Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware attacks Using Apple Bonjour !


  • Please log in to reply

#16
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Ok the system just locked up so I will re write my reply I checked the Memory and its fine I did all the scans as request :-

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Owner (07-01-2017 16:27:44) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
hosts:
REG: [-HKEY_LOCAL_MACHINE\SOFTWARE\Apple Inc.]
REG: [-HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTP\Defaults\AppProfiles\Apple iTunes]
REG: [-HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\OSD\TouchPad\AppProfiles\Apple iTunes]
REG: [-HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\PlugInConfig\TouchPad\AppProfiles\Apple iTunes]
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"





*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= [-HKEY_LOCAL_MACHINE\SOFTWARE\Apple Inc.] =========

The system cannot find the path specified.


========= End of Reg: =========


========= [-HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTP\Defaults\AppProfiles\Apple iTunes] =========

The system cannot find the path specified.


========= End of Reg: =========


========= [-HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\OSD\TouchPad\AppProfiles\Apple iTunes] =========

The system cannot find the path specified.


========= End of Reg: =========


========= [-HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\PlugInConfig\TouchPad\AppProfiles\Apple iTunes] =========

The system cannot find the path specified.


========= End of Reg: =========


========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========


========= End of CMD: =========


==== End of Fixlog 16:27:59 ====

 

I think it found the apple file as its got key removed ! But then its got Key not found but on the second fixlist scan it could not find the file so I think you got it . Yes I use a VPN over here in Thailand its not on all the time but to watch the BBC you need a VPN other wise it some items are blocked .

 

I will have a look at misconfig and turn things back to normal . 

Attached Files


  • 0

Advertisements


#17
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Ok just done a re boot and just checked and Apple is still there . I did look on the internet for a tool to remove it but nothing seems to work , This file is very hard to remove .

 

I will run the fix file again and see what happens also check on Misconfig . Come to think about it where is the Misconfig file location ? In the past I have set the start up using cc cleaner to load as few programs as possible like TomTom and printers updates and stuff so not sure on what misconfig file you mean ?

 

Thanks again


Edited by sub101uk, 07 January 2017 - 05:16 AM.

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Search for:

msconfig

Hit Enter.

 

Run a new VEW log for both system and Application.  Let's see if we can see what caused your lockup.

 

Do the Search Registry scan again for apple with a space after the apple and post it.  Repeat the scan for Search Files.


  • 0

#19
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

it looks like there is a hardware or firmware problem from what the VEW logs says ? Very strange . Ok I have searched the registry + Files for Apple Inc and Apple , I find Nothing under Apple as for Apple all we seem to get is " Applets "

 

I checked RegEdit the file is still there with all its other folders , I wonder if any of the other folders will show up well I tried Bonjour on file and Reg and found nothing .

 

Oh yes I set the start up to normal , As far as  Intel® Rapid Storage Technology I down loaded the file but it seems to be a zip file after I have down loaded the file I assume I click on Extract all files ? 

 

 

Attached Thumbnails

  • Apple as per regedit.JPG

Attached Files


Edited by sub101uk, 07 January 2017 - 05:43 PM.

  • 0

#20
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Well someone is playing games with me as I was online this morning booking some flights when someone removed both drivers for both of the blue tooth mouse lucky the touch pad was still working .

 

I have down load the logs so you can have a look see and tell me what you think . 

 

 

Attached Thumbnails

  • Disabled Drives 08.01.17.JPG

Attached Files


  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

it's not an attack from outside.  Windows is playing games because it is having trouble with connecting the blutooth devices.  Note that we also get the :Event: 18 hardware error about the same time.

 

Log: 'System' Date/Time: 08/01/2017 03:12:41
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.
 
Log: 'System' Date/Time: 08/01/2017 03:12:26
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.
 
Log: 'System' Date/Time: 08/01/2017 02:08:06
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.
 
Log: 'System' Date/Time: 08/01/2017 02:08:06
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

 

 

 

 
Log: 'System' Date/Time: 08/01/2017 03:11:20
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.
 
Log: 'System' Date/Time: 08/01/2017 03:09:56
Type: Error Category: 0
Event: 4 Source: HidBth
Initial connection to Bluetooth HID device (00:1f:20:14:41:a5) failed.  The device has been removed as a personal or paired device.  You must reinstall the device.
 
Log: 'System' Date/Time: 08/01/2017 03:08:57
Type: Error Category: 0
Event: 16 Source: BTHUSB
The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (00:1f:20:14:41:a5) failed.
 
