status or policy time. USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: Extension Folder Redirection skipped with flags 0x1000f. USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: Processing extension Дисковые квоты USERENV(37c.5a4) 08:55:26:034 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:26:034 CheckGPOs: No GPO changes but couldn't read extension Дисковые квоты's status or policy time. USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: Extension Дисковые квоты skipped with flags 0x1000f. USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: Processing extension Планировщик пакетов QoS USERENV(37c.5a4) 08:55:26:034 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:26:034 CheckGPOs: No GPO changes but couldn't read extension Планировщик пакетов QoS's status or policy time. USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: Extension Планировщик пакетов QoS skipped because both deleted and changed GPO lists are empty. USERENV(37c.5a4) 08:55:26:034 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:050 ProcessGPOs: Processing extension Сценарии USERENV(37c.5a4) 08:55:26:050 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:26:050 CheckGPOs: No GPO changes but couldn't read extension Сценарии's status or policy time. USERENV(37c.5a4) 08:55:26:050 ProcessGPOs: Extension Сценарии skipped because both deleted and changed GPO lists are empty. USERENV(37c.5a4) 08:55:26:050 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:050 ProcessGPOs: Processing extension Internet Explorer Zonemapping USERENV(37c.5a4) 08:55:26:050 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:26:050 CheckGPOs: No GPO changes but couldn't read extension Internet Explorer Zonemapping's status or policy time. USERENV(37c.5a4) 08:55:26:050 ProcessGPOs: Extension Internet Explorer Zonemapping skipped because both deleted and changed GPO lists are empty. USERENV(37c.5a4) 08:55:26:050 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:26:050 ProcessGPOs: Processing extension Security USERENV(37c.5a4) 08:55:26:050 ReadStatus: Read Extension's Previous status successfully. USERENV(37c.5a4) 08:55:26:050 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:26:050 CheckGPOs: No GPO changes but extension Security's returned error status 5 earlier. USERENV(37c.5a4) 08:55:26:066 ProcessGPOList: Entering for extension Security USERENV(37c.5a4) 08:55:26:066 MachinePolicyCallback: Setting status UI to Применение политики Security... USERENV(37c.5a4) 08:55:26:066 MachinePolicyCallback: Extension requested status UI when status UI is not available. USERENV(37c.5a4) 08:55:26:081 GetWbemServices: CoCreateInstance succeeded USERENV(37c.5a4) 08:55:26:128 ConnectToNameSpace: ConnectServer returned 0x0 USERENV(37c.5a4) 08:55:26:253 LogExtSessionStatus: Successfully logged Extension Session data USERENV(37c.5a4) 08:55:26:331 MachinePolicyCallback: Setting status UI to Применение политики безопасности... USERENV(37c.5a4) 08:55:26:331 MachinePolicyCallback: Extension requested status UI when status UI is not available. USERENV(37c.5a4) 08:55:26:331 MachinePolicyCallback: Setting status UI to Default Domain Policy USERENV(37c.5a4) 08:55:26:346 MachinePolicyCallback: Extension requested status UI when status UI is not available. USERENV(37c.5a4) 08:55:26:674 MachinePolicyCallback: Setting status UI to Настройка политика безопасности для компьютера. USERENV(37c.5a4) 08:55:26:689 MachinePolicyCallback: Extension requested status UI when status UI is not available. USERENV(37c.5a4) 08:55:30:976 MachinePolicyCallback: Setting status UI to Применение параметров компьютера... USERENV(37c.5a4) 08:55:30:976 MachinePolicyCallback: Extension requested status UI when status UI is not available. USERENV(37c.5a4) 08:55:30:976 ProcessGPOList: Extension Security returned 0x5. USERENV(37c.5a4) 08:55:30:976 ProcessGPOList: Extension Security was able to log data. RsopStatus = 0x0, dwRet = 5, Clearing the dirty bit USERENV(37c.5a4) 08:55:30:976 ProcessGPOs: Extension Security ProcessGroupPolicy failed, status 0x5. USERENV(37c.5a4) 08:55:30:976 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:30:976 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: Processing extension Internet Explorer Branding USERENV(37c.5a4) 08:55:30:991 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:30:991 CheckGPOs: No GPO changes but couldn't read extension Internet Explorer Branding's status or policy time. USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: Extension Internet Explorer Branding skipped with flags 0x1000f. USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: Processing extension EFS recovery USERENV(37c.5a4) 08:55:30:991 ReadStatus: Read Extension's Previous