What is supposed to be in Win Xp Home

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 3:20:21 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: LAN Manager Workstation Service

***************************************************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 3:20:21 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: KSecDD

*********************************************

OK I WILL SKIP ANYTHING THAT IS TWICE LAN MANAGER SOMETIMES IS LISTED A FEW TIMES AND KSECDD IS LISTED OVER AND OVER IN THE LOGS TOO

*******************************************************

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 624
Date: 6/9/2004
Time: 3:22:59 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Created:
New Account Name: HelpAssistant
New Domain: HOME-A7NV5XMDE0
New Account ID: HOME-A7NV5XMDE0\HelpAssistant
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges -

*******************************************

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 626
Date: 6/9/2004
Time: 3:22:59 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Enabled:
Target Account Name: HelpAssistant
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\HelpAssistant
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)

****************************************************
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 642
Date: 6/9/2004
Time: 3:22:59 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Changed:
-
Target Account Name: HelpAssistant
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\HelpAssistant
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

**********************************************

event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 628
Date: 6/9/2004
Time: 3:22:59 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account password set:
Target Account Name: HelpAssistant
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\HelpAssistant
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)

***************************************************

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 629
Date: 6/9/2004
Time: 3:23:00 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Disabled:
Target Account Name: HelpAssistant
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\HelpAssistant
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)

************************************************

Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 621
Date: 6/9/2004
Time: 3:23:04 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
System Security Access Granted:
Access Granted: SeServiceLogonRight
Account Modified: NT AUTHORITY\NETWORK SERVICE
Assigned By:
User Name: MACHINENAME$
Domain:
Logon ID: (0x0,0x3E7)

**********************************************

Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 3:23:04 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: MACHINENAME
Description:
Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

 

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 635
Date: 6/9/2004
Time: 3:25:00 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
Security Enabled Local Group Created:
New Account Name: HelpServicesGroup
New Domain: HOME-A7NV5XMDE0
New Account ID: HOME-A7NV5XMDE0\HelpServicesGroup
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

**************************************************
Event Source: Security
Event Category: Account Management
Event ID: 639
Date: 6/9/2004
Time: 3:25:00 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
Security Enabled Local Group Changed:
Target Account Name: HelpServicesGroup
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\HelpServicesGroup
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*********************************************

Event ID: 632
Date: 6/9/2004
Time: 3:25:09 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
Security Enabled Global Group Member Added:
Member Name: -
Member ID: HOME-A7NV5XMDE0\SUPPORT_388945a0
Target Account Name: None
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\None
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*************************************************

Event Source: Security
Event Category: Account Management
Event ID: 624
Date: 6/9/2004
Time: 3:25:09 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Created:
New Account Name: SUPPORT_388945a0
New Domain: HOME-A7NV5XMDE0
New Account ID: HOME-A7NV5XMDE0\SUPPORT_388945a0
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges -

**************************************
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 626
Date: 6/9/2004
Time: 3:25:09 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Enabled:
Target Account Name: SUPPORT_388945a0
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\SUPPORT_388945a0
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)

*******************************************
Event Category: Account Management
Event ID: 642
Date: 6/9/2004
Time: 3:25:09 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Changed:
-
Target Account Name: SUPPORT_388945a0
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\SUPPORT_388945a0
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

**************************************************
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 628
Date: 6/9/2004
Time: 3:25:09 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account password set:
Target Account Name: SUPPORT_388945a0
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\SUPPORT_388945a0
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
**************************************************

Event ID: 636
Date: 6/9/2004
Time: 3:25:09 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
Security Enabled Local Group Member Added:
Member Name: -
Member ID: HOME-A7NV5XMDE0\SUPPORT_388945a0
Target Account Name: HelpServicesGroup
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\HelpServicesGroup
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*******************
Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 621
Date: 6/9/2004
Time: 3:25:09 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
System Security Access Granted:
Access Granted: SeBatchLogonRight
Account Modified: HOME-A7NV5XMDE0\SUPPORT_388945a0
Assigned By:
User Name: MACHINENAME$
Domain:
Logon ID: (0x0,0x3E7)