Log: 'System' Date/Time: 08/01/2017 03:08:50
Type: Error Category: 0
Event: 30009 Source: Microsoft-Windows-SharedAccess_NAT
The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
 
Log: 'System' Date/Time: 08/01/2017 03:08:33
Type: Error Category: 0
Event: 16 Source: BTHUSB
The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (00:1f:20:14:41:a5) failed.
 
Log: 'System' Date/Time: 08/01/2017 03:07:17
Type: Error Category: 0
Event: 4 Source: HidBth
Initial connection to Bluetooth HID device (00:1f:20:14:41:a5) failed.  The device has been removed as a personal or paired device.  You must reinstall the device.
 
Log: 'System' Date/Time: 08/01/2017 03:06:15
Type: Error Category: 0
Event: 4 Source: HidBth
Initial connection to Bluetooth HID device (00:1f:20:14:41:a5) failed.  The device has been removed as a personal or paired device.  You must reinstall the device.
 
Log: 'System' Date/Time: 08/01/2017 03:05:13
Type: Error Category: 0
Event: 4 Source: HidBth
Initial connection to Bluetooth HID device (00:1f:20:14:41:a5) failed.  The device has been removed as a personal or paired device.  You must reinstall the device.
 
Log: 'System' Date/Time: 08/01/2017 03:04:10
Type: Error Category: 0
Event: 4 Source: HidBth
Initial connection to Bluetooth HID device (00:1f:20:14:41:a5) failed.  The device has been removed as a personal or paired device.  You must reinstall the device.
 
Log: 'System' Date/Time: 08/01/2017 03:03:12
Type: Error Category: 0
Event: 4 Source: HidBth
Initial connection to Bluetooth HID device (00:1f:20:14:41:a5) failed.  The device has been removed as a personal or paired device.  You must reinstall the device.

 

 

Do a search for:
 
device manager
hit Enter,
 
View, Show hidden devices
 
Do you see any yellow flagged devices?  
 
Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.
 
If you see one that has HardwareIDs like this:
ACPI\MSFT0101
*MSFT0101
 
Then go into your BIOS setup.  See if you have a Security tab and then see if there is an option to disable .  If you disable it the unknown device should be gone on reboot.

  • 0

#22
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Ok all ok on you think these problems are coming from within the computer and not from being online , Regarding the mouse problem I fully understand what your saying about the blue tooth problem being hard ware like my Logitech 555b or Micro Soft 5000 blue tooth mice being faulty but both of the drivers were uninstalled from Devices + Printers plus Viscosity Virtual Adapter and Intel Blue Tooth driver also had to be re-installed even as I am typing my reply both mice are very unstable . As for my wireless mouse that no longer works . When you plug the small USB adaptor into the lap top it shows on the Devices + Printer page but does not work . I have tested both blue Tooth mice on a second computer so the mice are fine as for the Wifi mouse I think I can test that on the smart TV but it should be plug and play .

 

Sorry I could find no yellow Flags  , Its strange if you run VEW you see lots of error messages , But last night I did a full 2 hour check with lap tops own software checking for any problems with memory and nothing found and this morning i went to the Dell own web site and they did a full 5 hour test and again found nothing plus I down load a few new drivers . The only good thing is it seems to boot up in high res now were as before it would boot up in low res and after one boot up it would then be in high res .

 

Any more thoughts on how to remove Apple from my registry . Looking at the VEW Log it looks like a war zone with many hard ware problems but if this was the case why does it not show up on the Lap Tops own program plus Dells own 5 hours long test it makes no sense if there is a hard ware fault then I am chasing my own tail and I might as well send the Lap Top back to Dell .

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/01/2017 17:01:58

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2017 07:54:06
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache

Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 09/01/2017 07:54:06
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache

Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 09/01/2017 07:21:48
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache

Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 09/01/2017 07:21:48
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache

Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 09/01/2017 07:20:48
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 09/01/2017 07:20:42
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000

milliseconds: Restart the service.

Log: 'System' Date/Time: 09/01/2017 07:20:42
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:42
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000

milliseconds: Restart the service.

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

I think the only clear cut way to rid of what ever is in C drive is to format and reinstall As for Apple I will contact them and see what is the best way to remove Apple Bonjour since just deleting it in regedit it returns on the next reboot .

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Alienware Update Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Dell Data Vault Wizard service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Bluetooth Media Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Bluetooth Device Monitor service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Blackberry Device Manager service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:41
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000

milliseconds: Restart the service.

