error 576?

  • Thread starter Thread starter Teri
  • Start date Start date
T

Teri

Several times a minute my event viewer is reporting event ID 576 and 528.
Successful logon? User name Network Service, Domain: NT Authority, Logon ID:
(0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what
this means and I've never seen it like this in here before. I am running XP
Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online
scanners and they show nothing
 
I guess what I should have said is my computer is not being "normal" at the
moment. Now when I try to log in to my email I get an error from Microsoft
Internet Explorer...Internet Explorer cannot open the Internet site
http://..... Operation aborted.
This just started today and I've never had that before. I haven't changed
any settings recently. I have DSL.....I have received that same error when I
have tried to log in to a couple of other web sites. Maybe you can give me
some advice? Thank you
 
Teri wrote (in news:[email protected]):
I guess what I should have said is my computer is not being "normal" at the
moment. Now when I try to log in to my email I get an error from Microsoft
Internet Explorer...Internet Explorer cannot open the Internet site
http://..... Operation aborted.
This just started today and I've never had that before. I haven't changed
any settings recently. I have DSL.....I have received that same error when I
have tried to log in to a couple of other web sites. Maybe you can give me
some advice? Thank you

There is a registry entry that causes Windows to make a lot more entries every
time a high privllge event occurs. It is normally off, but maybe it was somehow
turned on in your system. Have you run any new programs or done a Windows update
recently?
 
Teri said:
Several times a minute my event viewer is reporting event ID 576 and 528.
Successful logon? User name Network Service, Domain: NT Authority, Logon ID:
(0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what
this means and I've never seen it like this in here before. I am running XP
Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online
scanners and they show nothing


1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

Click on Connections tab then click LAN Settings Button, there make sure
nothing checked.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest)
&] HTTP 1.1 Settings
[ ] Use HTTP 1.1 ,= Make sure this checked
[ ] Use HTTP 1.1 through proxy connections
If you using proxy check the proxy one if not check only the first one.

Then under Security Option:
[&] Security
[ ] Use SSL 2.0
[ ] Use SSL 3.0
[ ] Use STL 1.0

and click Apply then [OK] to close the IE properties

Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


= Then Open a run command and type in these DLLs to re-register them:
regsvr32 SOFTPUB.DLL
regsvr32 Wintrust.dll
regsvr32 Mssip32.dll
regsvr32 Initpki.dll
regsvr32 Msjava.dll
regsvr32 Gpkcsp.dll
regsvr32 Sccbase.dll
regsvr32 Slbcsp.dll
regsvr32 Urlmon.dll
regsvr32 Cryptdlg.dll
regsvr32 Dssenh.dll
regsvr32 Rsaenh.dll
Note you can copy the above and paste in a Notepad and Save As on the
Desktop reg.bat file, double click the icon for the reg.bat and lick [OK]
and then Yes.
Again on the Run command type in:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your machine and see if you can access any website/link easily and
without the cannot connect error message.
or this tool (winsock-Fix) from here:
http://www.nasstec.co.uk/tools.html

= Either try to update your windows scripting engine or Java version on your
computer, try to uninstall the old Java first.
Windows Script 5.6 Documentation
http://www.microsoft.com/downloads/...48-207D-4BE1-8A76-1C4099D7BBB9&displaylang=en
http://www.java.com/en/download/index.jsp

= Open the Windows
Explorer and locate this path:
C:\Windows\System32\drivers\etc = look in the Right Pane/window for this
file called the HOSTS file but not the one with the extension *.SAM* leave
this as is.
If you can't see it try to click Tools >> Folder Options and select show
Hidden files and folder, then right Click the Hosts file and select open with
Notepad.
There see any reference for that site and remove it, you Hosts file will
looks like this:
# 102.54.94.97 rhino.acme.com # Source server
# 38.25.63.10 x.acme.com # Client Host
127.0.0.1 LocalHost
------------------------------------------
Remove all other References other than those above.
You can also try to assign the web address in the trusted zone on the IE
properties.

=> Before we go further are you connecting by Router or Modem, in either try
to
Power or unplug the Power cord for the Router/Modem for about 40 seconds or
so be generous with it <g> turn the computer OFF and wait for the time to go
by!!.
Then Turn the Router/Modem ON and wait a minute or so then Power ON the
computer and try to establish a connection and try the link, does it work?.