*******************************

Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 621
Date: 6/9/2004
Time: 3:25:09 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
System Security Access Granted:
Access Granted: SeDenyNetworkLogonRight
Account Modified: HOME-A7NV5XMDE0\SUPPORT_388945a0
Assigned By:
User Name: MACHINENAME$
Domain:
Logon ID: (0x0,0x3E7)

 

Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 621
Date: 6/9/2004
Time: 3:25:10 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
System Security Access Granted:
Access Granted: SeDenyInteractiveLogonRight
Account Modified: HOME-A7NV5XMDE0\SUPPORT_388945a0
Assigned By:
User Name: MACHINENAME$
Domain:
Logon ID: (0x0,0x3E7)

******************

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 629
Date: 6/9/2004
Time: 3:25:10 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Disabled:
Target Account Name: SUPPORT_388945a0
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\SUPPORT_388945a0
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)

*****************
Event ID: 632
Date: 6/9/2004
Time: 3:25:48 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
Security Enabled Global Group Member Added:
Member Name: -
Member ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Target Account Name: None
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\None
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

***********************

Event Source: Security
Event Category: Account Management
Event ID: 624
Date: 6/9/2004
Time: 3:25:48 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Created:
New Account Name: Owner
New Domain: HOME-A7NV5XMDE0
New Account ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges -

**********************************

Event ID: 642
Date: 6/9/2004
Time: 3:25:48 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Changed:
-
Target Account Name: Owner
Target Domain: HOME-A7NV5XMDE0
Target Account ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

********************************

Event Source: Security
Event Category: Account Management
Event ID: 628
Date: 6/9/2004
Time: 3:25:48 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account password set:
Target Account Name: Owner
Target Domain: HOME-A7NV5XMDE0
Target Account ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)

****************************
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 626
Date: 6/9/2004
Time: 3:25:48 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Enabled:
Target Account Name: Owner
Target Domain: HOME-A7NV5XMDE0
Target Account ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)

*****************
Event ID: 642
Date: 6/9/2004
Time: 3:25:48 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
User Account Changed:
-
Target Account Name: Owner
Target Domain: HOME-A7NV5XMDE0
Target Account ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*********************************
Event ID: 636
Date: 6/9/2004
Time: 3:25:48 AM
User: NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
Security Enabled Local Group Member Added:
Member Name: -
Member ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Target Account Name: Administrators
Target Domain: Builtin
Target Account ID: BUILTIN\Administrators
Caller User Name: MACHINENAME$
Caller Domain:
Caller Logon ID: (0x0,0x3E7)
Privileges: -

************************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 512
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:

 

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\LSASRV.dll : Negotiate

***************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\kerberos.dll : Kerberos

************
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\msv1_0.dll : NTLM

********************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\schannel.dll : Microsoft Unified Security Protocol Provider

********************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\schannel.dll : Schannel

*************************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\wdigest.dll : WDigest

*********************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

*****************************
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: KSecDD

************************

Audit Policy Change:
New Policy:
Success Failure
+ + Logon/Logoff
- - Object Access
- - Privilege Use
+ + Account Management
+ + Policy Change
+ + System
- - Detailed Tracking
- - Directory Service Access
+ + Account Logon

Changed By:
User Name: HOME-A7NV5XMDE0$
Domain Name: MSHOME
Logon ID: (0x0,0x3E7)

********************************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 518
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An notification package has been loaded by the Security Account Manager. This package will be notified of any account or password changes.
Notification Package Name: scecli

*********************************************
Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 5:30:47 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: HOME-A7NV5XMDE0
Description:
Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

*************************************
Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 5:30:48 AM
User: NT AUTHORITY\LOCAL SERVICE
Computer: HOME-A7NV5XMDE0
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

************************
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 5:30:49 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: CHAP

 

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 5:30:49 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: LAN Manager Workstation Service

*****

oK now I just post things that are new. these go over and over again throughout when I start and stop the coputer.
Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Date: 6/9/2004
Time: 5:30:49 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: HOME-A7NV5XMDE0
Description:
IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.

******

Event Type: Success Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Date: 6/9/2004
Time: 5:30:49 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: HOME-A7NV5XMDE0
Description:
IPSec Services: IPSec Services has started successfully.

