If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
error 576?
Several times a minute my event viewer is reporting event ID 576 and 528.
Successful logon? User name Network Service, Domain: NT Authority, Logon ID: (0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what this means and I've never seen it like this in here before. I am running XP Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online scanners and they show nothing |
Ads |
#2
|
|||
|
|||
error 576?
I guess what I should have said is my computer is not being "normal" at the
moment. Now when I try to log in to my email I get an error from Microsoft Internet Explorer...Internet Explorer cannot open the Internet site http://..... Operation aborted. This just started today and I've never had that before. I haven't changed any settings recently. I have DSL.....I have received that same error when I have tried to log in to a couple of other web sites. Maybe you can give me some advice? Thank you "Teri" wrote: Several times a minute my event viewer is reporting event ID 576 and 528. Successful logon? User name Network Service, Domain: NT Authority, Logon ID: (0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what this means and I've never seen it like this in here before. I am running XP Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online scanners and they show nothing |
#3
|
|||
|
|||
error 576?
Teri wrote (in ):
I guess what I should have said is my computer is not being "normal" at the moment. Now when I try to log in to my email I get an error from Microsoft Internet Explorer...Internet Explorer cannot open the Internet site http://..... Operation aborted. This just started today and I've never had that before. I haven't changed any settings recently. I have DSL.....I have received that same error when I have tried to log in to a couple of other web sites. Maybe you can give me some advice? Thank you There is a registry entry that causes Windows to make a lot more entries every time a high privllge event occurs. It is normally off, but maybe it was somehow turned on in your system. Have you run any new programs or done a Windows update recently? -- Alec S. news/alec-synetech/cjb/net "Teri" wrote: Several times a minute my event viewer is reporting event ID 576 and 528. Successful logon? User name Network Service, Domain: NT Authority, Logon ID: (0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what this means and I've never seen it like this in here before. I am running XP Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online scanners and they show nothing |
#4
|
|||
|
|||
error 576?
"Teri" wrote: Several times a minute my event viewer is reporting event ID 576 and 528. Successful logon? User name Network Service, Domain: NT Authority, Logon ID: (0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what this means and I've never seen it like this in here before. I am running XP Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online scanners and they show nothing 1... Click start Control Panel Double Click Network and Internet Connections Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. Click on Connections tab then click LAN Settings Button, there make sure nothing checked. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit . How to manage Add-Ons: http://support.microsoft.com/kb/883256 Click on Advanced Tab and scroll down under the browsing option and uncheck this box: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) &] HTTP 1.1 Settings [ ] Use HTTP 1.1 ,= Make sure this checked [ ] Use HTTP 1.1 through proxy connections If you using proxy check the proxy one if not check only the first one. Then under Security Option: [&] Security [ ] Use SSL 2.0 [ ] Use SSL 3.0 [ ] Use STL 1.0 and click Apply then [OK] to close the IE properties Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich http://www.microsoft.com/technet/sys...tRevealer.mspx Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html = Then Open a run command and type in these DLLs to re-register them: regsvr32 SOFTPUB.DLL regsvr32 Wintrust.dll regsvr32 Mssip32.dll regsvr32 Initpki.dll regsvr32 Msjava.dll regsvr32 Gpkcsp.dll regsvr32 Sccbase.dll regsvr32 Slbcsp.dll regsvr32 Urlmon.dll regsvr32 Cryptdlg.dll regsvr32 Dssenh.dll regsvr32 Rsaenh.dll Note you can copy the above and paste in a Notepad and Save As on the Desktop reg.bat file, double click the icon for the reg.bat and lick [OK] and then Yes. Again on the Run command type in: ipconfig /flushdns click [OK] ipconfig /renew click [OK] netsh winsock reset click [OK] Reboot your machine and see if you can access any website/link easily and without the cannot connect error message. or this tool (winsock-Fix) from he http://www.nasstec.co.uk/tools.html = Either try to update your windows scripting engine or Java version on your computer, try to uninstall the old Java first. Windows Script 5.6 Documentation http://www.microsoft.com/downloads/d...displaylang=en