If still then continue the heavy work:
Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD
Reboot the machine and try, does it work.

If not try this:
search for them by this name *index.dat* and you can delete them
then the on reboot the system will recreate them for you.
Some of them here:
C:\Documents and settings\Administrator\Cookies = index
C:\Documents and Settings\User\Cookies = index
C:\Documents and settings\User\User data = index
C:\Windows\Temp\Cookies =index
C:\Windows\Temp\History = index
C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat
Reboot your machine and see if this helped.
Check your connection (TCP/IP setting) are set correct.


How to troubleshoot network connectivity problems in Internet Explorer
http://support.microsoft.com/default.aspx/kb/936211

Open the Run command and type in:
regedit click [OK]
Locate this key and make sure the subs look like this or change them;

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

HTH.
Let us know.
nass
 
awesome post! In response to Alec's question yes I have tried to do a
Window's update and an AVG update both of which failed. I have been
following down the line with nass's instructions and things were going fairly
well until I tried to reply to your post at which time I kept getting "This
page cannot be displayed" I went back and checked the "Use STL 1.0" and only
then was I able to reply. When I tried to go into the registry editor by
typing regedit in the run box I got the error " regedit is not a valid Win32
application" and it wouldn't open it. I could open it by going to the exe
file. I have not made it through the list entirely my next step is to try to
update the windows scripting engine but I started to panic a little when I
couldn't rate the post or reply. I am still getting the 576 & 528 events
several times a minute but I will attempt to finish the instructions given
and hopefully report all is good at completion. I am connecting through a
modem and I have recycled the power.

nass said:
Teri said:
Several times a minute my event viewer is reporting event ID 576 and 528.
Successful logon? User name Network Service, Domain: NT Authority, Logon ID:
(0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what
this means and I've never seen it like this in here before. I am running XP
Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online
scanners and they show nothing


1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

Click on Connections tab then click LAN Settings Button, there make sure
nothing checked.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest)
&] HTTP 1.1 Settings
[ ] Use HTTP 1.1 ,= Make sure this checked
[ ] Use HTTP 1.1 through proxy connections
If you using proxy check the proxy one if not check only the first one.

Then under Security Option:
[&] Security
[ ] Use SSL 2.0
[ ] Use SSL 3.0
[ ] Use STL 1.0

and click Apply then [OK] to close the IE properties

Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


= Then Open a run command and type in these DLLs to re-register them:
regsvr32 SOFTPUB.DLL
regsvr32 Wintrust.dll
regsvr32 Mssip32.dll
regsvr32 Initpki.dll
regsvr32 Msjava.dll
regsvr32 Gpkcsp.dll
regsvr32 Sccbase.dll
regsvr32 Slbcsp.dll
regsvr32 Urlmon.dll
regsvr32 Cryptdlg.dll
regsvr32 Dssenh.dll
regsvr32 Rsaenh.dll
Note you can copy the above and paste in a Notepad and Save As on the
Desktop reg.bat file, double click the icon for the reg.bat and lick [OK]
and then Yes.
Again on the Run command type in:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your machine and see if you can access any website/link easily and
without the cannot connect error message.
or this tool (winsock-Fix) from here:
http://www.nasstec.co.uk/tools.html

= Either try to update your windows scripting engine or Java version on your
computer, try to uninstall the old Java first.
Windows Script 5.6 Documentation
http://www.microsoft.com/downloads/...48-207D-4BE1-8A76-1C4099D7BBB9&displaylang=en
http://www.java.com/en/download/index.jsp

= Open the Windows
Explorer and locate this path:
C:\Windows\System32\drivers\etc = look in the Right Pane/window for this
file called the HOSTS file but not the one with the extension *.SAM* leave
this as is.
If you can't see it try to click Tools >> Folder Options and select show
Hidden files and folder, then right Click the Hosts file and select open with
Notepad.
There see any reference for that site and remove it, you Hosts file will
looks like this:
# 102.54.94.97 rhino.acme.com # Source server
# 38.25.63.10 x.acme.com # Client Host
127.0.0.1 LocalHost
------------------------------------------
Remove all other References other than those above.
You can also try to assign the web address in the trusted zone on the IE
properties.

