32-bit xp

My system shutdown this morning without warning.  I started looking in the logs and went to the security logs.  I am having what looks like an attack

There are many ID 850 "A port was listed as an exception when the Windows Firewall started."

There are many ID 576 "Special privileges assigned to new logon:" and the user name and domain are blank

There are many id 515 "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. "

There are many ID 849 "An application was listed as an exception when the Windows Firewall started. "

I am rushing this - need to get back to it...
Who is Participating?
torimarConnect With a Mentor Commented:
"Notification Package Name:      scecli"

That is a standard notification package, not a rogue one, hence no evidence for a security breach.

Most of the other event IDs should also be able to provide more detail:
515: logon process name
576: user name and domain
849: name and path of the process
850: port number, protocol, name and interface

Please post those details and comment on whether they sound familiar to you.
santaspores1Author Commented:
Now I see that my security log is filled with such events.  It goes back to 9/21/2011and I see all the same security events...

Is there any reason (other than having been hacked) why I might have such entries?
santaspores1Author Commented:
And also ID 518 source security:
An notification package has been loaded by the Security Account Manager. This package will be notified of any account or password changes.
 Notification Package Name:      scecli

I have updated and run norton antivirus, malwarebytes, spybot.  None of them found anything.
santaspores1Author Commented:
sophos ati-rootkit and combofix did create some reports... but nothing that looked ridiculously suspicious.  
santaspores1Author Commented:
I agree.  I found no evidence at all of any wrongdoing.  And I did find similar entries on other machines.  The Name brand anti apps found nothing.  I just wish there was more documentation for security items such as these!

Thanks for your expert opinion.  It is always valuable.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.