Changes in settings / security??

[Guest MrGib]

Since I d/l SP3, I've noticed many changes to misc areas. ie internet

security settings, modem/DSL exception changes and I now have a guest user.

Never created a guest user (I don't think!?) Had to de/reinstall my net

adapter, modem, change back internet security setttings, etc etc. Question =

Hacked? If someone would guide me through some 'diag' steps to verify I'm

still protected and 'alone'.....or am I way off.??? TYVM!!!!

 

XP Home SP3

IE7

Dell / P4

Comcast DSL

[Guest PA Bear [MS MVP]]

Re: Changes in settings / security??

 

Did you reinstall WinXP just before you installed SP3? Were you running

WinXP SP2 before SP3 was installed?

 

Free unlimited installation and compatibility support is available for

Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and

e-mail support is available only in the United States and Canada.

 

• US:

http://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11273&gprid=522131

 

• CA:

http://support.microsoft.com/oas/default.aspx?ln=en-ca&prid=11273&gprid=522131

 

• UK:

http://support.microsoft.com/oas/default.aspx?ln=en-gb&prid=11273&gprid=522131

 

• AU:

http://support.microsoft.com/oas/default.aspx?ln=en-au&prid=11273&gprid=522131

 

• Other: http://support.microsoft.com/oas/default.aspx?gprid=1173 | select

Windows XP | select Windows XP Service Pack 3

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

 

MrGib wrote:

> Since I d/l SP3, I've noticed many changes to misc areas. ie internet

> security settings, modem/DSL exception changes and I now have a guest

> user.

> Never created a guest user (I don't think!?) Had to de/reinstall my net

> adapter, modem, change back internet security setttings, etc etc.

> Question

> = Hacked? If someone would guide me through some 'diag' steps to verify

> I'm

> still protected and 'alone'.....or am I way off.??? TYVM!!!!

>

> XP Home SP3

> IE7

> Dell / P4

> Comcast DSL

[Guest MrGib]

Re: Changes in settings / security??

 

Thanks much for the reply PB, Sir. Answers to you're questions are = No

reinstall & yes SP2.

 

Man, in the sys summary, I've got tasks and start-up pgms with user names

"all users = .default -- Svc's are running that are duped and shared, etc.

Strange stuff, man. (ha) Everything's clicking along, but ????

 

I'll refer to your instructed info and go from there. Thanks again Mr. PB,

MVP!

 

"PA Bear [MS MVP]" wrote:

> Did you reinstall WinXP just before you installed SP3? Were you running

> WinXP SP2 before SP3 was installed?

>

> Free unlimited installation and compatibility support is available for

> Windows XP, but only for Service Pack 3 (SP3), until 14 Apr-09. Chat and

> e-mail support is available only in the United States and Canada.

>

> • US:

> http://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11273&gprid=522131

>

> • CA:

> http://support.microsoft.com/oas/default.aspx?ln=en-ca&prid=11273&gprid=522131

>

> • UK:

> http://support.microsoft.com/oas/default.aspx?ln=en-gb&prid=11273&gprid=522131

>

> • AU:

> http://support.microsoft.com/oas/default.aspx?ln=en-au&prid=11273&gprid=522131

>

> • Other: http://support.microsoft.com/oas/default.aspx?gprid=1173 | select

> Windows XP | select Windows XP Service Pack 3

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> AumHa VSOP & Admin http://aumha.net

> DTS-L http://dts-l.net/

>

>

> MrGib wrote:

> > Since I d/l SP3, I've noticed many changes to misc areas. ie internet

> > security settings, modem/DSL exception changes and I now have a guest

> > user.

> > Never created a guest user (I don't think!?) Had to de/reinstall my net

> > adapter, modem, change back internet security setttings, etc etc.

> > Question

> > = Hacked? If someone would guide me through some 'diag' steps to verify

> > I'm

> > still protected and 'alone'.....or am I way off.??? TYVM!!!!

> >

> > XP Home SP3

> > IE7

> > Dell / P4

> > Comcast DSL

>

>

[Guest MowGreen [MVP]]

Re: Changes in settings / security??

 

Is the Guest account Disabled ? There is a native Guest User Account in XP.

 

Was the installed antivirus|security suite [re: any Norton "product"]

actively monitoring the system when SP3 was applied ?

If the answer is yes, see this:

 

WinXP SP3: Registry Corruption & Norton SymProtect

http://aumha.net/viewtopic.php?f=62&t=33522

 

MowGreen [MVP 2003-2008]

===============

*-343-* FDNY

Never Forgotten

===============

 

 

 

MrGib wrote:

> Since I d/l SP3, I've noticed many changes to misc areas. ie internet

> security settings, modem/DSL exception changes and I now have a guest user.