*****

Event Category: Logon/Logoff
Event ID: 540
Date: 6/9/2004
Time: 5:30:50 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: HOME-A7NV5XMDE0
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0xC459)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

******

Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 5:31:09 AM
User: NT AUTHORITY\LOCAL SERVICE
Computer: HOME-A7NV5XMDE0
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

********

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 5:31:10 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: RASMAN

**********

Event ID: 632
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Security Enabled Global Group Member Added:
Member Name: -
Member ID: HOME-A7NV5XMDE0\Melissa
Target Account Name: None
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\None
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges: -

******

Event Source: Security
Event Category: Account Management
Event ID: 624
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
User Account Created:
New Account Name: Melissa
New Domain: HOME-A7NV5XMDE0
New Account ID: HOME-A7NV5XMDE0\Melissa
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges -

********

Event Category: Account Management
Event ID: 642
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
User Account Changed:
-
Target Account Name: Melissa
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\Melissa
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*********

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 628
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
User Account password set:
Target Account Name: Melissa
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\Melissa
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)



Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 626
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
User Account Enabled:
Target Account Name: Melissa
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\Melissa
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)



Event Category: Account Management
Event ID: 642
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
User Account Changed:
-
Target Account Name: Melissa
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\Melissa
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges: -



Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 636
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Security Enabled Local Group Member Added:
Member Name: -
Member ID: HOME-A7NV5XMDE0\Melissa
Target Account Name: Administrators
Target Domain: Builtin
Target Account ID: BUILTIN\Administrators
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges: -

 

Event ID: 637
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Security Enabled Local Group Member Removed:
Member Name: -
Member ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Target Account Name: Administrators
Target Domain: Builtin
Target Account ID: BUILTIN\Administrators
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*************

Event ID: 633
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Security Enabled Global Group Member Removed:
Member Name: -
Member ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Target Account Name: None
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\None
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*******************
Event Category: Account Management
Event ID: 630
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
User Account Deleted:
Target Account Name: Owner
Target Domain: HOME-A7NV5XMDE0
Target Account ID: %{S-1-5-21-1292428093-1383384898-725345543-1003}
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*******************

Event Category: Account Management
Event ID: 642
Date: 6/9/2004
Time: 5:36:53 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
User Account Changed:
-
Target Account Name: Melissa
Target Domain: HOME-A7NV5XMDE0
Target Account ID: HOME-A7NV5XMDE0\Melissa
Caller User Name: HOME-A7NV5XMDE0$
Caller Domain: MSHOME
Caller Logon ID: (0x0,0x3E7)
Privileges: -

*****

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 5:36:55 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: Winlogon

*********

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 5:36:55 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: Winlogon\MSGina

*************

Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 6/9/2004
Time: 5:36:57 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Melissa
Source Workstation: HOME-A7NV5XMDE0
Error Code: 0x0

***********

Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 5:36:57 AM
User: HOME-A7NV5XMDE0\Melissa
Computer: HOME-A7NV5XMDE0
Description:
Successful Logon:
User Name: Melissa
Domain: HOME-A7NV5XMDE0
Logon ID: (0x0,0x23682)
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: HOME-A7NV5XMDE0
Logon GUID: {00000000-0000-0000-0000-000000000000}

***********************
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 6/9/2004
Time: 5:36:57 AM
User: HOME-A7NV5XMDE0\Melissa
Computer: HOME-A7NV5XMDE0
Description:
User Logoff:
User Name: Melissa
Domain: HOME-A7NV5XMDE0
Logon ID: (0x0,0x23682)
Logon Type: 2

*****************
Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 6/9/2004
Time: 5:36:57 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Melissa
Source Workstation: HOME-A7NV5XMDE0
Error Code: 0x0

****************

Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 5:36:57 AM
User: HOME-A7NV5XMDE0\Melissa
Computer: HOME-A7NV5XMDE0
Description:
Successful Logon:
User Name: Melissa
Domain: HOME-A7NV5XMDE0
Logon ID: (0x0,0x236AE)
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: HOME-A7NV5XMDE0
Logon GUID: {00000000-0000-0000-0000-000000000000}