Log: 'System' Date/Time: 09/01/2017 07:20:39
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 09/01/2017 07:20:39
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in

10000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2017 09:01:40
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.

Log: 'System' Date/Time: 09/01/2017 08:58:56
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.

Log: 'System' Date/Time: 09/01/2017 08:46:38
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk3\DR3 during a paging operation.

Log: 'System' Date/Time: 09/01/2017 08:46:38
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk3\DR3 during a paging operation.

Log: 'System' Date/Time: 09/01/2017 08:46:31
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe with process id 436 stopped the removal or

ejection for the device USB\VID_0951&PID_168C\00018F30C9E91AC81D00000A1.

Log: 'System' Date/Time: 09/01/2017 08:46:01
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume2\Windows\System32\wbem\WmiPrvSE.exe with process id 4000 stopped the removal or ejection for the

device USB\VID_0951&PID_168C\00018F30C9E91AC81D00000A1.

Log: 'System' Date/Time: 09/01/2017 08:46:01
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe with process id 436 stopped the removal or

ejection for the device USB\VID_0951&PID_168C\00018F30C9E91AC81D00000A1.

Log: 'System' Date/Time: 09/01/2017 08:44:20
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_KINGSTON&PROD_DT_ELITE_3.0&REV_1.01#00018F30C9E91AC81D00000A1&0#.

Log: 'System' Date/Time: 09/01/2017 08:12:41
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

Log: 'System' Date/Time: 09/01/2017 07:57:02
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 6 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 44

seconds since the last report.

Log: 'System' Date/Time: 09/01/2017 07:57:02
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 44

seconds since the last report.

Log: 'System' Date/Time: 09/01/2017 07:57:02
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 44

seconds since the last report.

Log: 'System' Date/Time: 09/01/2017 07:57:02
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 44

seconds since the last report.

Log: 'System' Date/Time: 09/01/2017 07:57:02
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 4 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 44

seconds since the last report.

Log: 'System' Date/Time: 09/01/2017 07:57:02
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 44

seconds since the last report.

Log: 'System' Date/Time: 09/01/2017 07:57:02
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 44

seconds since the last report.

Log: 'System' Date/Time: 09/01/2017 07:57:02
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 5 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 44

seconds since the last report.

Log: 'System' Date/Time: 09/01/2017 07:36:29
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 1 seconds

since the last report.

Log: 'System' Date/Time: 09/01/2017 07:36:29
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 1 seconds

since the last report.

Log: 'System' Date/Time: 09/01/2017 07:36:29
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 1 seconds

since the last report.
 


  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

There is program called Processor Monitor.  It has an option to create a log during boot.  If you turn it on you may see what process is writing apple to the registry.  The log are too big to let it run very long and certainly too big to post on the forum so you will have to look through the log yourself.

 

 
Save it to your desktop and then turn on P&P again.  Run Process Monitor.
 
As soon as it starts, File, then uncheck Capture Events.  Once it stops,
 
then under Options, click Enable Boot Logging.  Close Process Monitor and reboot.
 
Open Process Monitor and it should tell you it has a boot log for you to look at.
 
You can search for Apple Inc. and then look to see what process is doing it.
 
 
 
Your errors show a problem with a plugged in USB drive probably a DT Elite 3.0.

I would run a disk check on it.

 

The hardware errors are pretty ugly.  Do you have the latest BIOS?


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

It occurs to me that there may be a source of interference near your PC.  In addition to the above I would download, save, right click and Extract All and run the bennett program talked about here:

 

http://www.bluetooth...signal-strength

 

Use it to check your signal strength and look for interference.  


  • 0

#25
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Sorry for the late reply but more strange things have been going on down this end , 2 days ago I spent most of the time on the Dell web site replacing drivers I dont think the site is up to date since some of my drivers are newer on the computer than on the site but I upgraded a few . However I went to log on this morning to my ISP TOT and was unable to , Every night now days I turn the router off because its not locked . I have changed the password many times only to find out that all you need to log in is type the password as password TOT you can only use a TOT router which is made by FORTH .

 

So I turned on the router this morning and was unable to log in this went on for about 4 hours and then I noticed I was down loading lots of data which was a bit strange since I still had not logged in soon after the down load it just logged in . Since I have been replying to your email the ISP has turned off my internet link I am starting to think there is more to this than it seems Maybe its waiting for me to link the computer into the router ?  I am just wondering if all my problems are coming from my ISP since TOT is State-Owned very odd ? Maybe I have come across some sort of logging program they put on peoples computers .

