Thread: HJT Log help requested
View Single Post
Old 09-23-2006, 12:52 PM   #7 (permalink)
anno
Registered User
 
Join Date: Aug 2006
Posts: 45
OS: Win XP


Thanks for this Eclipse, you must be very patient!


My GetSystemInfo log is 1.33MB, shall I post all of it?


Gmer log:

Quote:
GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-09-23 18:59:18
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.11 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys
Device \Driver\USBSTOR \Device\0000007a IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys
Device \Driver\USBSTOR \Device\0000007c IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys

---- Processes - GMER 1.0.11 ----

Process guard.exe (*** hidden *** ) [532] 81E87DA0

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----
Gmer Autostart log:

Quote:
GMER 1.0.11.11349 - http://www.gmer.net
Autostart 2006-09-23 19:01:55
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
BackWeb Client - 7681197 /*F-Secure BackWeb*/@ = C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
Belkin 54g Wireless USB Network Adapter Service /*Belkin 54g Wireless USB Network Adapter*/@ = C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
Brother XP spl Service /*BrSplService*/@ = C:\WINDOWS\system32\brsvc01a.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Program Files\ewido anti-spyware 4.0\guard.exe
F-Secure Gatekeeper Handler Starter /*F-Secure Gatekeeper Handler Starter*/@ = "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
FSAA /*F-Secure Authentication Agent*/@ = "C:\Program Files\F-Secure\Common\FSAA.EXE"
FSMA /*F-Secure Management Agent*/@ = "C:\Program Files\F-Secure\Common\FSMA32.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
ssoftservice /*Cryptainer service*/@ = ssoftsrv.exe
TabletService /*Tablet Service*/@ = C:\WINDOWS\system32\Wt32exe.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
UserAccess7 /*SecuROM User Access Service (V7)*/@ = C:\WINDOWS\system32\UAService7.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@F-Secure Manager"C:\Program Files\F-Secure\Common\FSM32.EXE" /splash = "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@tblfunctblmouse.exe = tblmouse.exe
@RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@ControlCenter2.0C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun /*file not found*/ = C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun /*file not found*/
@ATIPTAC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe /*file not found*/ = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@updateMgr"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@ares"C:\Program Files\Ares\Ares.exe" -h /*file not found*/ = "C:\Program Files\Ares\Ares.exe" -h /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{23814B80-52A2-11d0-BC1A-004095606CB9} = C:\Program Files\F-Secure\Common\fpshx.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{23814B80-52A2-11d0-BC1A-004095606CB9} = C:\Program Files\F-Secure\Common\fpshx.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.mail.yahoo.com/ = http://www.mail.yahoo.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\Euan!\Start Menu\Programs\Startup = Office Startup.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Acrobat Assistant.lnk = Acrobat Assistant.lnk
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk

---- EOF - GMER 1.0.11 ----
RootKitRevealer Log:

Quote:
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\RemoteAccess\InternetProfile 14/10/2005 00:16 7 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\36\Shell\WFlags 23/09/2006 19:04 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\36\Shell\ShowCmd 23/09/2006 19:04 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\36\Shell\FFlags 23/09/2006 19:04 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\36\Shell\ColInfo 23/09/2006 19:04 138 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\36\Shell\WinPos1280x1024(1).left 23/09/2006 19:04 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\36\Shell\WinPos1280x1024(1).top 23/09/2006 19:04 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\36\Shell\WinPos1280x1024(1).right 23/09/2006 19:04 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-220523388-1383384898-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\36\Shell\WinPos1280x1024(1).bottom 23/09/2006 19:04 4 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\03C43574d01 23/09/2006 19:12 25.46 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\14523DABd01 23/09/2006 19:18 37.34 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\3A63E95Fd01 23/09/2006 19:19 29.64 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\44390A35d01 23/09/2006 19:13 17.18 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\7CD398E0d01 23/09/2006 19:12 257.88 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\830DD26Dd01 23/09/2006 19:19 31.25 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\8A6567BBd01 23/09/2006 19:19 79.31 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\9D95DF7Bd01 23/09/2006 19:13 27.25 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\AC0FFE56d01 23/09/2006 19:19 55.50 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\B13F9FB8d01 23/09/2006 19:19 23.84 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\C3C153F7d01 23/09/2006 19:19 26.27 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\D9623514d01 23/09/2006 19:19 26.86 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\EB837985d01 23/09/2006 19:13 31.45 KB Hidden from Windows API.
C:\Documents and Settings\Euan!\Local Settings\Application Data\Mozilla\Firefox\Profiles\95yafp4t.default\Cache\FC1BC844d01 23/09/2006 19:15 162.78 KB Hidden from Windows API.
Event Viewer Application Log:

Quote:
Event Type: Error
Event Source: F-Secure Anti-Virus
Event Category: None
Event ID: 103
Date: 26/04/2006
Time: 09:59:04
User: N/A
Computer: EUAN
Description:
1 2006-04-26 09:59:04+01:00 euan EUAN\Euan! F-Secure Anti-Virus
Scanning of C:\PROGRAM FILES\ITUNES\ITUNES.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).


Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 26/04/2006
Time: 19:33:26
User: N/A
Computer: EUAN
Description:
Hanging application Photoshop.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 50 68 6f 74 6f 73 Photos
0018: 68 6f 70 2e 65 78 65 20 hop.exe
0020: 38 2e 30 2e 30 2e 30 20 8.0.0.0
0028: 69 6e 20 68 75 6e 67 61 in hunga
0030: 70 70 20 30 2e 30 2e 30 pp 0.0.0
0038: 2e 30 20 61 74 20 6f 66 .0 at of
0040: 66 73 65 74 20 30 30 30 fset 000
0048: 30 30 30 30 30 00000


Event Type: Error
Event Source: F-Secure Anti-Virus
Event Category: None
Event ID: 103
Date: 28/04/2006
Time: 17:59:02
User: N/A
Computer: EUAN
Description:
1 2006-04-28 17:59:02+01:00 euan EUAN\Euan! F-Secure Anti-Virus
Scanning of C:\PROGRAM FILES\ITUNES\ITUNES.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).



Event Type: Error
Event Source: F-Secure Anti-Virus
Event Category: None
Event ID: 103
Date: 30/04/2006
Time: 19:09:58
User: N/A
Computer: EUAN
Description:
1 2006-04-30 19:09:57+01:00 euan EUAN\Euan! F-Secure Anti-Virus
Scanning of C:\PROGRAM FILES\ITUNES\ITUNES.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).



Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 04/05/2006
Time: 02:00:54
User: N/A
Computer: EUAN
Description:
Hanging application iTunes.exe, version 6.0.3.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 54 75 6e 65 73 iTunes
0018: 2e 65 78 65 20 36 2e 30 .exe 6.0
0020: 2e 33 2e 35 20 69 6e 20 .3.5 in
0028: 68 75 6e 67 61 70 70 20 hungapp
0030: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 30 30 30 30 t 000000
0048: 30 30 00


Event Type: Error
Event Source: F-Secure Anti-Virus
Event Category: None
Event ID: 103
Date: 04/05/2006
Time: 11:18:12
User: N/A
Computer: EUAN
Description:
1 2006-05-04 11:18:12+01:00 euan EUAN\Euan! F-Secure Anti-Virus
Scanning of C:\PROGRAM FILES\ITUNES\ITUNES.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).



Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 07/05/2006
Time: 14:32:24
User: N/A
Computer: EUAN
Description:
Faulting application firefox.exe, version 1.8.20060.42618, faulting module ws2_32.dll, version 5.1.2600.2180, fault address 0x0000a89d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 69 72 ure fir
0018: 65 66 6f 78 2e 65 78 65 efox.exe
0020: 20 31 2e 38 2e 32 30 30 1.8.200
0028: 36 30 2e 34 32 36 31 38 60.42618
0030: 20 69 6e 20 77 73 32 5f in ws2_
0038: 33 32 2e 64 6c 6c 20 35 32.dll 5
0040: 2e 31 2e 32 36 30 30 2e .1.2600.
0048: 32 31 38 30 20 61 74 20 2180 at
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 30 61 38 39 64 0d 000a89d.
0060: 0a .


Event Type: Error
Event Source: F-Secure Anti-Virus
Event Category: None
Event ID: 103
Date: 08/05/2006
Time: 17:50:15
User: N/A
Computer: EUAN
Description:
1 2006-05-08 17:50:15+01:00 euan EUAN\Euan! F-Secure Anti-Virus
Scanning of D: was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).



Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 08/05/2006
Time: 19:02:30
User: N/A
Computer: EUAN
Description:
Hanging application iTunes.exe, version 6.0.3.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 54 75 6e 65 73 iTunes
0018: 2e 65 78 65 20 36 2e 30 .exe 6.0
0020: 2e 33 2e 35 20 69 6e 20 .3.5 in
0028: 68 75 6e 67 61 70 70 20 hungapp
0030: 30 2e 30 2e 30 2e 30 20 0.0.0.0
0038: 61 74 20 6f 66 66 73 65 at offse
0040: 74 20 30 30 30 30 30 30 t 000000
0048: 30 30 00


Event Type: Error
Event Source: F-Secure Anti-Virus
Event Category: None
Event ID: 103
Date: 10/05/2006
Time: 16:37:30
User: N/A
Computer: EUAN
Description:
1 2006-05-10 16:37:30+01:00 euan EUAN\Euan! F-Secure Anti-Virus
Scanning of C:\PROGRAM FILES\ITUNES\ITUNES.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Event Viewer System Log:

Quote:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 05/09/2006
Time: 22:30:55
User: N/A
Computer: EUAN
Description:
The SecuROM User Access Service (V7) service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 10/08/2006
Time: 16:57:08
User: N/A
Computer: EUAN
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 è...


Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 10/08/2006
Time: 16:57:08
User: N/A
Computer: EUAN
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 è...


Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 10/08/2006
Time: 16:57:08
User: N/A
Computer: EUAN
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 è...


Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 10/08/2006
Time: 16:57:08
User: N/A
Computer: EUAN
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 è...


Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 10/08/2006
Time: 16:57:08
User: N/A
Computer: EUAN
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 è...


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/08/2006
Time: 00:33:38
User: N/A
Computer: EUAN
Description:
The SecuROM User Access Service (V7) service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 11/08/2006
Time: 00:33:44
User: N/A
Computer: EUAN
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 è...


Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 11/08/2006
Time: 00:33:44
User: N/A
Computer: EUAN
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 è...


Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 31012
Date: 11/08/2006
Time: 00:33:45
User: N/A
Computer: EUAN
Description:
The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: e8 00 00 00 è...
anno is offline