Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Antivirus somehow de-activated resulting in infection

infection antivirus de-activated

  • Please log in to reply

#61
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,906 posts
  • MVP

Compattelrunner.exe came back.  It should not start without the task.  Let's make sure it is the real file.  Bring up FRST but do not hit SCAN.  Put

compattelrunner.exe

in FRST's Search: box.  Hit SEARCH FILES  You will get one file.  Copy and paste into a reply.


  • 0

Advertisements


#62
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you.

Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by David Jackson (07-10-2019 23:13:50)
Running from C:\Users\David Jackson\Desktop
Boot Mode: Normal
 
================== Search Files: "compattelrunner.exe" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.18362.356_none_14f6ca5ca2eac2fb\CompatTelRunner.exe
[2019-09-12 19:27][2019-09-12 19:27] 000164152 _____ (Microsoft Corporation) F5C886663C4CD628B939229711AF9D58 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.18362.356_none_14f6ca5ca2eac2fb\r\CompatTelRunner.exe
[2019-09-12 19:16][2019-09-08 17:35] 000007604 _____ () 8AA2D7D16CE6D7EB6B6D95AEC1D0BBC7 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.18362.356_none_14f6ca5ca2eac2fb\f\CompatTelRunner.exe
[2019-09-12 19:16][2019-09-08 17:35] 000008735 _____ () 7F3B398AC63A25ABA265158508FDFAA9 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.18362.207_none_152dd85ca2c15376\CompatTelRunner.exe
[2019-08-26 09:25][2019-08-26 09:25] 000164152 _____ (Microsoft Corporation) 95B35516FB47A36800C949496C3FBC03 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.18362.207_none_152dd85ca2c15376\r\CompatTelRunner.exe
[2019-08-26 09:25][2019-08-26 09:25] 000007606 _____ () B61100DAA5F4322BF66E5D16B0DAE431 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.18362.207_none_152dd85ca2c15376\f\CompatTelRunner.exe
[2019-08-26 09:25][2019-08-26 09:25] 000008731 _____ () 85F570B72850A2D4961559192BED258E [File not signed]
 
C:\Windows\System32\CompatTelRunner.exe
[2019-09-12 19:27][2019-09-12 19:27] 000164152 _____ (Microsoft Corporation) F5C886663C4CD628B939229711AF9D58 [File is digitally signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~18362.388.1.0\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.18362.356_none_14f6ca5ca2eac2fb\r\compattelrunner.exe
[2019-10-04 18:56][2019-09-30 20:35] 000007604 _____ () 8AA2D7D16CE6D7EB6B6D95AEC1D0BBC7 [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~18362.388.1.0\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.18362.356_none_14f6ca5ca2eac2fb\f\compattelrunner.exe
[2019-10-04 18:56][2019-09-30 20:35] 000008735 _____ () 7F3B398AC63A25ABA265158508FDFAA9 [File not signed]
 
 
====== End of Search ======

  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,906 posts
  • MVP

Appears to be the same file as on my PC.  Let's try replacing the file with a dummy.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   730bytes   14 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Then run Latency Mon again and show me the Hard Pagefaults as before.

 


  • 0

#64
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thanks. This didn't quite run to plan. I'm unsure whether these logs are the previous ones (I haven't deleted any of the stuff we've gone through from my desktop, perhaps I need to) or whether those are stored in FRST Older and in fact these are okay. Anyway, no they're not where I thought I was saving them. Can't locate them.

 

So, may I ask: should I first delete old FSRT stuff and if so which exactly and then at lunch after work I'll start again and try again. Sorry.

 

Attached Thumbnails

  • Snip7.PNG

  • 0

#65
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,906 posts
  • MVP

No need to keep old logs from FRST.  Since you have posted them on the forum they will always be available.  If you are confused as to which log is the newest, check the date.

 

It looks like we have finally killed off compattelrunner.  It's not causing pagefaults any more.  What does the summary report from Latency Monitor look like?

 

(Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply. )


  • 0

#66
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Oh, okay. Thank you.

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system seems to be having difficulty handling real-time audio and other tasks. You may experience drop outs, clicks or pops due to buffer underruns. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:00:25  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        DAVIDDELL2
OS version:                                           Windows 10 , 10.0, version 1903, build: 18362 (x64)
Hardware:                                             Vostro 3478, Dell Inc., 0RKTGR
CPU:                                                  GenuineIntel Intel® Core™ i5-8250U CPU @ 1.60GHz
Logical processors:                                   8
Processor groups:                                     1
RAM:                                                  3961 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   180 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature. 
 