> Never created a guest user (I don't think!?) Had to de/reinstall my net

> adapter, modem, change back internet security setttings, etc etc. Question =

> Hacked? If someone would guide me through some 'diag' steps to verify I'm

> still protected and 'alone'.....or am I way off.??? TYVM!!!!

>

> XP Home SP3

> IE7

> Dell / P4

> Comcast DSL

[Guest MrGib]

Re: Changes in settings / security??

 

MG....Guest is disabled and I didn't know about the native guest user...TYVM!

There's a bunch of other 'peculiar' stuff happening, but I'm not having any

'crashes' or start up/shut dn issues....so I'll just stop sweating all this

mess I assume!

 

....& no Norton. Came w/McAfee from Dell...used that and now running both

that & AVG 7.5. ***Side question please.... AVG v8? I've read horror

stories on this, so your input is welcomed, Sir. Thanks!!

 

***Hey Mow....Glad to know that head shot in the boat in Tahoe didn't 86

ya....huhuhuh.***

 

 

"MowGreen [MVP]" wrote:

> Is the Guest account Disabled ? There is a native Guest User Account in XP.

>

> Was the installed antivirus|security suite [re: any Norton "product"]

> actively monitoring the system when SP3 was applied ?

> If the answer is yes, see this:

>

> WinXP SP3: Registry Corruption & Norton SymProtect

> http://aumha.net/viewtopic.php?f=62&t=33522

>

> MowGreen [MVP 2003-2008]

> ===============

> *-343-* FDNY

> Never Forgotten

> ===============

>

>

>

> MrGib wrote:

>

> > Since I d/l SP3, I've noticed many changes to misc areas. ie internet

> > security settings, modem/DSL exception changes and I now have a guest user.

> > Never created a guest user (I don't think!?) Had to de/reinstall my net

> > adapter, modem, change back internet security setttings, etc etc. Question =

> > Hacked? If someone would guide me through some 'diag' steps to verify I'm

> > still protected and 'alone'.....or am I way off.??? TYVM!!!!

> >

> > XP Home SP3

> > IE7

> > Dell / P4

> > Comcast DSL

>

[Guest MrGib]

Re: Changes in settings / security??

 

Anyone help me w/the event 63 below? Says run a Cscript?? Things as this is

why I'm 'concerned.'

 

Thanks in advance ya'll!

 

Boot.ini = multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP

Home Edition"/noexecute=optin/fastdetect

 

Event Type: Warning

Event Source: WinMgmt

Event Category: None

Event ID: 63

Date: 5/28/2008

Time: 2:50:14 PM

User: CHUCK\Chuck

Computer: CHUCK

Description:

A provider, OffProv11, has been registered in the WMI namespace,

Root\MSAPPS11, to use the LocalSystem account. This account is privileged

and the provider may cause a security violation if it does not correctly

impersonate user requests.

 

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

 

 

"MowGreen [MVP]" wrote:

> Is the Guest account Disabled ? There is a native Guest User Account in XP.

>

> Was the installed antivirus|security suite [re: any Norton "product"]

> actively monitoring the system when SP3 was applied ?

> If the answer is yes, see this:

>

> WinXP SP3: Registry Corruption & Norton SymProtect

> http://aumha.net/viewtopic.php?f=62&t=33522

>

> MowGreen [MVP 2003-2008]

> ===============

> *-343-* FDNY

> Never Forgotten

> ===============

>

>

>

> MrGib wrote:

>

> > Since I d/l SP3, I've noticed many changes to misc areas. ie internet

> > security settings, modem/DSL exception changes and I now have a guest user.

> > Never created a guest user (I don't think!?) Had to de/reinstall my net

> > adapter, modem, change back internet security setttings, etc etc. Question =

> > Hacked? If someone would guide me through some 'diag' steps to verify I'm

> > still protected and 'alone'.....or am I way off.??? TYVM!!!!

> >

> > XP Home SP3

> > IE7

> > Dell / P4

> > Comcast DSL

>

[Guest MrGib]

Re: Changes in settings / security??

 

I'm the sole user of the PC btw....

 

-----------------------------------------------------------------

Event Type: Success Audit

Event Source: Security

Event Category: System Event

Event ID: 515

Date: 5/28/2008

Time: 3:55:04 PM

User: NT AUTHORITY\SYSTEM

Computer: CHUCK

Description:

A trusted logon process has registered with the Local Security Authority.

This logon process will be trusted to submit logon requests.

