I'm the sole user of the PC btw....
-----------------------------------------------------------------
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 5/28/2008
Time: 3:55:04 PM
User: NT AUTHORITY\SYSTEM
Computer: CHUCK
Description:
A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.
Logon Process Name: Winlogon\MSGina
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Logon Process Name: MSGina =====
Logon Process Name: RASMAN
Logon Process Name: Secondary Logon Service
Logon Process Name: KSecDD
Logon Process Name: LAN Manager Workstation Service
Logon Process Name: CHAP
Logon Process Name: DCOMSCM
Logon Process Name: Winlogon
--------------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Date: 5/28/2008
Time: 8:48:12 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: CHUCK
Description:
IPSec Services: IPSec Services failed to get the complete list of network
interfaces on the machine. This can be a potential security hazard to the
machine since some of the network interfaces may not get the protection as
desired by the applied IPSec filters. Please run IPSec monitor snap-in to
further diagnose the problem.
----------------------------------------------------------------
Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 848
Date: 5/28/2008
Time: 1:04:06 AM
User: NT AUTHORITY\SYSTEM
Computer: CHUCK
Description:
The following policy was active when the Windows Firewall started.
Group Policy applied: No
Profile used: Standard
Interface: All interfaces
Operational mode: On
Services:
File and Printer Sharing: Disabled
Remote Desktop: Disabled
UPnP Framework: Disabled
Allow remote administration: Disabled
Allow unicast responses to multicast/broadcast traffic: Disabled
Security Logging:
Log dropped packets: Disabled
Log successful connections Disabled
ICMP:
Allow incoming echo request: Disabled
Allow incoming timestamp request: Disabled
Allow incoming mask request: Disabled
Allow incoming router request: Disabled
Allow outgoing destination unreachable: Disabled
Allow outgoing source quench: Disabled
Allow outgoing parameter problem: Disabled
Allow outgoing time exceeded: Disabled
Allow redirect: Disabled
Allow outgoing packet too big: Disabled
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----**had several as below that were disabled, then enabled over & over &
over???
Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 849
Date: 5/25/2008
Time: 1:38:22 PM
User: NT AUTHORITY\SYSTEM
Computer: CHUCK
Description:
An application was listed as an exception when the Windows Firewall started.
Policy origin: Local Policy
Profile used: Standard
Name: Remote Assistance
Path: C:\WINDOWS\system32\sessmgr.exe
State: Disabled
Scope: All subnets
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
---
Name: Run a DLL as an App
Path: C:\WINDOWS\system32\rundll32.exe
Name: RealPlayer
Path: C:\Program Files\Real\RealPlayer\realplay.exe
Name: Network Diagnostics for Windows XP
Path: %windir%\Network Diagnostic\xpnetdiag.exe
----Defender----
Event Type: Information
Event Source: WinDefend
Event Category: None
Event ID: 5007
Date: 5/28/2008
Time: 7:48:25 PM
User: N/A
Computer: CHUCK
Description:
The description for Event ID ( 5007 ) in Source ( WinDefend ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event: %%827,
1.1.1593.0, Default\Real-Time Protection\EnableUnknownPrompts = 0,
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time
Protection\EnableUnknownPrompts = 1, , .
----Office Update Errors????---
Event Type: Failure Audit
Event Source: OfficeUpdateV3
Event Category: None
Event ID: 0
Date: 5/28/2008
Time: 11:21:18 AM
User: N/A
Computer: CHUCK
Description:
The description for Event ID ( 0 ) in Source ( OfficeUpdateV3 ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event:
V3_2|519988|INSTALL|MAINSP3_11.0.8173_ENG||2008-05-28
10:51:24|9|FAIL|00000000|The operation completed successfully.|.
****OK.....Sorry for the mile long data! Thanks for any and all input /
thoughts on all this. !!!
Gib
MrGib said:
Anyone help me w/the event 63 below? Says run a Cscript?? Things as this is
why I'm 'concerned.'
Thanks in advance ya'll!
Boot.ini = multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP
Home Edition"/noexecute=optin/fastdetect
Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 5/28/2008
Time: 2:50:14 PM
User: CHUCK\Chuck
Computer: CHUCK
Description:
A provider, OffProv11, has been registered in the WMI namespace,
Root\MSAPPS11, to use the LocalSystem account. This account is privileged
and the provider may cause a security violation if it does not correctly
impersonate user requests.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
MowGreen said:
Is the Guest account Disabled ? There is a native Guest User Account in XP.
Was the installed antivirus|security suite [re: any Norton "product"]
actively monitoring the system when SP3 was applied ?
If the answer is yes, see this:
WinXP SP3: Registry Corruption & Norton SymProtect
http://aumha.net/viewtopic.php?f=62&t=33522
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
Since I d/l SP3, I've noticed many changes to misc areas. ie internet
security settings, modem/DSL exception changes and I now have a guest user.
Never created a guest user (I don't think!?) Had to de/reinstall my net
adapter, modem, change back internet security setttings, etc etc. Question =
Hacked? If someone would guide me through some 'diag' steps to verify I'm
still protected and 'alone'.....or am I way off.??? TYVM!!!!
XP Home SP3
IE7
Dell / P4
Comcast DSL