http://www.java.com/en/download/index.jsp = Open the Windows Explorer and locate this path: C:\Windows\System32\drivers\etc = look in the Right Pane/window for this file called the HOSTS file but not the one with the extension *.SAM* leave this as is. If you can't see it try to click Tools Folder Options and select show Hidden files and folder, then right Click the Hosts file and select open with Notepad. There see any reference for that site and remove it, you Hosts file will looks like this: # 102.54.94.97 rhino.acme.com # Source server # 38.25.63.10 x.acme.com # Client Host 127.0.0.1 LocalHost ------------------------------------------ Remove all other References other than those above. You can also try to assign the web address in the trusted zone on the IE properties. = Before we go further are you connecting by Router or Modem, in either try to Power or unplug the Power cord for the Router/Modem for about 40 seconds or so be generous with it g turn the computer OFF and wait for the time to go by!!. Then Turn the Router/Modem ON and wait a minute or so then Power ON the computer and try to establish a connection and try the link, does it work?. If still then continue the heavy work: Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD Reboot the machine and try, does it work. If not try this: search for them by this name *index.dat* and you can delete them then the on reboot the system will recreate them for you. Some of them he C:\Documents and settings\Administrator\Cookies = index C:\Documents and Settings\User\Cookies = index C:\Documents and settings\User\User data = index C:\Windows\Temp\Cookies =index C:\Windows\Temp\History = index C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat Reboot your machine and see if this helped. Check your connection (TCP/IP setting) are set correct. How to troubleshoot network connectivity problems in Internet Explorer http://support.microsoft.com/default.aspx/kb/936211 Open the Run command and type in: regedit click [OK] Locate this key and make sure the subs look like this or change them; [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\DefaultPrefix] @="http://" [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" HTH. Let us know. nass --------- http://www.nasstec.co.uk |
#5
|
|||
|
|||
error 576?
awesome post! In response to Alec's question yes I have tried to do a
Window's update and an AVG update both of which failed. I have been following down the line with nass's instructions and things were going fairly well until I tried to reply to your post at which time I kept getting "This page cannot be displayed" I went back and checked the "Use STL 1.0" and only then was I able to reply. When I tried to go into the registry editor by typing regedit in the run box I got the error " regedit is not a valid Win32 application" and it wouldn't open it. I could open it by going to the exe file. I have not made it through the list entirely my next step is to try to update the windows scripting engine but I started to panic a little when I couldn't rate the post or reply. I am still getting the 576 & 528 events several times a minute but I will attempt to finish the instructions given and hopefully report all is good at completion. I am connecting through a modem and I have recycled the power. "nass" wrote: "Teri" wrote: Several times a minute my event viewer is reporting event ID 576 and 528. Successful logon? User name Network Service, Domain: NT Authority, Logon ID: (0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what this means and I've never seen it like this in here before. I am running XP Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online scanners and they show nothing 1... Click start Control Panel Double Click Network and Internet Connections Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. Click on Connections tab then click LAN Settings Button, there make sure nothing checked. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit . How to manage Add-Ons: http://support.microsoft.com/kb/883256 Click on Advanced Tab and scroll down under the browsing option and uncheck this box: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) &] HTTP 1.1 Settings [ ] Use HTTP 1.1 ,= Make sure this checked [ ] Use HTTP 1.1 through proxy connections If you using proxy check the proxy one if not check only the first one. Then under Security Option: [&] Security [ ] Use SSL 2.0 [ ] Use SSL 3.0 [ ] Use STL 1.0 and click Apply then [OK] to close the IE properties Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich http://www.microsoft.com/technet/sys...tRevealer.mspx Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html = Then Open a run command and type in these DLLs to re-register them: regsvr32 SOFTPUB.DLL regsvr32 Wintrust.dll regsvr32 Mssip32.dll regsvr32 Initpki.dll regsvr32 Msjava.dll regsvr32 Gpkcsp.dll regsvr32 Sccbase.dll regsvr32 Slbcsp.dll regsvr32 Urlmon.dll regsvr32 Cryptdlg.dll regsvr32 Dssenh.dll