I'm the sole user of the PC btw....
-----------------------------------------------------------------
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 5/28/2008
Time: 3:55:04 PM
User: NT AUTHORITY\SYSTEM
Computer: CHUCK
Description:
A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.
Logon Process Name: Winlogon\MSGina
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----
Logon Process Name: MSGina =====
Logon Process Name: RASMAN
Logon Process Name: Secondary Logon Service
Logon Process Name: KSecDD
Logon Process Name: LAN Manager Workstation Service
Logon Process Name: CHAP
Logon Process Name: DCOMSCM
Logon Process Name: Winlogon
--------------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Date: 5/28/2008
Time: 8:48:12 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: CHUCK
Description:
IPSec Services: IPSec Services failed to get the complete list of network
interfaces on the machine. This can be a potential security hazard to the
machine since some of the network interfaces may not get the protection as
desired by the applied IPSec filters. Please run IPSec monitor snap-in to
further diagnose the problem.
----------------------------------------------------------------
Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 848
Date: 5/28/2008
Time: 1:04:06 AM
User: NT AUTHORITY\SYSTEM
Computer: CHUCK
Description:
The following policy was active when the Windows Firewall started.
Group Policy applied: No
Profile used: Standard
Interface: All interfaces
Operational mode: On
Services:
File and Printer Sharing: Disabled
Remote Desktop: Disabled
UPnP Framework: Disabled
Allow remote administration: Disabled
Allow unicast responses to multicast/broadcast traffic: Disabled
Security Logging:
Log dropped packets: Disabled
Log successful connections Disabled
ICMP:
Allow incoming echo request: Disabled
Allow incoming timestamp request: Disabled
Allow incoming mask request: Disabled
Allow incoming router request: Disabled
Allow outgoing destination unreachable: Disabled
Allow outgoing source quench: Disabled
Allow outgoing parameter problem: Disabled
Allow outgoing time exceeded: Disabled
Allow redirect: Disabled
Allow outgoing packet too big: Disabled
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----**had several as below that were disabled, then enabled over & over &
over???
Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 849
Date: 5/25/2008
Time: 1:38:22 PM
User: NT AUTHORITY\SYSTEM
Computer: CHUCK
Description:
An application was listed as an exception when the Windows Firewall started.
Policy origin: Local Policy
Profile used: Standard
Name: Remote Assistance
Path: C:\WINDOWS\system32\sessmgr.exe
State: Disabled
Scope: All subnets
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
---
Name: Run a DLL as an App
Path: C:\WINDOWS\system32\rundll32.exe
Name: RealPlayer
Path: C:\Program Files\Real\RealPlayer\realplay.exe
Name: Network Diagnostics for Windows XP
Path: %windir%\Network Diagnostic\xpnetdiag.exe
----Defender----
Event Type: Information
Event Source: WinDefend
Event Category: None
Event ID: 5007
Date: 5/28/2008
Time: 7:48:25 PM
User: N/A
Computer: CHUCK
Description:
The description for Event ID ( 5007 ) in Source ( WinDefend ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description see Help and
Support for details. The following information is part of the event: %%827,
1.1.1593.0, Default\Real-Time Protection\EnableUnknownPrompts = 0,
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time
Protection\EnableUnknownPrompts = 1, , .
----Office Update Errors????---
Event Type: Failure Audit
Event Source: OfficeUpdateV3
Event Category: None
Event ID: 0
Date: 5/28/2008
Time: 11:21:18 AM
User: N/A
Computer: CHUCK
Description:
The description for Event ID ( 0 ) in Source ( OfficeUpdateV3 ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description see Help and
Support for details. The following information is part of the event:
V3_2|519988|INSTALL|MAINSP3_11.0.8173_ENG||2008-05-28
10:51:24|9|FAIL|00000000|The operation completed successfully.|.
****OK.....Sorry for the mile long data! Thanks for any and all input /
thoughts on all this. !!!
Gib
"MrGib" wrote:
> Anyone help me w/the event 63 below? Says run a Cscript?? Things as this is
> why I'm 'concerned.'
>
> Thanks in advance ya'll!
>
> Boot.ini = multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP
> Home Edition"/noexecute=optin/fastdetect
>
> Event Type: Warning
> Event Source: WinMgmt
> Event Category: None
> Event ID: 63
> Date: 5/28/2008
> Time: 2:50:14 PM
> User: CHUCK\Chuck
> Computer: CHUCK
> Description:
> A provider, OffProv11, has been registered in the WMI namespace,
> Root\MSAPPS11, to use the LocalSystem account. This account is privileged
> and the provider may cause a security violation if it does not correctly
> impersonate user requests.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> "MowGreen [MVP]" wrote:
>
> > Is the Guest account Disabled ? There is a native Guest User Account in XP.
> >
> > Was the installed antivirus|security suite [re: any Norton "product"]
> > actively monitoring the system when SP3 was applied ?
> > If the answer is yes, see this:
> >
> > WinXP SP3: Registry Corruption & Norton SymProtect
> > http://aumha.net/viewtopic.php?f=62&t=33522
> >
> > MowGreen [MVP 2003-2008]
> > ===============
> > *-343-* FDNY
> > Never Forgotten
> > ===============
> >
> >
> >
> > MrGib wrote:
> >
> > > Since I d/l SP3, I've noticed many changes to misc areas. ie internet
> > > security settings, modem/DSL exception changes and I now have a guest user.
> > > Never created a guest user (I don't think!?) Had to de/reinstall my net
> > > adapter, modem, change back internet security setttings, etc etc. Question =
> > > Hacked? If someone would guide me through some 'diag' steps to verify I'm
> > > still protected and 'alone'.....or am I way off.??? TYVM!!!!
> > >
> > > XP Home SP3
> > > IE7
> > > Dell / P4
> > > Comcast DSL
> >