 

After being offline for most of yesterday when the internet did return for a short time I checked my registry only to find Apple Bonj had returned you may remember I removed half of it with the RegEdit tool . Any more thoughts on how to remove this program I am still searching on the web to see if any one has any luck with removing Apple , Yesterday I did email apple asking them how to removed it from windows 7 .

 

From looking at the programs on my computer its clear some of them have been hacked , If we look at the findings of the VEW dont you find it a bit strange of all the fatal hardware errors that has occurred if these errors were real I think the computer would be very unstable and would I think shut down . VEW is working because this morning I did a M/S update and you can see the update on the report but if all these problems are coming from my ISP then I think we are chasing our own tails because even if we do find a way to remove access to my computer I think they will just find away back in again .

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/01/2017 09:44:30

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 02:06:18
Type: Information Category: 0
Event: 903 Source: Microsoft-Windows-Security-SPP
The Software Protection service has stopped.

Log: 'Application' Date/Time: 11/01/2017 02:00:34
Type: Information Category: 0
Event: 902 Source: Microsoft-Windows-Security-SPP
The Software Protection service has started. 6.1.7601.17514

Log: 'Application' Date/Time: 11/01/2017 02:00:34
Type: Information Category: 0
Event: 1003 Source: Microsoft-Windows-Security-SPP
The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status=
1: 4de78642-0f7f-4b61-9392-8add86d70ae8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 50e329f7-a5fa-46b2-85fd-f224e5da7764, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 5a79ecd8-d33f-406c-a619-7785899b5d59, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: 770bc271-8dc1-467d-b574-73cbacbeccd1, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: 90a61a0d-0b76-4bf1-a8b8-89061855a4c9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 92f9d22a-65f5-49a7-90fe-06491b4fc379, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
8: 9ccffaf9-86a2-414e-b031-b2f777720e90, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
9: b92e9980-b9d5-4821-9c94-140f632f6312, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
10: c1027486-8ae8-4633-9cf9-9658ed80504d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
11: c1e88de3-96c4-4563-ad7d-775f65b1e670, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
12: c33001fc-5e9c-4f27-8c05-e0154adb0db4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
13: cf3c5b35-35ff-4c95-9bbd-a188e47ad14c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
14: cff07cac-7534-4cc3-b3f3-99e1a0aa3c20, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
15: d188820a-cb63-4bad-a9a2-40b843ee23b7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
16: d8e04254-f9a5-4729-ae86-886de6aa907c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
17: da22eadd-46dc-4056-a287-f5041c852470, 1, 0 [(0 )(1 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 3 0 msft:rm/algorithm/phone/1.0 0x00000000 0)(?)(?)(?)])(2 )]
18: e120e868-3df2-464a-95a0-b52fa5ada4bf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
19: e838d943-63ed-4a0b-9fb1-47152908acc9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
20: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
21: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]



Log: 'Application' Date/Time: 11/01/2017 02:00:34
Type: Information Category: 0
Event: 1033 Source: Microsoft-Windows-Security-SPP
These policies are being excluded since they are only defined with override-only attribute. Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Shell-InBoxGames-FreeCell-EnableGame) (Shell-InBoxGames-Hearts-EnableGame) (Shell-InBoxGames-Minesweeper-EnableGame) (Shell-InBoxGames-PurblePlace-EnableGame) (Shell-InBoxGames-Shanghai-EnableGame) (Shell-InBoxGames-Solitaire-EnableGame) (Shell-InBoxGames-SpiderSolitaire-EnableGame) (Shell-MultiplayerInboxGames-Backgammon-EnableGame) (Shell-MultiplayerInboxGames-Checkers-EnableGame) (Shell-MultiplayerInboxGames-Spades-EnableGame) (Shell-PremiumInBoxGames-Chess-EnableGame) (Telnet-Client-EnableTelnetClient) (Telnet-Server-EnableTelnetServer) (TiffIFilterLicensing-EnableTiffIFilter)  App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=da22eadd-46dc-4056-a287-f5041c852470

Log: 'Application' Date/Time: 11/01/2017 02:00:31
Type: Information Category: 0
Event: 1066 Source: Microsoft-Windows-Security-SPP
Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000


Log: 'Application' Date/Time: 11/01/2017 02:00:30
Type: Information Category: 0
Event: 1 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 11/01/2017 02:00:29
Type: Information Category: 0
Event: 900 Source: Microsoft-Windows-Security-SPP
The Software Protection service is starting.

