I am running Windows 8 and I have my remote access turned off. I have also made sure that all access to any Bluetooth capability is turned off as well. But every time I look in my security log I still see the same events logged in. I have changed my password several times, I am running McAfee in stealth mode and made sure my firewalls pretty much don't let me type without notifying me. I have taken great precautions when comes to my Internet as well. I have had to reset my laptop to it's factory settings for the third time now because whoever this is thinks it funny to impersonate me somehow remotely and change my user rights to my own files. I am attending online college and this is causing me great problems. I have even found that they are now deleting important emails from my Online college inbox, then from the deleted inbox. The following is just one of the examples of a log entry that I have. If you have any suggestions, please feel free to let me know. I will except any help!
Event Viewer Information:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/26/2013 7:44:46 AM
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: Again
Description:
An account was successfully logged on.
General Tab:
Subject:
Security ID: SYSTEM
Account Name: AGAIN$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 5
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Details Tab: (Friendly view)
Event Xml:
<Event xmlns= <"schemas.microsoft.com win 2004 08 events event"> (this is actually a link but I had to alter it so Microsoft would let me post it)
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4624</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2013-05-26T12:44:46.955387200Z" />
<EventRecordID>10840</EventRecordID>
<Correlation />
<Execution ProcessID="788" ThreadID="4656" />
<Channel>Security</Channel>
<Computer>Again</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">AGAIN$</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="TargetUserSid">S-1-5-18</Data>
<Data Name="TargetUserName">SYSTEM</Data>
<Data Name="TargetDomainName">NT AUTHORITY</Data>
<Data Name="TargetLogonId">0x3e7</Data>
<Data Name="LogonType">5</Data>
<Data Name="LogonProcessName">Advapi </Data>
<Data Name="AuthenticationPackageName">Negotiate</Data>
<Data Name="WorkstationName">
</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x30c</Data>
<Data Name="ProcessName">C:\Windows\System32\services.exe</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>
<Data Name="ImpersonationLevel">%%1833</Data>
</EventData>
</Event>
Hopefully someone can please help!!
Thx, WhatchBotheringMe4