*****
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 551
Date: 6/9/2004
Time: 5:37:33 AM
User: HOME-A7NV5XMDE0\Melissa
Computer: HOME-A7NV5XMDE0
Description:
User initiated logoff:
User Name: Melissa
Domain: HOME-A7NV5XMDE0
Logon ID: (0x0,0x236ae)

********

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 513
Date: 6/9/2004
Time: 5:37:40 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:

***********

WILL JUST these and anything new now

Audit Policy Change:
New Policy:
Success Failure
+ + Logon/Logoff
- - Object Access
- - Privilege Use
+ + Account Management
+ + Policy Change
+ + System
- - Detailed Tracking
- - Directory Service Access
+ + Account Logon

Changed By:
User Name: HOME-A7NV5XMDE0$
Domain Name: MSHOME
Logon ID: (0x0,0x3E7

************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 518
Date: 6/9/2004
Time: 5:41:39 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An notification package has been loaded by the Security Account Manager. This package will be notified of any account or password changes.
Notification Package Name: scecli

*****************

Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 515
Date: 6/9/2004
Time: 5:41:41 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.

Logon Process Name: CHAP


*****

Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 6/9/2004
Time: 5:41:41 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Melissa
Source Workstation: HOME-A7NV5XMDE0
Error Code: 0x0

*********
Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 5:41:41 AM
User: HOME-A7NV5XMDE0\Melissa
Computer: HOME-A7NV5XMDE0
Description:
Successful Logon:
User Name: Melissa
Domain: HOME-A7NV5XMDE0
Logon ID: (0x0,0x9D62)
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: HOME-A7NV5XMDE0
Logon GUID: {00000000-0000-0000-0000-000000000000}


****

Event Category: Logon/Logoff
Event ID: 540
Date: 6/9/2004
Time: 5:41:44 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: HOME-A7NV5XMDE0
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0xDEE7)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

****SORRY IF I REPEAT, I am trying not to
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:43:01 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\msv1_0.dll : NTLM

************
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 514
Date: 6/9/2004
Time: 5:43:01 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts.
Authentication Package Name: D:\WINDOWS\system32\LSASRV.dll

******************

Audit Policy Change:
New Policy:
Success Failure
+ + Logon/Logoff
- - Object Access
- - Privilege Use
+ + Account Management
+ + Policy Change
+ + System
- - Detailed Tracking
- - Directory Service Access
+ + Account Logon

Changed By:
User Name: HOME-A7NV5XMDE0$
Domain Name: MSHOME
Logon ID: (0x0,0x3E7)

 

Wow I hope that someone can read through all fo that. It just makes my eyes cross. I need to take a little break. I will see if there is anything else int the logs in about 15 minutes. Would any of my other logs be of help? I don't blame you if you call Uncle. I have had my computers to repairmen and they just don't see what is going on. I am picking up my other computer today and the guy is really great. He says he has my admin back and he is going to help me get online securely. This computer will be next if I can't figure it out online by myself. So far this has cost way to much money Thanks you sooooooooooooooooo much for anyone that attempts to help me, you have no idea how much it means to me.


*****************
Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 6/9/2004
Time: 5:43:02 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Administrator
Source Workstation: HOME-A7NV5XMDE0
Error Code: 0x0


****

Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 5:43:02 AM
User: HOME-A7NV5XMDE0\Administrator
Computer: HOME-A7NV5XMDE0
Description:
Successful Logon:
User Name: Administrator
Domain: HOME-A7NV5XMDE0
Logon ID: (0x0,0x7B77)
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: HOME-A7NV5XMDE0
Logon GUID: {00000000-0000-0000-0000-000000000000}

*************
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 6/9/2004
Time: 5:43:02 AM
User: HOME-A7NV5XMDE0\Administrator
Computer: HOME-A7NV5XMDE0
Description:
User Logoff:
User Name: Administrator
Domain: HOME-A7NV5XMDE0
Logon ID: (0x0,0x7B77)
Logon Type: 2

****
Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 6/9/2004
Time: 5:43:02 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Administrator
Source Workstation: HOME-A7NV5XMDE0
Error Code: 0x0