Log: 'Application' Date/Time: 11/01/2017 02:00:29
Type: Information Category: 3
Event: 2000 Source: LMS
Local Management Service stopped.


Log: 'Application' Date/Time: 11/01/2017 02:00:28
Type: Information Category: 3
Event: 2000 Source: LMS
Local Management Service started.


Log: 'Application' Date/Time: 11/01/2017 02:00:28
Type: Information Category: 0
Event: 0 Source: IntelDalJhi
Intel® Dynamic Application Loader Host Interface Service started.

Log: 'Application' Date/Time: 11/01/2017 02:00:28
Type: Information Category: 0
Event: 7303 Source: IAStorDataMgrSvc
Started event manager
Started event manager

Log: 'Application' Date/Time: 11/01/2017 02:00:28
Type: Information Category: 0
Event: 0 Source: IAStorDataMgrSvc
Service started successfully.

Log: 'Application' Date/Time: 11/01/2017 02:00:18
Type: Information Category: 0
Event: 0 Source: DellUpdate
Service started successfully.

Log: 'Application' Date/Time: 11/01/2017 02:00:17
Type: Information Category: 0
Event: 0 Source: DellDigitalDelivery
Service started successfully.

Log: 'Application' Date/Time: 11/01/2017 02:00:09
Type: Information Category: 1
Event: 101 Source: SkypeUpdate
Service stopped.

Log: 'Application' Date/Time: 11/01/2017 02:00:08
Type: Information Category: 1
Event: 103 Source: SkypeUpdate
SkypeUpdate service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 11/01/2017 01:59:04
Type: Information Category: 0
Event: 3 Source: iBtSiva
The event description cannot be found.

Log: 'Application' Date/Time: 11/01/2017 01:58:27
Type: Information Category: 0
Event: 0 Source: Bluetooth Media Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/01/2017 01:58:26
Type: Information Category: 0
Event: 0 Source: Bluetooth OBEX Service
The event description cannot be found.

Log: 'Application' Date/Time: 11/01/2017 01:58:26
Type: Information Category: 0
Event: 0 Source: Bluetooth Device Monitor
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2017 01:55:47
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3090456578-2289362299-1625809071-1000:
Process 2476 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\NVIDIA Corporation\Global\ShadowPlay


Log: 'Application' Date/Time: 11/01/2017 01:43:52
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3090456578-2289362299-1625809071-1000:
Process 2484 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\NVIDIA Corporation\Global\ShadowPlay


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2017 01:58:13
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 01:58:13
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 01:57:00
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 01:57:00
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 01:45:03
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 01:45:03
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 01:02:48
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 01:02:48
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 00:07:43
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 11/01/2017 00:07:43
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 10/01/2017 15:36:25
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 10/01/2017 15:36:25
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 10/01/2017 15:35:27
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error:  The authentication service is unknown.

Log: 'System' Date/Time: 10/01/2017 15:35:26
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 10/01/2017 15:35:26
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 10/01/2017 11:32:04
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 10/01/2017 11:32:04
Type: Error Category: 0
Event: 18 Source: Microsoft-Windows-WHEA-Logger
A fatal hardware error has occurred.  Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0  The details view of this entry contains further information.

Log: 'System' Date/Time: 10/01/2017 11:31:08
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error:  %%-2147416365

Log: 'System' Date/Time: 10/01/2017 11:31:07
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error:  The authentication service is unknown.

Log: 'System' Date/Time: 10/01/2017 11:30:04
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error:  %%-2147416365

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2017 02:44:09
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 11/01/2017 02:38:03
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Diagnostic System Host service entered the stopped state.

Log: 'System' Date/Time: 11/01/2017 02:37:21
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the stopped state.

Log: 'System' Date/Time: 11/01/2017 02:32:21
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 11/01/2017 02:20:12
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the stopped state.

Log: 'System' Date/Time: 11/01/2017 02:12:56
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Modules Installer service entered the stopped state.

Log: 'System' Date/Time: 11/01/2017 02:12:55
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Windows Modules Installer service was changed from auto start to demand start.

Log: 'System' Date/Time: 11/01/2017 02:12:49
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Windows Modules Installer service was changed from demand start to auto start.

Log: 'System' Date/Time: 11/01/2017 02:08:38
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WMI Performance Adapter service entered the stopped state.

Log: 'System' Date/Time: 11/01/2017 02:08:34
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Tablet PC Input Service service entered the running state.