=> Before we go further are you connecting by Router or Modem, in either try
to
Power or unplug the Power cord for the Router/Modem for about 40 seconds or
so be generous with it <g> turn the computer OFF and wait for the time to go
by!!.
Then Turn the Router/Modem ON and wait a minute or so then Power ON the
computer and try to establish a connection and try the link, does it work?.

If still then continue the heavy work:
Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD
Reboot the machine and try, does it work.

If not try this:
search for them by this name *index.dat* and you can delete them
then the on reboot the system will recreate them for you.
Some of them here:
C:\Documents and settings\Administrator\Cookies = index
C:\Documents and Settings\User\Cookies = index
C:\Documents and settings\User\User data = index
C:\Windows\Temp\Cookies =index
C:\Windows\Temp\History = index
C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat
Reboot your machine and see if this helped.
Check your connection (TCP/IP setting) are set correct.


How to troubleshoot network connectivity problems in Internet Explorer
http://support.microsoft.com/default.aspx/kb/936211

Open the Run command and type in:
regedit click [OK]
Locate this key and make sure the subs look like this or change them;

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

HTH.
Let us know.
nass
 
Teri wrote (in
awesome post! In response to Alec's question yes I have tried to do a
Window's update and an AVG update both of which failed. I have been
following down the line with nass's instructions and things were going fairly
well until I tried to reply to your post at which time I kept getting "This
page cannot be displayed" I went back and checked the "Use STL 1.0" and only
then was I able to reply. When I tried to go into the registry editor by
typing regedit in the run box I got the error " regedit is not a valid Win32
application" and it wouldn't open it. I could open it by going to the exe
file.


Well if you can open the registry, go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and check that
FullPrivilegeAuditing is set to 0. If it is not, then set it to 0. If it is,
then you’ve got another problem (I mean the events specifically, not the
Internet connection problems).
 
It was set to 00

Alec S. said:
Teri wrote (in
file.


Well if you can open the registry, go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and check that
FullPrivilegeAuditing is set to 0. If it is not, then set it to 0. If it is,
then you’ve got another problem (I mean the events specifically, not the
Internet connection problems).
 
Hi Teri,
You need to tune up your Security Auditing as this an accessive event logs
for successful or failure log in!
Did you plan the auditing or somebody else? does this machine one day was
connected to a server/workgroup andPolicy Auding been implemented ?
you enabled auditing of logon and you need to disable it
http://www.microsoft.com/technet/pr...8e2-d442-4b60-9cb3-dab80f2c578e.mspx?mfr=true
And this
http://support.microsoft.com/kb/305822
Windows and Active Directory auditing
http://www.tunexp.com/news/windows-story-921.html

How to audit user access of files, folders, and printers in Windows XP
View products that this article applies to.
http://support.microsoft.com/kb/310399

http://msdn.microsoft.com/en-us/library/ms731669.aspx
Understanding Logon and Authentication
http://technet.microsoft.com/en-us/library/bb457114.aspx

BlackLightâ„¢ Rootkit Elimination
http://www.f-secure.com/news/items/news_2005030701.shtml

"Webpage cannot be displayed":
http://support.microsoft.com/kb/942818

Error message when you open a Web page in Windows Internet Explorer 7:
"Internet Explorer has encountered a problem and needs to close"
http://support.microsoft.com/kb/936904

How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213/
How to use Reset Internet Explorer Settings (RIES):
http://support.microsoft.com/kb/923737

HTH
nass
---
http://www.nasstec.co.uk

Teri said:
awesome post! In response to Alec's question yes I have tried to do a
Window's update and an AVG update both of which failed. I have been
following down the line with nass's instructions and things were going fairly
well until I tried to reply to your post at which time I kept getting "This
page cannot be displayed" I went back and checked the "Use STL 1.0" and only
then was I able to reply. When I tried to go into the registry editor by
typing regedit in the run box I got the error " regedit is not a valid Win32
application" and it wouldn't open it. I could open it by going to the exe
file. I have not made it through the list entirely my next step is to try to
update the windows scripting engine but I started to panic a little when I
couldn't rate the post or reply. I am still getting the 576 & 528 events
several times a minute but I will attempt to finish the instructions given
and hopefully report all is good at completion. I am connecting through a
modem and I have recycled the power.