****
Event Category: Logon/Logoff
Event ID: 528
Date: 6/9/2004
Time: 5:43:02 AM
User: HOME-A7NV5XMDE0\Administrator
Computer: HOME-A7NV5XMDE0
Description:
Successful Logon:
User Name: Administrator
Domain: HOME-A7NV5XMDE0
Logon ID: (0x0,0x7C71)
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: HOME-A7NV5XMDE0
Logon GUID: {00000000-0000-0000-0000-000000000000}

****

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 6/9/2004
Time: 5:43:20 AM
User: NT AUTHORITY\SYSTEM
Computer: HOME-A7NV5XMDE0
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Administrator
Source Workstation: HOME-A7NV5XMDE0
Error Code: 0xC000006E

 

I went to microsoft and did what they said to do in my own account and got that secsetup is not recognized. I will go try it in safemode now.

Thanks

 

After reviewing the data you've posted, I am 100% convinced the following scenario is where you are:

Someone, either the husband, yourself, or JoeHacker, has applied local security policies to your machine. Because the mechanism used to install these is unknown, our best approach to resolving the issue is to use the secedit tool to reset your secsetup.sdb back to defaults.

 

I just also tried it in safemode and it also said that secedit was not recongnized.

 

Ok I guess I know I can get this fixed. I can have my repair guy wipe it out and reformat for me.

Are there ways to tell if this was done at the console or over the internet. That is what I really need to know now. There is no use in getting this fixed over and over again if the hacker has access to my PC in person.

 

Taking this offline with missmissy. Will post summary after resolution.

 

If I remember correctly, this machine is networked to another? Disconnect one from the network, physically, leaving only one PC with an internet connection (this one) and scan it with BOTH RAV and Housecall. Download Trojan Hunter and update/run. It has a trial period. If anything is found, please post reports. Then disconnect this PC and connect the other to do the same thing.

 

is there a firewall???

Has anyone determined if she has a firewall?

 

I have zonealarm pro the newest version with antivirus and everything.

I was told by the ppl at the zonealarm forums to also add these things

Spybot search and destroy - I have a DSO exploit that I cannot get rid of
(along with that when I do my updates they sometimes they are still not there and MS says I have them) I have asked for help on this one but no one seems to understand why I can't get rid of them.

Adaware

SpywareGuard.lnk

SpywareBlaster

All up to date.

 

Joe is going to call and help me tomorrow but I figure I will still post anything that anyone would like to see.

I picked up my other computer today from my new repair guy and he is intriqued by what is going on. He wants to do this one next because the other had just been reinstalled by another guy and not used but a few hours before I took it to him. Even though it was supposedly a clean install and secured I had a few virus's and my updates that the repair guy did weren't any good(from the first repairman not my new guy).

Here is my old computers (that I am talking about in this threads) Belarc advisor I just reinstalled on this one June 9th

I know I have way to many things downloaded on this. I am contantly trying to find things that will help me see what is going on.

Computer Profile Summary
Computer Name: Home-******** (in MSHOME)
Profile Date: Monday, June 14, 2004 5:35:01 PM
Advisor Version: 6.1
Windows Logon: Melissa


Click here for Belarc's PC Management products, for large and small companies.

Operating System System Model
Windows XP Home Edition Service Pack 1 (build 2600) Dell Computer Corporation Dimension 8200
System Service Tag: 9WJQB11 (support for this PC)
Chassis Serial Number: 9WJQB11
Processor a Main Circuit Board b
2.00 gigahertz Intel Pentium 4
8 kilobyte primary memory cache
512 kilobyte secondary memory cache Board: Dell Computer Corp.
Bus Clock: 100 megahertz
BIOS: Dell Computer Corporation A09 09/13/2002
Drives Memory Modules c,d
80.00 Gigabytes Usable Hard Drive Capacity
73.31 Gigabytes Hard Drive Free Space

_NEC DV-5800A [CD-ROM drive]
_NEC NR-7900A [CD-ROM drive]

WDC WD800JB-00CRA1 [Hard drive] (80.03 GB) -- drive 0, s/n WD-WMA8E2854904, rev 17.07W17, SMART Status: Healthy 512 Megabytes Installed Memory

Slot 'RIMM1' has 256 MB
Slot 'RIMM2' has 256 MB
Slot 'RIMM3' is Empty
Slot 'RIMM4' is Empty
Local Drive Volumes