 

Logon Process Name: Winlogon\MSGina

 

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

----

Logon Process Name: MSGina =====

 

Logon Process Name: RASMAN

Logon Process Name: Secondary Logon Service

Logon Process Name: KSecDD

Logon Process Name: LAN Manager Workstation Service

Logon Process Name: CHAP

Logon Process Name: DCOMSCM

Logon Process Name: Winlogon

--------------------------------------------------------------

Event Type: Failure Audit

Event Source: Security

Event Category: Policy Change

Event ID: 615

Date: 5/28/2008

Time: 8:48:12 AM

User: NT AUTHORITY\NETWORK SERVICE

Computer: CHUCK

Description:

IPSec Services: IPSec Services failed to get the complete list of network

interfaces on the machine. This can be a potential security hazard to the

machine since some of the network interfaces may not get the protection as

desired by the applied IPSec filters. Please run IPSec monitor snap-in to

further diagnose the problem.

 

----------------------------------------------------------------

Event Type: Success Audit

Event Source: Security

Event Category: Policy Change

Event ID: 848

Date: 5/28/2008

Time: 1:04:06 AM

User: NT AUTHORITY\SYSTEM

Computer: CHUCK

Description:

The following policy was active when the Windows Firewall started.

 

Group Policy applied: No

Profile used: Standard

Interface: All interfaces

Operational mode: On

Services:

File and Printer Sharing: Disabled

Remote Desktop: Disabled

UPnP Framework: Disabled

Allow remote administration: Disabled

Allow unicast responses to multicast/broadcast traffic: Disabled

Security Logging:

Log dropped packets: Disabled

Log successful connections Disabled

ICMP:

Allow incoming echo request: Disabled

Allow incoming timestamp request: Disabled

Allow incoming mask request: Disabled

Allow incoming router request: Disabled

Allow outgoing destination unreachable: Disabled

Allow outgoing source quench: Disabled

Allow outgoing parameter problem: Disabled

Allow outgoing time exceeded: Disabled

Allow redirect: Disabled

Allow outgoing packet too big: Disabled

 

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

 

----**had several as below that were disabled, then enabled over & over &

over???

 

Event Type: Success Audit

Event Source: Security

Event Category: Policy Change

Event ID: 849

Date: 5/25/2008

Time: 1:38:22 PM

User: NT AUTHORITY\SYSTEM

Computer: CHUCK

Description:

An application was listed as an exception when the Windows Firewall started.

 

Policy origin: Local Policy

Profile used: Standard

Name: Remote Assistance

Path: C:\WINDOWS\system32\sessmgr.exe

State: Disabled

Scope: All subnets

 

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

 

---

Name: Run a DLL as an App

Path: C:\WINDOWS\system32\rundll32.exe

 

Name: RealPlayer

Path: C:\Program Files\Real\RealPlayer\realplay.exe

 

Name: Network Diagnostics for Windows XP

Path: %windir%\Network Diagnostic\xpnetdiag.exe

 

----Defender----

Event Type: Information

Event Source: WinDefend

Event Category: None

Event ID: 5007

Date: 5/28/2008

Time: 7:48:25 PM

User: N/A

Computer: CHUCK

Description:

The description for Event ID ( 5007 ) in Source ( WinDefend ) cannot be

found. The local computer may not have the necessary registry information or

message DLL files to display messages from a remote computer. You may be able

to use the /AUXSOURCE= flag to retrieve this description; see Help and

Support for details. The following information is part of the event: %%827,

1.1.1593.0, Default\Real-Time Protection\EnableUnknownPrompts = 0,

HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time

Protection\EnableUnknownPrompts = 1, , .

 

----Office Update Errors????---

Event Type: Failure Audit

Event Source: OfficeUpdateV3

Event Category: None

Event ID: 0

Date: 5/28/2008

Time: 11:21:18 AM

User: N/A

Computer: CHUCK

Description:

The description for Event ID ( 0 ) in Source ( OfficeUpdateV3 ) cannot be

found. The local computer may not have the necessary registry information or

message DLL files to display messages from a remote computer. You may be able

to use the /AUXSOURCE= flag to retrieve this description; see Help and

Support for details. The following information is part of the event:

V3_2|519988|INSTALL|MAINSP3_11.0.8173_ENG||2008-05-28

10:51:24|9|FAIL|00000000|The operation completed successfully.|.

 

****OK.....Sorry for the mile long data! Thanks for any and all input /

thoughts on all this. !!!

 

Gib

 

 

"MrGib" wrote:

> Anyone help me w/the event 63 below? Says run a Cscript?? Things as this is

> why I'm 'concerned.'

>

> Thanks in advance ya'll!