regsvr32 Rsaenh.dll Note you can copy the above and paste in a Notepad and Save As on the Desktop reg.bat file, double click the icon for the reg.bat and lick [OK] and then Yes. Again on the Run command type in: ipconfig /flushdns click [OK] ipconfig /renew click [OK] netsh winsock reset click [OK] Reboot your machine and see if you can access any website/link easily and without the cannot connect error message. or this tool (winsock-Fix) from he http://www.nasstec.co.uk/tools.html = Either try to update your windows scripting engine or Java version on your computer, try to uninstall the old Java first. Windows Script 5.6 Documentation http://www.microsoft.com/downloads/d...displaylang=en http://www.java.com/en/download/index.jsp = Open the Windows Explorer and locate this path: C:\Windows\System32\drivers\etc = look in the Right Pane/window for this file called the HOSTS file but not the one with the extension *.SAM* leave this as is. If you can't see it try to click Tools Folder Options and select show Hidden files and folder, then right Click the Hosts file and select open with Notepad. There see any reference for that site and remove it, you Hosts file will looks like this: # 102.54.94.97 rhino.acme.com # Source server # 38.25.63.10 x.acme.com # Client Host 127.0.0.1 LocalHost ------------------------------------------ Remove all other References other than those above. You can also try to assign the web address in the trusted zone on the IE properties. = Before we go further are you connecting by Router or Modem, in either try to Power or unplug the Power cord for the Router/Modem for about 40 seconds or so be generous with it g turn the computer OFF and wait for the time to go by!!. Then Turn the Router/Modem ON and wait a minute or so then Power ON the computer and try to establish a connection and try the link, does it work?. If still then continue the heavy work: Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD Reboot the machine and try, does it work. If not try this: search for them by this name *index.dat* and you can delete them then the on reboot the system will recreate them for you. Some of them he C:\Documents and settings\Administrator\Cookies = index C:\Documents and Settings\User\Cookies = index C:\Documents and settings\User\User data = index C:\Windows\Temp\Cookies =index C:\Windows\Temp\History = index C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat Reboot your machine and see if this helped. Check your connection (TCP/IP setting) are set correct. How to troubleshoot network connectivity problems in Internet Explorer http://support.microsoft.com/default.aspx/kb/936211 Open the Run command and type in: regedit click [OK] Locate this key and make sure the subs look like this or change them; [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\DefaultPrefix] @="http://" [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" HTH. Let us know. nass --------- http://www.nasstec.co.uk |
#6
|
|||
|
|||
error 576?
Teri wrote (in ):
awesome post! In response to Alec's question yes I have tried to do a Window's update and an AVG update both of which failed. I have been following down the line with nass's instructions and things were going fairly well until I tried to reply to your post at which time I kept getting "This page cannot be displayed" I went back and checked the "Use STL 1.0" and only then was I able to reply. When I tried to go into the registry editor by typing regedit in the run box I got the error " regedit is not a valid Win32 application" and it wouldn't open it. I could open it by going to the exe file. Well if you can open the registry, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa and check that FullPrivilegeAuditing is set to 0. If it is not, then set it to 0. If it is, then you’ve got another problem (I mean the events specifically, not the Internet connection problems). -- Alec S. news/alec-synetech/cjb/net |
#7
|
|||
|
|||
error 576?
It was set to 00
"Alec S." wrote: Teri wrote (in ): awesome post! In response to Alec's question yes I have tried to do a Window's update and an AVG update both of which failed. I have been following down the line with nass's instructions and things were going fairly well until I tried to reply to your post at which time I kept getting "This page cannot be displayed" I went back and checked the "Use STL 1.0" and only then was I able to reply. When I tried to go into the registry editor by typing regedit in the run box I got the error " regedit is not a valid Win32 application" and it wouldn't open it. I could open it by going to the exe file. Well if you can open the registry, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa and check that FullPrivilegeAuditing is set to 0. If it is not, then set it to 0. If it is, then you’ve got another problem (I mean the events specifically, not the Internet connection problems). -- Alec S. news/alec-synetech/cjb/net |
#8
|
|||
|
|||
error 576?