I tried a partition this last install, haven't gotten around to using the other part yet.
c: (on drive 0) 52.43 GB 51.40 GB free
d: (on drive 0) 27.57 GB 21.91 GB free

Network Drives


Users Printers
local user accounts last logon
Administrator 6/14/2004 11:57:54 AM (admin)
Melissa 6/14/2004 3:37:57 PM (admin)
local system accounts
Guest never
HelpAssistant never
SUPPORT_388945a0 never


Marks a disabled account; Marks a locked account None detected
Controllers Display
Standard floppy disk controller
Intel(r) 82801BA Bus Master IDE Controller
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] NVIDIA GeForce2 MX [Display adapter]
ViewSonic E90fb [Monitor] (17.7 "vis, s/n 333030250785, January 2003)
Bus Adapters Multimedia
Intel(r) 82801BA/BAM USB Universal Host Controller - 2442
Intel(r) 82801BA/BAM USB Universal Host Controller - 2444
Creative SB Live! Value (WDM)
Creative SBLive! Gameport
Unimodem Half-Duplex Audio Device
Communications Other Devices
Lucent Win Modem
CNet PRO200WL PCI Fast Ethernet Adapter
Network Card MAC Address: Took this out, is it alright to post this?
Network IP Address: 192.168.1.101 / 24 USB Human Interface Device
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
HID-compliant mouse
USB Root Hub
USB Root Hub
Virus Protection
No AntiVirus details available
Installed Microsoft Hotfixes [Back to Top]
DataAccess
Q832483 on 6/9/2004 (details...)***** Says I don't have
DirectX
DX9
SP1:
KB839643-DIRECTX9 on 6/11/2004 (details...) says I have
Internet Explorer
Q831167 (details...)***** says I have none of the IE ones
Q832894 (details...)
Q837009 (details...)
SP1 (SP1)
Windows Media Player***** says I have all of the WM ones
Q828026 (details...)
WM817787 (details...)
SP0
Q828026 on 6/9/2004 (details...)
Windows XP ***** Says I have the rest except for Q327979 on 6/11/2004
SP2
KB810243 on 6/11/2004 (details...)
KB817778 on 6/11/2004 (details...)
KB820291 on 6/10/2004 (details...)
KB821253 on 6/10/2004 (details...)
Windows XP
SP2 (continued)
KB822603 on 6/10/2004 (details...)
KB823182 on 6/9/2004 (details...)
KB824105 on 6/9/2004 (details...)
KB824141 on 6/9/2004 (details...)
KB825119 on 6/9/2004 (details...)
KB826939 on 6/9/2004 (details...)
KB826942 on 6/10/2004 (details...)
KB828035 on 6/9/2004 (details...)
KB828741 on 6/9/2004 (details...)
KB833998 on 6/10/2004 (details...)
KB835732 on 6/9/2004 (details...)
KB837001 on 6/9/2004 (details...)
KB839643 on 6/9/2004 (details...)
KB840374 on 6/9/2004 (details...)
Q322011 on 6/11/2004 (details...)
Q327979 on 6/11/2004 (details...)
Q814995 on 6/11/2004 (details...)
Q819696 on 6/9/2004 (details...)



Click here to see all available Microsoft security hotfixes for this computer.

Marks a HotFix that verifies correctly
Marks a HotFix that fails verification
(note that failing hotfixes need to be reinstalled)
Unmarked HotFixes lack the data to allow verification

Software Licenses [Back to Top]

Microsoft - Internet Explorer 55277-OEM-0011903-00102 (Key: RCBF6-6KDMK-GD6GR-K6DP3-4C8MT)e
Microsoft - MediaPlayer 69808-359-1286594-04204
Microsoft - WebFldrs XP 12345-111-1111111-69740 (have no idea what this is )
Microsoft - Windows XP Home Edition 55277-OEM-0011903-00102 (Key: RCBF6-6KDMK-GD6GR-K6DP3-4C8MT)e (This isn't my key number)

Software Versions [Back to Top]
00saskda * (this is D:\Program Files\MonitorWare\Agent, haven't used this at all)