nass said:
Teri said:
Several times a minute my event viewer is reporting event ID 576 and 528.
Successful logon? User name Network Service, Domain: NT Authority, Logon ID:
(0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what
this means and I've never seen it like this in here before. I am running XP
Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online
scanners and they show nothing


1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

Click on Connections tab then click LAN Settings Button, there make sure
nothing checked.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest)
&] HTTP 1.1 Settings
[ ] Use HTTP 1.1 ,= Make sure this checked
[ ] Use HTTP 1.1 through proxy connections
If you using proxy check the proxy one if not check only the first one.

Then under Security Option:
[&] Security
[ ] Use SSL 2.0
[ ] Use SSL 3.0
[ ] Use STL 1.0

and click Apply then [OK] to close the IE properties

Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


= Then Open a run command and type in these DLLs to re-register them:
regsvr32 SOFTPUB.DLL
regsvr32 Wintrust.dll
regsvr32 Mssip32.dll
regsvr32 Initpki.dll
regsvr32 Msjava.dll
regsvr32 Gpkcsp.dll
regsvr32 Sccbase.dll
regsvr32 Slbcsp.dll
regsvr32 Urlmon.dll
regsvr32 Cryptdlg.dll
regsvr32 Dssenh.dll
regsvr32 Rsaenh.dll
Note you can copy the above and paste in a Notepad and Save As on the
Desktop reg.bat file, double click the icon for the reg.bat and lick [OK]
and then Yes.
Again on the Run command type in:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your machine and see if you can access any website/link easily and
without the cannot connect error message.
or this tool (winsock-Fix) from here:
http://www.nasstec.co.uk/tools.html

= Either try to update your windows scripting engine or Java version on your
computer, try to uninstall the old Java first.
Windows Script 5.6 Documentation
http://www.microsoft.com/downloads/...48-207D-4BE1-8A76-1C4099D7BBB9&displaylang=en
http://www.java.com/en/download/index.jsp

= Open the Windows
Explorer and locate this path:
C:\Windows\System32\drivers\etc = look in the Right Pane/window for this
file called the HOSTS file but not the one with the extension *.SAM* leave
this as is.
If you can't see it try to click Tools >> Folder Options and select show
Hidden files and folder, then right Click the Hosts file and select open with
Notepad.
There see any reference for that site and remove it, you Hosts file will
looks like this:
# 102.54.94.97 rhino.acme.com # Source server
# 38.25.63.10 x.acme.com # Client Host
127.0.0.1 LocalHost
------------------------------------------
Remove all other References other than those above.
You can also try to assign the web address in the trusted zone on the IE
properties.

=> Before we go further are you connecting by Router or Modem, in either try
to
Power or unplug the Power cord for the Router/Modem for about 40 seconds or
so be generous with it <g> turn the computer OFF and wait for the time to go
by!!.
Then Turn the Router/Modem ON and wait a minute or so then Power ON the
computer and try to establish a connection and try the link, does it work?.

If still then continue the heavy work:
Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD
Reboot the machine and try, does it work.

If not try this:
search for them by this name *index.dat* and you can delete them
then the on reboot the system will recreate them for you.
Some of them here:
C:\Documents and settings\Administrator\Cookies = index
C:\Documents and Settings\User\Cookies = index
C:\Documents and settings\User\User data = index
C:\Windows\Temp\Cookies =index
C:\Windows\Temp\History = index
C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat
Reboot your machine and see if this helped.
Check your connection (TCP/IP setting) are set correct.