Log: 'System' Date/Time: 11/01/2017 02:06:57
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 11/01/2017 02:06:18
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Software Protection service entered the stopped state.

Log: 'System' Date/Time: 11/01/2017 02:03:08
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the stopped state.

Log: 'System' Date/Time: 11/01/2017 02:02:49
Type: Information Category: 1
Event: 19 Source: Microsoft-Windows-WindowsUpdateClient
Installation Successful: Windows successfully installed the following update: January, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3212646)

Log: 'System' Date/Time: 11/01/2017 02:02:39
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WMI Performance Adapter service entered the running state.

Log: 'System' Date/Time: 11/01/2017 02:02:38
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WMI Performance Adapter service entered the stopped state.

Log: 'System' Date/Time: 11/01/2017 02:01:17
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Modules Installer service entered the running state.

Log: 'System' Date/Time: 11/01/2017 02:00:35
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WMI Performance Adapter service entered the running state.

Log: 'System' Date/Time: 11/01/2017 02:00:33
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Dell Data Vault service entered the running state.

Log: 'System' Date/Time: 11/01/2017 02:00:32
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Update service entered the running state.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2017 01:59:11
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

Log: 'System' Date/Time: 11/01/2017 01:56:01
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\monitor failed to load for the device DISPLAY\SEC5044\5&29602740&0&UID1090640.

Log: 'System' Date/Time: 11/01/2017 01:55:40
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\monitor failed to load for the device DISPLAY\SEC5044\5&29602740&0&UID1090640.

Log: 'System' Date/Time: 11/01/2017 01:53:13
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\monitor failed to load for the device DISPLAY\SEC5044\5&29602740&0&UID1090640.

Log: 'System' Date/Time: 11/01/2017 01:46:05
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

Log: 'System' Date/Time: 11/01/2017 00:03:02
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

Log: 'System' Date/Time: 10/01/2017 15:30:46
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (00:1f:20:14:41:a5) either went out of range or became unresponsive.

Log: 'System' Date/Time: 10/01/2017 15:13:24
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

Log: 'System' Date/Time: 10/01/2017 12:44:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 13 seconds since the last report.

Log: 'System' Date/Time: 10/01/2017 12:44:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 13 seconds since the last report.

Log: 'System' Date/Time: 10/01/2017 12:44:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 13 seconds since the last report.

Log: 'System' Date/Time: 10/01/2017 12:44:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 4 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 13 seconds since the last report.

Log: 'System' Date/Time: 10/01/2017 12:44:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 6 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 13 seconds since the last report.

Log: 'System' Date/Time: 10/01/2017 12:44:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 13 seconds since the last report.

Log: 'System' Date/Time: 10/01/2017 12:44:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 13 seconds since the last report.

Log: 'System' Date/Time: 10/01/2017 12:44:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 5 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 13 seconds since the last report.

Log: 'System' Date/Time: 10/01/2017 12:43:25
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device (7c:1e:52:6f:db:8b) either went out of range or became unresponsive.

Log: 'System' Date/Time: 10/01/2017 12:33:10
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name mobile.pipe.aria.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/01/2017 12:32:38
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.flickr.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/01/2017 12:28:42
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name login.live.com timed out after none of the configured DNS servers responded.

 

 

I will be heading back to the UK by about the 9th of Feb after living in Thailand for the past 22 years so I wont have the same ISP . As far as the hardware goes on this computer I have done its own tests and found nothing wrong , I have gone to the Dell web site and carried out there 5 hour check and again find nothing . In your data base have you got any other programs to check if this computer is 100% ok because if we cannot trust the testing software then we are not going any were fast .

 

I am still in communication with Malwarebytes in the hope we can sort this problem out it maybe the case that while I am in Thailand using TOT as my ISP .

 

 

Regarding Bluetooth signal I have here is a Logitech 555b and the other is Microsoft 5000 both are Bluetooth are are 2 inches away from the side of the lap top as far as interference goes both work fine when not online . As soon as you go online the Logitech is unable to high light items for copy and paste so I turn that off and turn the M/S mouse on but within a few minutes its like trying to use a mouse on water its all over the place .  Ok I down loaded the Bennett program but all could do was see this page I did look at other pages like signal strength and found nothing ?.

 

Ok I will download and  run the processor monitor program and see what that shows .

 

Right when I search for Apple all i seem to get is this file attached , Its got nothing Apple on the file but keeps coming up in the search .The log File is to large to attach being 800 Mb .