Adiscon GmbH - Interactive Syslog Server Version 2.01.0047 * see above
Adiscon GmbH - MonitorWare Config Client Version 2.01.0528 * see above
Adiscon MonitorWare Agent Version 2, 1, 0, 224 * see above

America Online, Inc. - AOL Instant Messenger Version 5.5.3595 * I did d/l

Belarc, Inc. - BelManage Client Version 6.1 * of course

Computer Associates International, Inc. - ISafe Version 10.63.0.1 * I think this has to do with zonelabs but I am not sure what it is for

ihsoftware - LAN Find Application Version 3, 1, 0, 0 * I removed this I thought it was something else

Inno Setup * D:\Program Files\Registry Mechanic I d/l

Jasc Software, Inc. - Paint Shop Pro 8 Version 8.10 * I d/l this because my ms paint is missing

Knownsoft,http://www.knownsoft.com - TurboSearcher Application Version 1, 2, 0, 0 * I removed it didn't do what I wanted

Lavasoft Ad-aware Plus Version 6.0.0.0 * of course

Listen.com - Check Web For Update * my radio service from rhapsody/realplayer

Microsoft (r) Windows Script Host Version 5.6.0.6626 * this is in system32?

Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 * normal

Microsoft Corporation - Windows Installer - Unicode Version 2.0.2600.1106 * in system32?

Microsoft Corporation - Windows Journal Viewer Version 1.5.2315.3 * came with the updates

Microsoft Corporation - Windows Movie Maker Version 1.1.2427.1 * on when I bought it and everytime I try to do the update at microsoft i get failed

Microsoft Corporation - Windows® NetMeeting® Version 3.01 * also with updates

Microsoft Open Database Connectivity Version 3.520.9030.0 * in system32

Microsoft Windows Media Player Version 6.4.09.1125 * I have media player

Microsoft(R) MSN (R) Communications System Version 7.02.0005.2202 * Guess this is msn messenger

Microsoft(R) Windows Media Player Version 9.00.00.2980 * update for WMP

No Nonsense Software - SuperCat Version 4.4 * Great file searcher I downloaded


NVIDIA Driver Helper Service, Version 52.16 Version 6.14.10.5216 * update

PepiMK Software - Spybot - Search & Destroy Version 1, 3, 0, 12 * of course

RealNetworks Rhapsody Music Subscription Service Version 2, 1, 0, 227 * also part of listen

RealNetworks, Inc. - RealPlayer (32-bit) Version 0.1.0.3034 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 6.0.12.872 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 7.0.0.2415 *
I have realplayer and Rhapsody and I pay for both services


Safer Networking Limited - SpyBot-S&D Version 1, 3, 0, 12 * of course

SpywareBlaster AutoUpdate Version 3.01 *
SpywareBlaster Version 3.01 *
SpywareGuard LiveUpdate Version 2.02.0001 *
SpywareGuard Version 2.02.0001 * all things I was told to use


Steven J. Hoek Software Development - Registry Search + Replace v2.15 Version 2.15 * a great tool for searching for things in the registry I d/l

WinGuides - Tweak Manager Version 2, 1, 0, 0 * I bought this but I can't change things with it
WinGuides Software - Registry Mechanic Version 3.00.0035 * see above


Yahoo! Messenger Version 6,0,0,1643 * I use


Zone Labs Client Version 5.0.590.015 *
Zone Labs Inc. - Internet Access Monitor Version 5.0.590.015 *
Zone Labs Inc. - TrueVector Service Version 5.0.590.015 *
All to do with my firewall



I cannot copy and paste it but microsoft tells me that I am up to date


Also I tired to access microsoft help today with my net passport and it wouldn't connect.

 

Sorry didn't see this earlier. I will try this now

 

DSO exploits explained here in post #15.

Did I miss something, like a mention of AntiVirus, or is the report lacking details because there isn't any? Please missmissy, scan that PC with the scanners I suggested above.

 

Lol!

 

I'll be real interested to see what the outcome is after Joe works with you. He really knows this stuff and you couldn't be in better hands unless you shipped the PC to Microsoft for them to fix things.

This is a fascinating problem (since it isn't happening to me) but I freely admit I am way over my depth trying to figure out how it is being done or the best way to put a stop to it all.