How to troubleshoot network connectivity problems in Internet Explorer
http://support.microsoft.com/default.aspx/kb/936211

Open the Run command and type in:
regedit click [OK]
Locate this key and make sure the subs look like this or change them;

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

HTH.
Let us know.
nass
 
I am and always have been the only user on this computer and I haven't
changed any settings that would log 173 successful logins in the past 3 hours
and this pc has never been networked to any other pc.

nass said:
Hi Teri,
You need to tune up your Security Auditing as this an accessive event logs
for successful or failure log in!
Did you plan the auditing or somebody else? does this machine one day was
connected to a server/workgroup andPolicy Auding been implemented ?
you enabled auditing of logon and you need to disable it:
http://www.microsoft.com/technet/pr...8e2-d442-4b60-9cb3-dab80f2c578e.mspx?mfr=true
And this
http://support.microsoft.com/kb/305822
Windows and Active Directory auditing
http://www.tunexp.com/news/windows-story-921.html

How to audit user access of files, folders, and printers in Windows XP
View products that this article applies to.
http://support.microsoft.com/kb/310399

http://msdn.microsoft.com/en-us/library/ms731669.aspx
Understanding Logon and Authentication
http://technet.microsoft.com/en-us/library/bb457114.aspx

BlackLightâ„¢ Rootkit Elimination
http://www.f-secure.com/news/items/news_2005030701.shtml

"Webpage cannot be displayed":
http://support.microsoft.com/kb/942818

Error message when you open a Web page in Windows Internet Explorer 7:
"Internet Explorer has encountered a problem and needs to close"
http://support.microsoft.com/kb/936904

How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213/
How to use Reset Internet Explorer Settings (RIES):
http://support.microsoft.com/kb/923737

HTH
nass
---
http://www.nasstec.co.uk

Teri said:
awesome post! In response to Alec's question yes I have tried to do a
Window's update and an AVG update both of which failed. I have been
following down the line with nass's instructions and things were going fairly
well until I tried to reply to your post at which time I kept getting "This
page cannot be displayed" I went back and checked the "Use STL 1.0" and only
then was I able to reply. When I tried to go into the registry editor by
typing regedit in the run box I got the error " regedit is not a valid Win32
application" and it wouldn't open it. I could open it by going to the exe
file. I have not made it through the list entirely my next step is to try to
update the windows scripting engine but I started to panic a little when I
couldn't rate the post or reply. I am still getting the 576 & 528 events
several times a minute but I will attempt to finish the instructions given
and hopefully report all is good at completion. I am connecting through a
modem and I have recycled the power.

nass said:
:

Several times a minute my event viewer is reporting event ID 576 and 528.
Successful logon? User name Network Service, Domain: NT Authority, Logon ID:
(0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what
this means and I've never seen it like this in here before. I am running XP
Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online
scanners and they show nothing


1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

Click on Connections tab then click LAN Settings Button, there make sure
nothing checked.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest)
&] HTTP 1.1 Settings
[ ] Use HTTP 1.1 ,= Make sure this checked
[ ] Use HTTP 1.1 through proxy connections
If you using proxy check the proxy one if not check only the first one.

Then under Security Option:
[&] Security
[ ] Use SSL 2.0
[ ] Use SSL 3.0
[ ] Use STL 1.0

and click Apply then [OK] to close the IE properties

Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


= Then Open a run command and type in these DLLs to re-register them:
regsvr32 SOFTPUB.DLL
regsvr32 Wintrust.dll
regsvr32 Mssip32.dll
regsvr32 Initpki.dll
regsvr32 Msjava.dll
regsvr32 Gpkcsp.dll
regsvr32 Sccbase.dll
regsvr32 Slbcsp.dll
regsvr32 Urlmon.dll
regsvr32 Cryptdlg.dll
regsvr32 Dssenh.dll
regsvr32 Rsaenh.dll
Note you can copy the above and paste in a Notepad and Save As on the
Desktop reg.bat file, double click the icon for the reg.bat and lick [OK]
and then Yes.
Again on the Run command type in:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your machine and see if you can access any website/link easily and
without the cannot connect error message.
or this tool (winsock-Fix) from here:
http://www.nasstec.co.uk/tools.html

= Either try to update your windows scripting engine or Java version on your
computer, try to uninstall the old Java first.
Windows Script 5.6 Documentation
http://www.microsoft.com/downloads/...48-207D-4BE1-8A76-1C4099D7BBB9&displaylang=en
http://www.java.com/en/download/index.jsp

= Open the Windows
Explorer and locate this path:
C:\Windows\System32\drivers\etc = look in the Right Pane/window for this
file called the HOSTS file but not the one with the extension *.SAM* leave
this as is.
If you can't see it try to click Tools >> Folder Options and select show
Hidden files and folder, then right Click the Hosts file and select open with
Notepad.
There see any reference for that site and remove it, you Hosts file will
looks like this:
# 102.54.94.97 rhino.acme.com # Source server
# 38.25.63.10 x.acme.com # Client Host
127.0.0.1 LocalHost
------------------------------------------
Remove all other References other than those above.
You can also try to assign the web address in the trusted zone on the IE
properties.