and when I try to change it it says zero-length binary value
"Alec S." wrote: Teri wrote (in ): awesome post! In response to Alec's question yes I have tried to do a Window's update and an AVG update both of which failed. I have been following down the line with nass's instructions and things were going fairly well until I tried to reply to your post at which time I kept getting "This page cannot be displayed" I went back and checked the "Use STL 1.0" and only then was I able to reply. When I tried to go into the registry editor by typing regedit in the run box I got the error " regedit is not a valid Win32 application" and it wouldn't open it. I could open it by going to the exe file. Well if you can open the registry, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa and check that FullPrivilegeAuditing is set to 0. If it is not, then set it to 0. If it is, then you’ve got another problem (I mean the events specifically, not the Internet connection problems). -- Alec S. news/alec-synetech/cjb/net |
#9
|
|||
|
|||
error 576?
Hi Teri, You need to tune up your Security Auditing as this an accessive event logs for successful or failure log in! Did you plan the auditing or somebody else? does this machine one day was connected to a server/workgroup andPolicy Auding been implemented ? you enabled auditing of logon and you need to disable it: http://www.microsoft.com/technet/pro....mspx?mfr=true And this http://support.microsoft.com/kb/305822 Windows and Active Directory auditing http://www.tunexp.com/news/windows-story-921.html How to audit user access of files, folders, and printers in Windows XP View products that this article applies to. http://support.microsoft.com/kb/310399 http://msdn.microsoft.com/en-us/library/ms731669.aspx Understanding Logon and Authentication http://technet.microsoft.com/en-us/l.../bb457114.aspx BlackLight™ Rootkit Elimination http://www.f-secure.com/news/items/n...05030701.shtml "Webpage cannot be displayed": http://support.microsoft.com/kb/942818 Error message when you open a Web page in Windows Internet Explorer 7: "Internet Explorer has encountered a problem and needs to close" http://support.microsoft.com/kb/936904 How to optimize or reset Internet Explorer 7 http://support.microsoft.com/kb/936213/ How to use Reset Internet Explorer Settings (RIES): http://support.microsoft.com/kb/923737 HTH nass --- http://www.nasstec.co.uk "Teri" wrote: awesome post! In response to Alec's question yes I have tried to do a Window's update and an AVG update both of which failed. I have been following down the line with nass's instructions and things were going fairly well until I tried to reply to your post at which time I kept getting "This page cannot be displayed" I went back and checked the "Use STL 1.0" and only then was I able to reply. When I tried to go into the registry editor by typing regedit in the run box I got the error " regedit is not a valid Win32 application" and it wouldn't open it. I could open it by going to the exe file. I have not made it through the list entirely my next step is to try to update the windows scripting engine but I started to panic a little when I couldn't rate the post or reply. I am still getting the 576 & 528 events several times a minute but I will attempt to finish the instructions given and hopefully report all is good at completion. I am connecting through a modem and I have recycled the power. "nass" wrote: "Teri" wrote: Several times a minute my event viewer is reporting event ID 576 and 528. Successful logon? User name Network Service, Domain: NT Authority, Logon ID: (0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what this means and I've never seen it like this in here before. I am running XP Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online scanners and they show nothing 1... Click start Control Panel Double Click Network and Internet Connections Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. Click on Connections tab then click LAN Settings Button, there make sure nothing checked. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit . How to manage Add-Ons: http://support.microsoft.com/kb/883256 Click on Advanced Tab and scroll down under the browsing option and uncheck this box: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) &] HTTP 1.1 Settings [ ] Use HTTP 1.1 ,= Make sure this checked [ ] Use HTTP 1.1 through proxy connections If you using proxy check the proxy one if not check only the first one. Then under Security Option: [&] Security [ ] Use SSL 2.0 [ ] Use SSL 3.0 [ ] Use STL 1.0 and click Apply then [OK] to close the IE properties Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich http://www.microsoft.com/technet/sys...tRevealer.mspx Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html = Then Open a run command and type in these DLLs to re-register them: regsvr32 SOFTPUB.DLL regsvr32 Wintrust.dll regsvr32 Mssip32.dll regsvr32 Initpki.dll regsvr32 Msjava.dll regsvr32 Gpkcsp.dll regsvr32 Sccbase.dll regsvr32 Slbcsp.dll regsvr32 Urlmon.dll regsvr32 Cryptdlg.dll regsvr32 Dssenh.dll regsvr32 Rsaenh.dll Note you can copy the above and paste in a Notepad and Save As on the Desktop reg.bat file, double click the icon for the reg.bat and lick [OK] and then Yes. Again on the Run command type in: ipconfig /flushdns click [OK] ipconfig /renew click [OK] netsh winsock reset click [OK] Reboot your machine and see if you can access any website/link easily and without the cannot connect error message. or this tool (winsock-Fix) from he http://www.nasstec.co.uk/tools.html = Either try to update your windows scripting engine or Java version on your computer, try to uninstall the old Java first. Windows Script 5.6 Documentation http://www.microsoft.com/downloads/d...displaylang=en http://www.java.com/en/download/index.jsp = Open the Windows Explorer and locate this path: C:\Windows\System32\drivers\etc = look in the Right Pane/window for this file called the HOSTS file but not the one with the extension *.SAM* leave this as is. If you can't see it try to click Tools Folder Options and select show Hidden files and folder, then right Click the Hosts file and select open with Notepad. There see any reference for that site and remove it, you Hosts file will looks like this: # 102.54.94.97 rhino.acme.com # Source server # 38.25.63.10 x.acme.com # Client Host 127.0.0.1 LocalHost ------------------------------------------ Remove all other References other than those above. You can also try to assign the web address in the trusted zone on the IE properties. = Before we go further are you connecting by Router or Modem, in either try to Power or unplug the Power cord for the Router/Modem for about 40 seconds or so be generous with it g turn the computer OFF and wait for the time to go by!!. Then Turn the Router/Modem ON and wait a minute or so then Power ON the computer and try to establish a connection and try the link, does it work?. If still then continue the heavy work: Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD Reboot the machine and try, does it work. If not try this: search for them by this name *index.dat* and you can delete them then the on reboot the system will recreate them for you. Some of them he C:\Documents and settings\Administrator\Cookies = index C:\Documents and Settings\User\Cookies = index C:\Documents and settings\User\User data = index C:\Windows\Temp\Cookies =index C:\Windows\Temp\History = index C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat Reboot your machine and see if this helped. Check your connection (TCP/IP setting) are set correct. How to troubleshoot network connectivity problems in Internet Explorer http://support.microsoft.com/default.aspx/kb/936211 Open the Run command and type in: regedit click [OK] Locate this key and make sure the subs look like this or change them; [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\DefaultPrefix] @="http://" [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" HTH. Let us know. nass --------- http://www.nasstec.co.uk |
#10
|
|||
|
|||
error 576?