status successfully. USERENV(37c.5a4) 08:55:30:991 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:30:991 CheckGPOs: No GPO changes and no security group membership change and extension EFS recovery has NoGPOChanges set. USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: Processing extension Microsoft Offline Files USERENV(37c.5a4) 08:55:30:991 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:30:991 CheckGPOs: No GPO changes but couldn't read extension Microsoft Offline Files's status or policy time. USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: Extension Microsoft Offline Files skipped because both deleted and changed GPO lists are empty. USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:30:991 ProcessGPOs: Processing extension Установка программного обеспечения USERENV(37c.5a4) 08:55:31:007 ReadStatus: Read Extension's Previous status successfully. USERENV(37c.5a4) 08:55:31:007 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:31:007 ProcessGPOList: Entering for extension Установка программного обеспечения USERENV(37c.5a4) 08:55:31:007 MachinePolicyCallback: Setting status UI to Применение политики Установка программного обеспечения... USERENV(37c.5a4) 08:55:31:007 MachinePolicyCallback: Extension requested status UI when status UI is not available. USERENV(37c.5a4) 08:55:31:007 ProcessGPOList: No changes. CSE will not be passed in the IwbemServices intf ptr USERENV(37c.5a4) 08:55:31:007 ProcessGPOList: Extension Установка программного обеспечения returned 0x0. USERENV(37c.5a4) 08:55:31:007 ProcessGPOList: Extension Установка программного обеспечения status was not updated because there was no changes and no transition or rsop wasn't enabled USERENV(37c.5a4) 08:55:31:023 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:31:023 ProcessGPOs: ----------------------- USERENV(37c.5a4) 08:55:31:023 ProcessGPOs: Processing extension IP-безопасность USERENV(37c.5a4) 08:55:31:023 CompareGPOLists: The lists are the same. USERENV(37c.5a4) 08:55:31:023 CheckGPOs: No GPO changes but couldn't read extension IP-безопасность's status or policy time. USERENV(37c.5a4) 08:55:31:023 ProcessGPOs: Extension IP-безопасность skipped because both deleted and changed GPO lists are empty. USERENV(37c.5a4) 08:55:31:023 SetFgRefreshInfo: Previous Machine Fg policy Asynchronous, Reason: NoNeedForSync. USERENV(37c.5a4) 08:55:31:023 LeaveCriticalPolicySection: Critical section 0x65c has been released. USERENV(37c.5a4) 08:55:31:038 ProcessGPOs: Computer Group Policy has been applied. USERENV(37c.5a4) 08:55:31:038 ProcessGPOs: Leaving with 1. USERENV(37c.5a4) 08:55:31:038 ApplyGroupPolicy: Leaving successfully. USERENV(37c.18c) 08:55:31:038 ApplyGroupPolicy: Entering. Flags = 6 USERENV(37c.18c) 08:55:31:038 ProcessGPOs: USERENV(37c.18c) 08:55:31:038 ProcessGPOs: USERENV(37c.18c) 08:55:31:038 ProcessGPOs: Starting user Group Policy (Background) processing... USERENV(37c.18c) 08:55:31:038 ProcessGPOs: USERENV(37c.18c) 08:55:31:038 ProcessGPOs: USERENV(37c.18c) 08:55:31:038 EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0 USERENV(37c.18c) 08:55:31:038 EnterCriticalPolicySectionEx: User critical section has been claimed. Handle = 0x6ec USERENV(37c.18c) 08:55:31:038 EnterCriticalPolicySectionEx: Leaving successfully. USERENV(37c.18c) 08:55:31:069 ProcessGPOs: Machine role is 2. USERENV(37c.18c) 08:55:31:069 PingComputer: Adapter speed 100000000 bps USERENV(37c.348) 08:55:31:100 GPOThread: Next refresh will happen in 99 minutes USERENV(37c.340) 08:55:31:100 PolicyChangedThread: Calling UpdateUser with 1. USERENV(37c.340) 08:55:31:100 PolicyChangedThread: Broadcast message for 1. USERENV(37c.340) 08:55:31:100 PolicyChangedThread: Leaving USERENV(37c.18c) 08:55:36:276 PingComputer: First send 0x287a8c0 failed with 11010 USERENV(37c.18c) 08:55:41:763 PingComputer: First send 0x287a8c0 failed with 11010 USERENV(37c.18c) 08:55:47:250 PingComputer: First send 0x287a8c0 failed with 11010 USERENV(37c.18c) 08:55:47:250 PingComputer: No data available USERENV(37c.18c) 08:55:47:359 PingComputer: Adapter speed 100000000 bps USERENV(37c.18c) 08:55:52:737 PingComputer: First send 0x288a8c0 failed with 11010 USERENV(37c.18c) 08:55:58:224 PingComputer: First send 0x288a8c0 failed with 11010 USERENV(37c.18c) 08:56:03:711 PingComputer: First send 0x288a8c0 failed with 11010 USERENV(37c.18c) 08:56:03:711 PingComputer: No data available USERENV(37c.18c) 08:56:03:711 ProcessGPOs: DSGetDCName failed with 59. USERENV(37c.18c) 08:56:03:711 ProcessGPOs: No WMI logging done in this policy cycle. USERENV(37c.18c) 08:56:03:711 ProcessGPOs: Processing failed with error 59. USERENV(37c.18c) 08:56:03:711 LeaveCriticalPolicySection: Critical section 0x6ec has been