=> Before we go further are you connecting by Router or Modem, in either try
to
Power or unplug the Power cord for the Router/Modem for about 40 seconds or
so be generous with it <g> turn the computer OFF and wait for the time to go
by!!.
Then Turn the Router/Modem ON and wait a minute or so then Power ON the
computer and try to establish a connection and try the link, does it work?.

If still then continue the heavy work:
Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD
Reboot the machine and try, does it work.

If not try this:
search for them by this name *index.dat* and you can delete them
then the on reboot the system will recreate them for you.
Some of them here:
C:\Documents and settings\Administrator\Cookies = index
C:\Documents and Settings\User\Cookies = index
C:\Documents and settings\User\User data = index
C:\Windows\Temp\Cookies =index
C:\Windows\Temp\History = index
C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat
Reboot your machine and see if this helped.
Check your connection (TCP/IP setting) are set correct.


How to troubleshoot network connectivity problems in Internet Explorer
http://support.microsoft.com/default.aspx/kb/936211

Open the Run command and type in:
regedit click [OK]
Locate this key and make sure the subs look like this or change them;

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

HTH.
Let us know.
nass
 
Hi Teri,
Craete a new account and see if that will behave and function okay!
How to Identify a Damaged User Profile and Create a New Profile
http://support.microsoft.com/kb/811151

Run the BlackLightâ„¢ Rootkit Elimination
http://www.f-secure.com/news/items/news_2005030701.shtml


Download this tool o run clean up:
http://www.ccleaner.com
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html
download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
Send me copy to my address is : to_you_ross(at remove this and repalce with
the
obvious)yahoo.co.uk

( _ is underscore)
HTH
nass
--
http://www.nasstec.co.uk

Teri said:
I am and always have been the only user on this computer and I haven't
changed any settings that would log 173 successful logins in the past 3 hours
and this pc has never been networked to any other pc.

nass said:
Hi Teri,
You need to tune up your Security Auditing as this an accessive event logs
for successful or failure log in!
Did you plan the auditing or somebody else? does this machine one day was
connected to a server/workgroup andPolicy Auding been implemented ?
you enabled auditing of logon and you need to disable it:
http://www.microsoft.com/technet/pr...8e2-d442-4b60-9cb3-dab80f2c578e.mspx?mfr=true
And this
http://support.microsoft.com/kb/305822
Windows and Active Directory auditing
http://www.tunexp.com/news/windows-story-921.html

How to audit user access of files, folders, and printers in Windows XP
View products that this article applies to.
http://support.microsoft.com/kb/310399

http://msdn.microsoft.com/en-us/library/ms731669.aspx
Understanding Logon and Authentication
http://technet.microsoft.com/en-us/library/bb457114.aspx

BlackLightâ„¢ Rootkit Elimination
http://www.f-secure.com/news/items/news_2005030701.shtml

"Webpage cannot be displayed":
http://support.microsoft.com/kb/942818

Error message when you open a Web page in Windows Internet Explorer 7:
"Internet Explorer has encountered a problem and needs to close"
http://support.microsoft.com/kb/936904

How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213/
How to use Reset Internet Explorer Settings (RIES):
http://support.microsoft.com/kb/923737

HTH
nass
---
http://www.nasstec.co.uk

Teri said:
awesome post! In response to Alec's question yes I have tried to do a
Window's update and an AVG update both of which failed. I have been
following down the line with nass's instructions and things were going fairly
well until I tried to reply to your post at which time I kept getting "This
page cannot be displayed" I went back and checked the "Use STL 1.0" and only
then was I able to reply. When I tried to go into the registry editor by
typing regedit in the run box I got the error " regedit is not a valid Win32
application" and it wouldn't open it. I could open it by going to the exe
file. I have not made it through the list entirely my next step is to try to
update the windows scripting engine but I started to panic a little when I
couldn't rate the post or reply. I am still getting the 576 & 528 events
several times a minute but I will attempt to finish the instructions given
and hopefully report all is good at completion. I am connecting through a
modem and I have recycled the power.