You may remember me telling you how I thought I deleted some parts of Apple since they did not show up in a Scan from Max Registry cleaner well I was wrong all they did was to disable the registry cleaner so it no longer came up in the scan . I reinstalled the cleaner this morning and the entries are same as before .

Attached Thumbnails

  • BlueTooth 11.01.17.JPG
  • Apple Findings from Process monitor 11.01.JPG
  • The Return of Apple BonJ 11.01.17.JPG

Edited by sub101uk, 10 January 2017 - 11:09 PM.

  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

In process monitor if you double click on an entry it should give you more info.  

 

You can also save the whole page so I can see it:

 

click at the top of the page and then go down to the bottom of the page, hold down the shift key and click on the last line.  That should highlight a full page of events.
 
File, Save, All Events, Format: Comma-Separated Values (CSV) then OK.  It should save the file to logfile.csv which should be on your desktop.    rename it to logfile.txt and attach it
 
Let's run some more scans just to rule out an infection:
 

Download aswMBR.exe  to your desktop.
 
Right click the aswMBR.exe and select Run As Administrator to run it
 
Click the "Scan" button to start scan
 
On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
 
 
 
Get RogueKiller:
 

 
[list][*] Download RogueKiller  and save it on your desktop.  
[*]Quit all programs 
[*]Start RogueKiller.exe by right clicking and Run As Admin. 
[*]Wait until Prescan has finished ...  
[*]Click on Scan
[*]Wait for the end of the scan. (About 15 minutes)
Do not let it remove anything yet.
Click on  Open Report
then Open Txt and copy all of it and paste it into a reply.
 
 

  • 0

#27
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

As requested I have been trying to highlight the whole page of Process monitor showing all Events but for some reason its stopping me for doing it , As soon as I get to the bottom of the page it grows larger . Sorry but with my limited IT skills its going to be slow going .

 

Ok I will down load this new tool  , I ran the new aswMBR tool it found some of my files were locked but I did not attempt to make a repair . I have attached the Log file .

 

Even to do screen grabs is getting harder to do them in JPG Format as they come out in text format  and the machine feels allot slower . I am due back in the UK in just over 3 weeks time and the way it looks at the moment looks like a re install job . As far as trying to remove Apple Bonj using Regedit I have tried many times but it just returns .

 

Ok I will down load RogueKiller and see what it finds making sure it does not delete any of its findings and copy the findings .

 

RogueKiller V12.9.2.0 (x64) [Jan  9 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 01/12/2017 11:23:02 (Duration : 00:41:37)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[Hj.Name] (X64) HKEY_USERS\RK_Default_ON_F_6EDE\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe [7] -> Found
[Hj.Name] (X86) HKEY_USERS\RK_Default_ON_F_6EDE\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe [7] -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dell.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dell.com -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{742E9E9D-C325-4860-8B9E-37AF8EE072A7} | DhcpNameServer : 10.118.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{742E9E9D-C325-4860-8B9E-37AF8EE072A7} | DhcpNameServer : 10.118.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{742E9E9D-C325-4860-8B9E-37AF8EE072A7} | DhcpNameServer : 10.118.0.1 ([X])  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\SecTaskMan -> Found
[PUP.Gen1][Folder] C:\Users\Owner\AppData\Local\Max Secure Software -> Found
[PUP.Gen1][Folder] C:\ProgramData\SecTaskMan -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] 6i4yverv.default-1469598597873 : user_pref("browser.search.selectedEngine", "Avast Search"); -> Found
[PUM.SearchEngine][Firefox:Config] 6i4yverv.default-1469598597873 : user_pref("browser.search.defaultenginename", "Avast Search"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA Samsung SSD 840 SCSI Disk Device +++++
--- User ---
[MBR] 20f45434a946f425f8980f9d33a5b980
[BSP] 6b051a5e2924776f78c5dafdd634a885 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA WDC WD10JPVX-75J SCSI Disk Device +++++
--- User ---
[MBR] a796847281f8879b43ec3c802b24a897
[BSP] 889ebac04f13f871006ae3cf06e74f5b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ATA LITEONIT DMT-80M SCSI Disk Device +++++
--- User ---
[MBR] d57de87b1dd73bfca242502aacfbd81e
[BSP] 2713c178cdd20b434257f3abc1e81504 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 76189 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

Many Thanks again for all your help .

