My system shutdown this morning without warning. I started looking in the logs and went to the security logs. I am having what looks like an attack
There are many ID 850 "A port was listed as an exception when the Windows Firewall started."
There are many ID 576 "Special privileges assigned to new logon:" and the user name and domain are blank
There are many id 515 "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. "
There are many ID 849 "An application was listed as an exception when the Windows Firewall started. "
I am rushing this - need to get back to it...