released. USERENV(37c.18c) 08:56:03:711 ProcessGPOs: User Group Policy has been applied. USERENV(37c.18c) 08:56:03:711 ProcessGPOs: Leaving with 0. USERENV(37c.18c) 08:56:03:711 ApplyGroupPolicy: Leaving successfully. USERENV(37c.628) 08:56:03:804 GPOThread: Next refresh will happen in 90 minutes USERENV(37c.380) 08:56:04:054 IsSyncForegroundPolicyRefresh: Synchronous, Reason: NonCachedCredentials USERENV(3b8.3cc) 08:56:05:737 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.3cc) 08:56:05:737 GetUserNameAndDomain Failed to impersonate user USERENV(3b8.3cc) 08:56:05:737 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.3cc) 08:56:05:737 GetUserDNSDomainName: Failed to impersonate user USERENV(3b8.3cc) 08:56:05:799 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.3cc) 08:56:05:799 GetUserNameAndDomain Failed to impersonate user USERENV(3b8.3cc) 08:56:05:799 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.3cc) 08:56:05:799 GetUserDNSDomainName: Failed to impersonate user USERENV(3b8.3cc) 08:56:05:831 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.3cc) 08:56:05:831 GetUserNameAndDomain Failed to impersonate user USERENV(3b8.3cc) 08:56:05:831 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.3cc) 08:56:05:831 GetUserDNSDomainName: Failed to impersonate user USERENV(14c.13c) 08:56:07:467 LibMain: Process Name: C:\WINDOWS\Explorer.EXE USERENV(14c.13c) 08:56:08:605 GetProfileType: Profile already loaded. USERENV(14c.13c) 08:56:08:605 GetProfileType: ProfileFlags is 0 USERENV(14c.274) 08:56:08:636 GetProfileType: Profile already loaded. USERENV(14c.274) 08:56:08:636 GetProfileType: ProfileFlags is 0 USERENV(560.528) 08:56:13:204 LibMain: Process Name: C:\WINDOWS\system32\ctfmon.exe USERENV(560.528) 08:56:13:235 GetProfileType: Profile already loaded. USERENV(560.528) 08:56:13:235 GetProfileType: ProfileFlags is 0 USERENV(758.1d4) 08:56:15:791 LibMain: Process Name: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe USERENV(600.6f0) 08:56:16:430 LibMain: Process Name: C:\Program Files\Mail.Ru\Agent\MAgent.exe USERENV(d88.d8c) 08:56:41:122 LibMain: Process Name: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe USERENV(29c.340) 08:56:56:819 LibMain: Process Name: C:\Program Files\Internet Explorer\IEXPLORE.EXE USERENV(29c.4ec) 08:56:57:302 ImpersonateUser: Failed to impersonate user with 5. USERENV(29c.4ec) 08:56:57:302 GetUserNameAndDomain Failed to impersonate user USERENV(29c.4ec) 08:56:57:302 ImpersonateUser: Failed to impersonate user with 5. USERENV(29c.4ec) 08:56:57:302 GetUserDNSDomainName: Failed to impersonate user USERENV(29c.4ec) 08:56:57:318 ImpersonateUser: Failed to impersonate user with 5. USERENV(29c.4ec) 08:56:57:318 GetUserNameAndDomain Failed to impersonate user USERENV(29c.4ec) 08:56:57:318 ImpersonateUser: Failed to impersonate user with 5. USERENV(29c.4ec) 08:56:57:318 GetUserDNSDomainName: Failed to impersonate user USERENV(29c.4ec) 08:56:57:333 ImpersonateUser: Failed to impersonate user with 5. USERENV(29c.4ec) 08:56:57:333 GetUserNameAndDomain Failed to impersonate user USERENV(29c.4ec) 08:56:57:333 ImpersonateUser: Failed to impersonate user with 5. USERENV(29c.4ec) 08:56:57:333 GetUserDNSDomainName: Failed to impersonate user USERENV(3b8.418) 08:56:58:783 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.418) 08:56:58:783 GetUserNameAndDomain Failed to impersonate user USERENV(3b8.418) 08:56:58:783 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.418) 08:56:58:783 GetUserDNSDomainName: Failed to impersonate user USERENV(3b8.418) 08:56:58:799 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.418) 08:56:58:799 GetUserNameAndDomain Failed to impersonate user USERENV(3b8.418) 08:56:58:799 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.418) 08:56:58:799 GetUserDNSDomainName: Failed to impersonate user USERENV(3b8.418) 08:56:59:095 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.418) 08:56:59:095 GetUserNameAndDomain Failed to impersonate user USERENV(3b8.418) 08:56:59:095 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.418) 08:56:59:095 GetUserDNSDomainName: Failed to impersonate user USERENV(3b8.5f0) 08:56:59:796 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.5f0) 08:56:59:796 GetUserNameAndDomain Failed to impersonate user USERENV(3b8.5f0) 08:56:59:796 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.5f0) 08:56:59:796 GetUserDNSDomainName: Failed to impersonate user USERENV(3b8.5f0) 08:56:59:890 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.5f0) 08:56:59:890 GetUserNameAndDomain Failed to impersonate user USERENV(3b8.5f0) 08:56:59:890 ImpersonateUser: Failed to impersonate user with 5. USERENV(3b8.5f0) 08:56:59:890 GetUserDNSDomainName: Failed to impersonate user