Attached Thumbnails

  • Warning After scan using aswMBR 12.01.17.JPG
  • Findings of Roguekiller 12.01.17.JPG

Attached Files


  • 0

#28
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

As you may remember I was unable to delete Apple with Regedit but I was able to able to lock the file with " No groups or users have permission to access this object " However I am sure its only a temporary fix so they will be back . The data logging program still seems to be working even without access to the internet . Well with my very limited IT knowledge it seems to tell me its logging all the actions of my computer as when I first booted up it was just showing  1 record of 57 KB and and now at 4pm  its 58 records at 15.66 KB so not sure where Windows Application Log is hiding so I can disable that .

Attached Thumbnails

  • Apple Security stop 12.01.17.JPG
  • Morning Boot Windows Application Log on Start up . 12.01.17.JPG
  • 4pm 12.01.17.JPG

  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

The MBR does not need to be fixed so please don't push the FIXMBR or FIX buttons in aswmbr.  The locked files aswmbr found are all from eset and it's normal that eset locks them so nothing can corrupt them.  Aswmbr is my best tool for rootkit detection amd it didn't find anything.  To be absolutely sure you can submit the file:  C:\Users\Owner\Desktop\MBR.dat to virustotal.com to make sure you have a good mbr.

 

 
Easiest way to submit a file is to copy the path:
 
C:\Users\Owner\Desktop\MBR.dat
 
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with MBR.dat chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 50 or so different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 50 or so then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
 

 

RogueKiller did find a folder it doesn't like:

 

C:\ProgramData\SecTaskMan

 

This is sometimes associated with a rogue antispy program so look in the folder and see if there are any .exe or .dll files.

And tell me what they are or submit them to virustotal.

 

The other thing it found is your favorite program Max.  

 

I think the Windows Application Event log is nothing more than what you see with VEW-Applications.  Perfectly normal.  You can clear the events and it should go down.  Right click on Computer and select Manage. Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 

Removing the permissions from the apple, inc registry entry is a valid method tho it will make it impossible to install any other Apple software.

 

Not sure what you mean by:

 

Even to do screen grabs is getting harder to do them in JPG Format as they come out in text format  and the machine feels allot slower

 

 

 

How exactly do you do your screen grabs?

 

If the machine is slower then make a new Process Explorer log and let's see what is going on.


  • 0

#30
sub101uk

sub101uk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

All ok on dont push the fix buttons on aswmbr , All ok on the locked files from Eset there locked to stop people from corrupting them and submit a file to virustotal to check I have a good mbr .

 

Understood on RogueKiller and C:\ProgramData\SecTaskMan yes I have found this file before when scanning with adwcleaner and deleted it strange thing is it does not show up on any of the adwcleaner logs . Like you say I did check out this file and your right its a spyware tool but with all the sites and tools I have visited it maybe from one these and nothing to do with my attacks . One things for sure since I removed the permissions from the apple it seems to have stopped it in tracks accessing the internet but the supporting program is still on my computer running .

 

I have contacted Apple a few times regarding how to remove Apple Bonjour from my computer but so far heard nothing back most of the items I have found on the internet regarding how to remove apple bonjour are for a standard installs and nothing like this .My own feelings are this is from my ISP which is TOT which is state owned you may remember last week when I first removed apple bonjour with the regedit tool my internet link was turned off for over 12 hours then it seem to return with a new version of Apple so I am surprised that the internet is still working any way after living in Thailand for over 22 years I am returning back to the UK in 3 weeks so my ISP wont be the same .The state has a firewall and does not like people using VPNs .

 

As far as the way my computer feels yes it feels allot slower plus when you click on icons they dont open or are very slow to open as far as screen grabs go I use the standard Snipping tool which should save in JPG format but when I save to my desk top its saved in notepad format not every time but 1 in every 3 screen grabs . All the CPU data seems normal to me .

 

All on your Max Registry Cleaner yes I have had this service for about 8 years on many of my desk tops and it seems to do a good job but your right there are many registry programs out there which do very little plus the online support is good .As far as my sub with Avast goes I wont be renewing in 3 weeks time I think I will stick with ESAT .

 

Thanks for telling me how to clear Windows Application Event log thats all been done . Understood on make a new Process Explorer log I will do that and post it . I think what might be a good route to do is when I return to the UK is to change out C drive its only a 250 Gb drive and install a 1 TB . When I got the machine from Dell they did install on E drive a new O/S system so I will use that  .

 

Thanks again for all your help .

 

Attached Thumbnails

  • CPU Usage 12.01.17.JPG
  • Page 1 TM 13.01.17.JPG
  • Page 2 TM 13.01.17.JPG
  • Page 3 TM 13.01.17.JPG

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP