Here are the steps I would suggest to investigate as to whether your
computer was compromised.
1) Check System History
If the offender was clever- they probably erased it, but it's worth
checking if you haven't already.
"Using the History Folder and History View
The Windows XP Professional History folder integrates Web links and
network shares, so users have access to their navigation history no
matter where they view the History folder. Users can sort the History
folder by the following categories: By Date, By Site, By Most Visited,
or By Order Visited Today.
You can also select the History view from the toolbar in Windows
Explorer, which tracks the history of all Web sites and documents
opened. In this view you can sort by location or by date used, or
search the history list, using option buttons."
2. Checking for internet use (if you computer was ready for web access)
Check the history on web browsers.
Also, click START, then Search then "For Files and Folders". Next
click "All Files and Folders" then type in index.dat in the "All or
part of the file name" box. Under the "Look in" option choose "My
Computer". Then click "More advanced options" and check off "Search
system folders" as well as "Search hidden files and folders".
3. Search for files and folders modified in the date range that you were gone.
Search every file on the disk for these dates.If you find your
documents, they were nosing around in those. The sooner you do this
after an invasion,
the more reliable it will be as these files can be overwritten by your own use.
4. Detecting Unauthorized Access Using the Secrity Log
" 1. Click Start, point to Settings, click Control Panel,
double-click Administrative Tools, then double-click Computer
2. Expand System Tools.
3. Expand Event Viewer.
4. Select Security Log.
5. Inspect the logs for suspicious security events, including the following:
* Invalid logon attempts.
* Failed use of privileges.
* Failed attempts to access and modify .bat or .cmd files.
* Attempts to alter security privileges or the audit log.
* Attempts to shut down the server."
5. Check Log Files
Go to Start>Settings>Control Panel or just Start>Control Panel
depending on which view you are using. Then, if using the new view in
XP go to Performance and monitoring>Administrative Tools or if in
classic view, just click on Administrative tools. Then start the
Event Viewer. Check all of the logs for the times that you were gone.
You can monitor many different types of events on a Windows XP
Professional?based system, including user actions such as logging on
and logging off, and the success and failure of key application
events. Administrators need to monitor these events to track security,
system performance, and application errors.
How To Audit User Access of Files, Folders, and Printers in Windows XP
*Setting Up a Password
Control Panel>User Accounts>then you will see a link Create A New Account
click on that name the account then you will have the option to Limited
Access or Administrative Rights.
*Lock Your Computer When Gone
Create a Shortcut to Lock Your Computer
*Microsoft Security Settings for XP Pro
*Monitoring Software Downloads
"This security utility allows you to track the login and logout dates
and times, for all of the users on your network, from a single
workstation. It includes a report generator and a login alert feature
to notify you by e-mail when a particular user logs into your system.
It also allows you to see what files a particular user has open and
what users have a particular file open."
Google Search Strategy
XP professional, security, log files
I hope this helps. Please request clarification if you need further assistance.