:



:

Several times a minute my event viewer is reporting event ID 576 and 528.
Successful logon? User name Network Service, Domain: NT Authority, Logon ID:
(0x0, 0x3E4), Logon Type:5, Logon Process: Advapi, ..... I don't know what
this means and I've never seen it like this in here before. I am running XP
Pro SP2, 512 mb ram, 70g harddrive. I have ran Panda and BitDefender online
scanners and they show nothing


1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

Click on Connections tab then click LAN Settings Button, there make sure
nothing checked.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest)
&] HTTP 1.1 Settings
[ ] Use HTTP 1.1 ,= Make sure this checked
[ ] Use HTTP 1.1 through proxy connections
If you using proxy check the proxy one if not check only the first one.

Then under Security Option:
[&] Security
[ ] Use SSL 2.0
[ ] Use SSL 3.0
[ ] Use STL 1.0

and click Apply then [OK] to close the IE properties

Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html


= Then Open a run command and type in these DLLs to re-register them:
regsvr32 SOFTPUB.DLL
regsvr32 Wintrust.dll
regsvr32 Mssip32.dll
regsvr32 Initpki.dll
regsvr32 Msjava.dll
regsvr32 Gpkcsp.dll
regsvr32 Sccbase.dll
regsvr32 Slbcsp.dll
regsvr32 Urlmon.dll
regsvr32 Cryptdlg.dll
regsvr32 Dssenh.dll
regsvr32 Rsaenh.dll
Note you can copy the above and paste in a Notepad and Save As on the
Desktop reg.bat file, double click the icon for the reg.bat and lick [OK]
and then Yes.
Again on the Run command type in:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your machine and see if you can access any website/link easily and
without the cannot connect error message.
or this tool (winsock-Fix) from here:
http://www.nasstec.co.uk/tools.html

= Either try to update your windows scripting engine or Java version on your
computer, try to uninstall the old Java first.
Windows Script 5.6 Documentation
http://www.microsoft.com/downloads/...48-207D-4BE1-8A76-1C4099D7BBB9&displaylang=en
http://www.java.com/en/download/index.jsp

= Open the Windows
Explorer and locate this path:
C:\Windows\System32\drivers\etc = look in the Right Pane/window for this
file called the HOSTS file but not the one with the extension *.SAM* leave
this as is.
If you can't see it try to click Tools >> Folder Options and select show
Hidden files and folder, then right Click the Hosts file and select open with
Notepad.
There see any reference for that site and remove it, you Hosts file will
looks like this:
# 102.54.94.97 rhino.acme.com # Source server
# 38.25.63.10 x.acme.com # Client Host
127.0.0.1 LocalHost
------------------------------------------
Remove all other References other than those above.
You can also try to assign the web address in the trusted zone on the IE
properties.

=> Before we go further are you connecting by Router or Modem, in either try
to
Power or unplug the Power cord for the Router/Modem for about 40 seconds or
so be generous with it <g> turn the computer OFF and wait for the time to go
by!!.
Then Turn the Router/Modem ON and wait a minute or so then Power ON the
computer and try to establish a connection and try the link, does it work?.

If still then continue the heavy work:
Open windows Explorer and locate the Hosts file and Rename it to Hosts.OLD
Reboot the machine and try, does it work.

If not try this:
search for them by this name *index.dat* and you can delete them
then the on reboot the system will recreate them for you.
Some of them here:
C:\Documents and settings\Administrator\Cookies = index
C:\Documents and Settings\User\Cookies = index
C:\Documents and settings\User\User data = index
C:\Windows\Temp\Cookies =index
C:\Windows\Temp\History = index
C:\Windows\Temp\Temporary Internet Files\Content.IE5 = Index.dat
Reboot your machine and see if this helped.
Check your connection (TCP/IP setting) are set correct.


How to troubleshoot network connectivity problems in Internet Explorer
http://support.microsoft.com/default.aspx/kb/936211

Open the Run command and type in:
regedit click [OK]
Locate this key and make sure the subs look like this or change them;

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

HTH.
Let us know.
nass
 
Back
Top