I am and always have been the only user on this computer and I haven't
changed any settings that would log 173 successful logins in the past 3 hours and this pc has never been networked to any other pc. "nass" wrote: Hi Teri, You need to tune up your Security Auditing as this an accessive event logs for successful or failure log in! Did you plan the auditing or somebody else? does this machine one day was connected to a server/workgroup andPolicy Auding been implemented ? you enabled auditing of logon and you need to disable it: http://www.microsoft.com/technet/pro....mspx?mfr=true And this http://support.microsoft.com/kb/305822 Windows and Active Directory auditing http://www.tunexp.com/news/windows-story-921.html How to audit user access of files, folders, and printers in Windows XP View products that this article applies to. http://support.microsoft.com/kb/310399 http://msdn.microsoft.com/en-us/library/ms731669.aspx Understanding Logon and Authentication http://technet.microsoft.com/en-us/l.../bb457114.aspx BlackLight™ Rootkit Elimination http://www.f-secure.com/news/items/n...05030701.shtml "Webpage cannot be displayed": http://support.microsoft.com/kb/942818 Error message when you open a Web page in Windows Internet Explorer 7: "Internet Explorer has encountered a problem and needs to close" http://support.microsoft.com/kb/936904 How to optimize or reset Internet Explorer 7 http://support.microsoft.com/kb/936213/ How to use Reset Internet Explorer Settings (RIES): http://support.microsoft.com/kb/923737 HTH nass --- http://www.nasstec.co.uk "Teri" wrote: awesome post! In response to Alec's question yes I have tried to do a Window's update and an AVG update both of which failed. I have been following down the line with nass's instructions and things were going fairly well until I tried to reply to your post at which time I kept getting "This page cannot be displayed" I went back and checked the "Use STL 1.0" and only then was I able to reply. When I tried to go into the registry editor by typing regedit in the run box I got the error " regedit is not a valid Win32 application" and it wouldn't open it. I could open it by going to the exe file. I have not made it through the list entirely my next step is to try to update the windows scripting engine but I started to panic a little when I couldn't rate the post or reply. I am still getting the 576 & 528 events several times a minute but I will attempt to finish the instructions given and hopefully report all is good at completion. I am connecting through a modem and I have recycled the power. "nass" wrote: "Teri" wrote: Several times a minute my event viewer is reporting event ID 576 and 528. Successful logon? User name Network Service, Domain: NT Authority, Logon ID: (0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what this means and I've never seen it like this in here before. I am running XP Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online scanners and they show nothing 1... Click start Control Panel Double Click Network and Internet Connections Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. Click on Connections tab then click LAN Settings Button, there make sure nothing checked. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit . How to manage Add-Ons: http://support.microsoft.com/kb/883256 Click on Advanced Tab and scroll down under the browsing option and uncheck this box: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) &] HTTP 1.1 Settings [ ] Use HTTP 1.1 ,= Make sure this checked [ ] Use HTTP 1.1 through proxy connections If you using proxy check the proxy one if not check only the first one. Then under Security Option: [&] Security [ ] Use SSL 2.0 [ ] Use SSL 3.0 [ ] Use STL 1.0 and click Apply then [OK] to close the IE properties Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich http://www.microsoft.com/technet/sys...tRevealer.mspx Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html = Then Open a run command and type in these DLLs to re-register them: regsvr32 SOFTPUB.DLL regsvr32 Wintrust.dll regsvr32 Mssip32.dll regsvr32 Initpki.dll regsvr32 Msjava.dll regsvr32 Gpkcsp.dll regsvr32 Sccbase.dll regsvr32 Slbcsp.dll regsvr32 Urlmon.dll regsvr32 Cryptdlg.dll regsvr32 Dssenh.dll regsvr32 Rsaenh.dll Note you can copy the above and paste in a Notepad and Save As on the Desktop reg.bat file, double click the icon for the reg.bat and lick [OK] and then Yes. Again on the Run command type in: ipconfig /flushdns click [OK] ipconfig /renew click [OK] netsh winsock reset click [OK] Reboot your machine and see if you can access any website/link easily and without the cannot connect error message. or this tool (winsock-Fix) from he http://www.nasstec.co.uk/tools.html = Either try to update your windows scripting engine or Java version on your computer, try to uninstall the old Java first. Windows Script 5.6 Documentation http://www.microsoft.com/downloads/d...displaylang=en http://www.java.com/en/download/index.jsp = Open the Windows Explorer and locate this path: C:\Windows\System32\drivers\etc = look in the Right Pane/window for this file called the HOSTS file but not the one with the extension *.SAM* leave this as is. If you can't see it try to click Tools Folder Options and select show Hidden files and folder, then right Click the Hosts file and select open with Notepad. There see any reference for that site and remove it, you Hosts file will looks like this: # 102.54.94.97 rhino.acme.com # Source server # 38.25.63.10 x.acme.com # Client Host 127.0.0.1 LocalHost ------------------------------------------ Remove all other References other than those above. You can also try to assign the web address in the trusted zone on the IE properties. = Before we go further are you connecting by Router or Modem, in either try to Power or unplug the Power cord for the Router/Modem for about 40 seconds or so be generous with it g turn the computer OFF and wait for the time to go by!!. Then Turn the Router/Modem ON and wait a minute or so then Power ON the computer and try to establish a connection and try the link, does it work?. If still then continue the heavy work: Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD Reboot the machine and try, does it work. If not try this: search for them by this name *index.dat* and you can delete them then the on reboot the system will recreate them for you. Some of them he C:\Documents and settings\Administrator\Cookies = index C:\Documents and Settings\User\Cookies = index C:\Documents and settings\User\User data = index C:\Windows\Temp\Cookies =index C:\Windows\Temp\History = index C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat Reboot your machine and see if this helped. Check your connection (TCP/IP setting) are set correct. How to troubleshoot network connectivity problems in Internet Explorer http://support.microsoft.com/default.aspx/kb/936211 Open the Run command and type in: regedit click [OK] Locate this key and make sure the subs look like this or change them; [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\DefaultPrefix] @="http://" [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" HTH. Let us know. nass --------- http://www.nasstec.co.uk |
#11
|
|||
|
|||
error 576?
Hi Teri, Craete a new account and see if that will behave and function okay! How to Identify a Damaged User Profile and Create a New Profile http://support.microsoft.com/kb/811151 Run the BlackLight™ Rootkit Elimination http://www.f-secure.com/news/items/n...05030701.shtml Download this tool o run clean up: http://www.ccleaner.com Comodo BOClean : Anti-Malware Version 4.27 http://www.comodo.com/boclean/boclean.html download Hijackthis and send me the log. (http://www.trendsecure.com/portal/en...hijackthis.php) Send me copy to my address is : to_you_ross(at remove this and repalce with the obvious)yahoo.co.uk ( _ is underscore) HTH nass -- http://www.nasstec.co.uk "Teri" wrote: I am and always have been the only user on this computer and I haven't changed any settings that would log 173 successful logins in the past 3 hours and this pc has never been networked to any other pc. "nass" wrote: Hi Teri, You need to tune up your Security Auditing as this an accessive event logs for successful or failure log in! Did you plan the auditing or somebody else? does this machine one day was connected to a server/workgroup andPolicy Auding been implemented ? you enabled auditing of logon and you need to disable it: http://www.microsoft.com/technet/pro....mspx?mfr=true And this http://support.microsoft.com/kb/305822 Windows and Active Directory auditing http://www.tunexp.com/news/windows-story-921.html How to audit user access of files, folders, and printers in Windows XP View products that this article applies to. http://support.microsoft.com/kb/310399 http://msdn.microsoft.com/en-us/library/ms731669.aspx Understanding Logon and Authentication http://technet.microsoft.com/en-us/l.../bb457114.aspx BlackLight™ Rootkit Elimination http://www.f-secure.com/news/items/n...05030701.shtml "Webpage cannot be displayed": http://support.microsoft.com/kb/942818 Error message when you open a Web page in Windows Internet Explorer 7: "Internet Explorer has encountered a problem and needs to close" http://support.microsoft.com/kb/936904 How to optimize or reset Internet Explorer 7 http://support.microsoft.com/kb/936213/ How to use Reset Internet Explorer Settings (RIES): http://support.microsoft.com/kb/923737 HTH nass --- http://www.nasstec.co.uk "Teri" wrote: awesome post! In response to Alec's question yes I have tried to do a Window's update and an AVG update both of which failed. I have been following down the line with nass's instructions and things were going fairly well until I tried to reply to your post at which time I kept getting "This page cannot be displayed" I went back and checked the "Use STL 1.0" and only then was I able to reply. When I tried to go into the registry editor by typing regedit in the run box I got the error " regedit is not a valid Win32 application" and it wouldn't open it. I could open it by going to the exe file. I have not made it through the list entirely my next step is to try to update the windows scripting engine but I started to panic a little when I couldn't rate the post or reply. I am still getting the 576 & 528 events several times a minute but I will attempt to finish the instructions given and hopefully report all is good at completion. I am connecting through a modem and I have recycled the power. "nass" wrote: "Teri" wrote: Several times a minute my event viewer is reporting event ID 576 and 528. Successful logon? User name Network Service, Domain: NT Authority, Logon ID: (0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what this means and I've never seen it like this in here before. I am running XP Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online scanners and they show nothing 1... Click start Control Panel Double Click Network and Internet Connections Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. Click on Connections tab then click LAN Settings Button, there make sure nothing checked. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit . How to manage Add-Ons: http://support.microsoft.com/kb/883256 Click on Advanced Tab and scroll down under the browsing option and uncheck this box: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) &] HTTP 1.1 Settings [ ] Use HTTP 1.1 ,= Make sure this checked [ ] Use HTTP 1.1 through proxy connections If you using proxy check the proxy one if not check only the first one. Then under Security Option: [&] Security [ ] Use SSL 2.0 [ ] Use SSL 3.0 [ ] Use STL 1.0 and click Apply then [OK] to close the IE properties Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich http://www.microsoft.com/technet/sys...tRevealer.mspx Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html = Then Open a run command and type in these DLLs to re-register them: regsvr32 SOFTPUB.DLL regsvr32 Wintrust.dll regsvr32 Mssip32.dll regsvr32 Initpki.dll regsvr32 Msjava.dll regsvr32 Gpkcsp.dll regsvr32 Sccbase.dll regsvr32 Slbcsp.dll regsvr32 Urlmon.dll regsvr32 Cryptdlg.dll regsvr32 Dssenh.dll regsvr32 Rsaenh.dll Note you can copy the above and paste in a Notepad and Save As on the Desktop reg.bat file, double click the icon for the reg.bat and lick [OK] and then Yes. Again on the Run command type in: ipconfig /flushdns click [OK] ipconfig /renew click [OK] netsh winsock reset click [OK] Reboot your machine and see if you can access any website/link easily and without the cannot connect error message. or this tool (winsock-Fix) from he http://www.nasstec.co.uk/tools.html = Either try to update your windows scripting engine or Java version on your computer, try to uninstall the old Java first. Windows Script 5.6 Documentation http://www.microsoft.com/downloads/d...displaylang=en http://www.java.com/en/download/index.jsp = Open the Windows Explorer and locate this path: C:\Windows\System32\drivers\etc = look in the Right Pane/window for this file called the HOSTS file but not the one with the extension *.SAM* leave this as is. If you can't see it try to click Tools Folder Options and select show Hidden files and folder, then right Click the Hosts file and select open with Notepad. There see any reference for that site and remove it, you Hosts file will looks like this: # 102.54.94.97 rhino.acme.com # Source server # 38.25.63.10 x.acme.com # Client Host 127.0.0.1 LocalHost ------------------------------------------ Remove all other References other than those above. You can also try to assign the web address in the trusted zone on the IE properties. = Before we go further are you connecting by Router or Modem, in either try to Power or unplug the Power cord for the Router/Modem for about 40 seconds or so be generous with it g turn the computer OFF and wait for the time to go by!!. Then Turn the Router/Modem ON and wait a minute or so then Power ON the computer and try to establish a connection and try the link, does it work?. If still then continue the heavy work: Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD Reboot the machine and try, does it work. If not try this: search for them by this name *index.dat* and you can delete them then the on reboot the system will recreate them for you. Some of them he C:\Documents and settings\Administrator\Cookies = index C:\Documents and Settings\User\Cookies = index C:\Documents and settings\User\User data = index C:\Windows\Temp\Cookies =index C:\Windows\Temp\History = index C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat Reboot your machine and see if this helped. Check your connection (TCP/IP setting) are set correct. How to troubleshoot network connectivity problems in Internet Explorer http://support.microsoft.com/default.aspx/kb/936211 Open the Run command and type in: regedit click [OK] Locate this key and make sure the subs look like this or change them; [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\DefaultPrefix] @="http://" [HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" HTH. Let us know. nass --------- http://www.nasstec.co.uk |
Thread Tools | |
Display Modes | |
|
|