locked
Security issue that I have tried everything to stop. Can anyone please help? RRS feed

  • General discussion

  • I am running Windows 8 and I have my remote access turned off. I have also made sure that all access to any Bluetooth capability is turned off as well.  But every time I look in my security log I still see the same events logged in.  I have changed my password several times, I am running McAfee in stealth mode and made sure my firewalls pretty much don't let me type without notifying me.  I have taken great precautions when comes to my Internet as well.  I have had to reset my laptop to it's factory settings for the third time now because whoever this is thinks it funny to impersonate me somehow remotely and change my user rights to my own files.  I am attending online college and this is causing me great problems.  I have even found that they are now deleting important emails from my Online college inbox, then from the deleted inbox.  The following is just one of the examples of a log entry that I have.  If you have any suggestions, please feel free to let me know.  I will except any help!

    Event Viewer Information:

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          5/26/2013 7:44:46 AM
    Event ID:      4624
    Task Category: Logon
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      Again
    Description:
    An account was successfully logged on.

    General Tab:

    Subject:
     Security ID:  SYSTEM
     Account Name:  AGAIN$
     Account Domain:  WORKGROUP
     Logon ID:  0x3E7

    Logon Type:   5

    Impersonation Level:  Impersonation

    New Logon:
     Security ID:  SYSTEM
     Account Name:  SYSTEM
     Account Domain:  NT AUTHORITY
     Logon ID:  0x3E7
     Logon GUID:  {00000000-0000-0000-0000-000000000000}

    Process Information:
     Process ID:  0x30c
     Process Name:  C:\Windows\System32\services.exe

    Network Information:
     Workstation Name: 
     Source Network Address: -
     Source Port:  -

    Detailed Authentication Information:
     Logon Process:  Advapi 
     Authentication Package: Negotiate
     Transited Services: -
     Package Name (NTLM only): -
     Key Length:  0

    Details Tab: (Friendly view)

    Event Xml:
    <Event xmlns= <"schemas.microsoft.com win 2004 08 events event"> (this is actually a link but I had to alter it so Microsoft would let me post it)
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>4624</EventID>
        <Version>1</Version>
        <Level>0</Level>
        <Task>12544</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8020000000000000</Keywords>
        <TimeCreated SystemTime="2013-05-26T12:44:46.955387200Z" />
        <EventRecordID>10840</EventRecordID>
        <Correlation />
        <Execution ProcessID="788" ThreadID="4656" />
        <Channel>Security</Channel>
        <Computer>Again</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="SubjectUserSid">S-1-5-18</Data>
        <Data Name="SubjectUserName">AGAIN$</Data>
        <Data Name="SubjectDomainName">WORKGROUP</Data>
        <Data Name="SubjectLogonId">0x3e7</Data>
        <Data Name="TargetUserSid">S-1-5-18</Data>
        <Data Name="TargetUserName">SYSTEM</Data>
        <Data Name="TargetDomainName">NT AUTHORITY</Data>
        <Data Name="TargetLogonId">0x3e7</Data>
        <Data Name="LogonType">5</Data>
        <Data Name="LogonProcessName">Advapi  </Data>
        <Data Name="AuthenticationPackageName">Negotiate</Data>
        <Data Name="WorkstationName">
        </Data>
        <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
        <Data Name="TransmittedServices">-</Data>
        <Data Name="LmPackageName">-</Data>
        <Data Name="KeyLength">0</Data>
        <Data Name="ProcessId">0x30c</Data>
        <Data Name="ProcessName">C:\Windows\System32\services.exe</Data>
        <Data Name="IpAddress">-</Data>
        <Data Name="IpPort">-</Data>
        <Data Name="ImpersonationLevel">%%1833</Data>
      </EventData>
    </Event>

    Hopefully someone can please help!!

    Thx, WhatchBotheringMe4

    Sunday, May 26, 2013 2:48 PM

All replies