>

> Boot.ini = multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP

> Home Edition"/noexecute=optin/fastdetect

>

> Event Type: Warning

> Event Source: WinMgmt

> Event Category: None

> Event ID: 63

> Date: 5/28/2008

> Time: 2:50:14 PM

> User: CHUCK\Chuck

> Computer: CHUCK

> Description:

> A provider, OffProv11, has been registered in the WMI namespace,

> Root\MSAPPS11, to use the LocalSystem account. This account is privileged

> and the provider may cause a security violation if it does not correctly

> impersonate user requests.

>

> For more information, see Help and Support Center at

> http://go.microsoft.com/fwlink/events.asp.

>

>

> "MowGreen [MVP]" wrote:

>

> > Is the Guest account Disabled ? There is a native Guest User Account in XP.

> >

> > Was the installed antivirus|security suite [re: any Norton "product"]

> > actively monitoring the system when SP3 was applied ?

> > If the answer is yes, see this:

> >

> > WinXP SP3: Registry Corruption & Norton SymProtect

> > http://aumha.net/viewtopic.php?f=62&t=33522

> >

> > MowGreen [MVP 2003-2008]

> > ===============

> > *-343-* FDNY

> > Never Forgotten

> > ===============

> >

> >

> >

> > MrGib wrote:

> >

> > > Since I d/l SP3, I've noticed many changes to misc areas. ie internet

> > > security settings, modem/DSL exception changes and I now have a guest user.

> > > Never created a guest user (I don't think!?) Had to de/reinstall my net

> > > adapter, modem, change back internet security setttings, etc etc. Question =

> > > Hacked? If someone would guide me through some 'diag' steps to verify I'm

> > > still protected and 'alone'.....or am I way off.??? TYVM!!!!

> > >

> > > XP Home SP3

> > > IE7

> > > Dell / P4

> > > Comcast DSL

> >

[Guest MowGreen [MVP]]

Re: Changes in settings / security??

 

I got shot in the eye whilst getting a massage in Vegas.

Fredo is the one who was rubbed out on Lake Tahoe <w>

 

If 2 AVs are monitoring the system concurrently than you're asking for

trouble. Only one AV should do that.

AVG 8 is apparently causing issues for a great deal of folks.

Recommend Avast or Antivir, if you're seeking a free AV.

 

Now, was the Dell supplied McAfee actively monitoring the system when

SP3 was installed ? If so, that would explain all the actions you had to

take in your original post:

> Had to de/reinstall my net

> adapter, modem, change back internet security setttings, etc etc.

 

Not sure why you subsequently posted those Events.

Nothing untoward is showing but ... some of the missing information in

the registry *may* very well be related to having McAfee actively

monitoring the system when SP3 was applied.

 

 

MowGreen [MVP 2003-2008]

===============

*-343-* FDNY

Never Forgotten

===============

 

 

MrGib wrote:

> MG....Guest is disabled and I didn't know about the native guest user...TYVM!

> There's a bunch of other 'peculiar' stuff happening, but I'm not having any

> 'crashes' or start up/shut dn issues....so I'll just stop sweating all this

> mess I assume!

>

> ...& no Norton. Came w/McAfee from Dell...used that and now running both

> that & AVG 7.5. ***Side question please.... AVG v8? I've read horror

> stories on this, so your input is welcomed, Sir. Thanks!!

>

> ***Hey Mow....Glad to know that head shot in the boat in Tahoe didn't 86

> ya....huhuhuh.***

>

>

> "MowGreen [MVP]" wrote:

>

>

>>Is the Guest account Disabled ? There is a native Guest User Account in XP.

>>

>>Was the installed antivirus|security suite [re: any Norton "product"]

>>actively monitoring the system when SP3 was applied ?

>>If the answer is yes, see this:

>>

>>WinXP SP3: Registry Corruption & Norton SymProtect

>>http://aumha.net/viewtopic.php?f=62&t=33522

>>

>>MowGreen [MVP 2003-2008]

>>===============

>> *-343-* FDNY

>>Never Forgotten

>>===============

>>

>>

>>

>>MrGib wrote:

>>

>>

>>>Since I d/l SP3, I've noticed many changes to misc areas. ie internet

>>>security settings, modem/DSL exception changes and I now have a guest user.

>>>Never created a guest user (I don't think!?) Had to de/reinstall my net

>>>adapter, modem, change back internet security setttings, etc etc. Question =

>>>Hacked? If someone would guide me through some 'diag' steps to verify I'm

>>>still protected and 'alone'.....or am I way off.??? TYVM!!!!

>>>

>>>XP Home SP3

>>>IE7

>>>Dell / P4

>>>Comcast DSL

>>