Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd Entries in Event Viewer - Something to be Worried about?


  • Please log in to reply
1 reply to this topic

#1 cheesehead9099

cheesehead9099

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 20 January 2013 - 01:43 PM

Recently I had MSN tell me that my account was compromised because of suspicious activity, and so I had to change my password. I've noticed no other suspicious activity on my computer, and repeated scans with a variety of AV solutions have showed nothing - however, there are a few event viewer logs that worry me:

Log Name: System
Source: Service Control Manager
Date: 1/19/2013 11:41:09 PM
Event ID: 7039
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: user-PC
Description:
A service process other than the one launched by the Service Control Manager connected when starting the Google Update Service (gupdate) service. The Service Control Manager launched process 5604 and process 2480 connected instead.

Note that if this service is configured to start under a debugger, this behavior is expected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="32768">7039</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-01-20T04:41:09.527116000Z" />
<EventRecordID>51247</EventRecordID>
<Correlation />
<Execution ProcessID="560" ThreadID="6172" />
<Channel>System</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Google Update Service (gupdate)</Data>
<Data Name="param2">5604</Data>
<Data Name="param3">2480</Data>
</EventData>
</Event>

Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 1/20/2013 1:01:30 PM
Event ID: 3
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: user-PC
Description:
Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>14</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2013-01-20T18:01:30.515217600Z" />
<EventRecordID>240</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="172" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>user-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">Microsoft Security Client OOBE</Data>
<Data Name="FileName">C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl</Data>
<Data Name="ErrorCode">3221225485</Data>
<Data Name="LoggingMode">5</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 1/19/2013 11:41:39 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: user-PC
Description:
The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-01-20T04:41:39.000000000Z" />
<EventRecordID>51258</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">{4EB61BAC-A3B6-4760-9581-655041EF4D69}</Data>
</EventData>
</Event>

Log Name: Microsoft-Windows-Dhcp-Client/Admin
Source: Microsoft-Windows-Dhcp-Client
Date: 1/19/2013 6:55:07 PM
Event ID: 1001
Task Category: Address Configuration State Event
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: user-PC
Description:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x70F39578E6EF. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}" />
<EventID>1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>3</Task>
<Opcode>75</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2013-01-19T23:55:07.052801200Z" />
<EventRecordID>2054</EventRecordID>
<Correlation />
<Execution ProcessID="424" ThreadID="2056" />
<Channel>Microsoft-Windows-Dhcp-Client/Admin</Channel>
<Computer>user-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="HWLength">6</Data>
<Data Name="HWAddress">70F39578E6EF</Data>
<Data Name="StatusCode">121</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 1/17/2013 6:02:20 PM
Event ID: 7039
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: user-PC
Description:
A service process other than the one launched by the Service Control Manager connected when starting the Google Update Service (gupdate) service. The Service Control Manager launched process 1648 and process 2480 connected instead.

Note that if this service is configured to start under a debugger, this behavior is expected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="32768">7039</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-01-17T23:02:20.819609300Z" />
<EventRecordID>50613</EventRecordID>
<Correlation />
<Execution ProcessID="620" ThreadID="5996" />
<Channel>System</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Google Update Service (gupdate)</Data>
<Data Name="param2">1648</Data>
<Data Name="param3">2480</Data>
</EventData>
</Event>

I would greatly appreciate any help on this, and if you could let me know if these entries are potential threats or anything to be worried about. Thanks.

BC AdBot (Login to Remove)

 


#2 cheesehead9099

cheesehead9099
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 21 January 2013 - 07:33 PM

can someone please help me with this?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users