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   847.10
Average measured interrupt to process latency (µs):   10.408622
 
Highest measured interrupt to DPC latency (µs):       791.60
Average measured interrupt to DPC latency (µs):       3.098982
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              126.9550
Driver with highest ISR routine execution time:       ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.008411
Driver with highest ISR total time:                   ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.009499
 
ISR count (execution time <250 µs):                   377
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              1029.997222
Driver with highest DPC routine execution time:       ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.021560
Driver with highest DPC total execution time:         ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.072739
 
DPC count (execution time <250 µs):                   17985
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                71
DPC count (execution time 1000-1999 µs):              6
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
 
Process with highest pagefault count:                 none
 
Total number of hard pagefaults                       0
Hard pagefault count of hardest hit process:          0
Number of processes hit:                              0
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.571159
CPU 0 ISR highest execution time (µs):                126.9550
CPU 0 ISR total execution time (s):                   0.019033
CPU 0 ISR count:                                      377
CPU 0 DPC highest execution time (µs):                1029.997222
CPU 0 DPC total execution time (s):                   0.1380
CPU 0 DPC count:                                      17657
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.559256
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                58.369444
CPU 1 DPC total execution time (s):                   0.000242
CPU 1 DPC count:                                      20
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.263399
CPU 2 ISR highest execution time (µs):                0.0
CPU 2 ISR total execution time (s):                   0.0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                90.363889
CPU 2 DPC total execution time (s):                   0.000158
CPU 2 DPC count:                                      7
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.285060
CPU 3 ISR highest execution time (µs):                0.0
CPU 3 ISR total execution time (s):                   0.0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                0.0
CPU 3 DPC total execution time (s):                   0.0
CPU 3 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 4 Interrupt cycle time (s):                       0.257623
CPU 4 ISR highest execution time (µs):                0.0
CPU 4 ISR total execution time (s):                   0.0
CPU 4 ISR count:                                      0
CPU 4 DPC highest execution time (µs):                669.582222
CPU 4 DPC total execution time (s):                   0.007262
CPU 4 DPC count:                                      372
_________________________________________________________________________________________________________
CPU 5 Interrupt cycle time (s):                       0.745827
CPU 5 ISR highest execution time (µs):                0.0
CPU 5 ISR total execution time (s):                   0.0
CPU 5 ISR count:                                      0
CPU 5 DPC highest execution time (µs):                23.562222
CPU 5 DPC total execution time (s):                   0.000059
CPU 5 DPC count:                                      4
_________________________________________________________________________________________________________
CPU 6 Interrupt cycle time (s):                       0.650974
CPU 6 ISR highest execution time (µs):                0.0
CPU 6 ISR total execution time (s):                   0.0
CPU 6 ISR count:                                      0
CPU 6 DPC highest execution time (µs):                26.148889
CPU 6 DPC total execution time (s):                   0.000032
CPU 6 DPC count:                                      2
_________________________________________________________________________________________________________
CPU 7 Interrupt cycle time (s):                       0.717147
CPU 7 ISR highest execution time (µs):                0.0
CPU 7 ISR total execution time (s):                   0.0
CPU 7 ISR count:                                      0
CPU 7 DPC highest execution time (µs):                0.0
CPU 7 DPC total execution time (s):                   0.0
CPU 7 DPC count:                                      0
_________________________________________________________________________________________________________

  • 0

#67
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,906 posts
  • MVP

Can you make a snip of the Drivers page in Latency Monitor?  Something like this:

 

latmon.jpg


  • 0

#68
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Snip8.PNG Sure, thank you very much.


  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,906 posts
  • MVP

I think you should check your PC maker's support website for a new version of the BIOS.  That's usually why we see ACPI.sys with so much delay.


  • 0

#70
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you very much for all the help, patience and advice. I put 'New BIOS for laptop' into Dell.com's search box and just got a list of new laptops.I guess I'm s****ed!


  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,906 posts
  • MVP

Give me the part number and service tag for your laptop.  Should be on a sticker on the bottom.  I'll see if I can find something.


  • 0

#72
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thanks a lot, much appreciated. If these aren't quite right, there's another one too: 

63J4YN2 2018

13274236766


  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,906 posts
  • MVP

https://www.dell.com...NUQT090/drivers

 

There's a new BIOS version 1.9  (you have 1.4)

 

You should also get

 

Intel Rapid Storage Technology Driver and Management Console


  • 0

#74
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you. Sorry to be thick but does 'getting' the new BIOS and Intel Rapid Storage Technology Driver and Management Console mean simply downloading them from that download list page? Download and run? Thank you.


  • 0

#75
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

The Dell driver assist found four in total including the BIOS and the other one you mentioned. When I clicked download it asks me what file to download to, or make a new file. Also that the BIOS is a manual install - unlike the others - but I've no clue what that all means in practice. Could you please guide me a little? Thank you so much.


  • 0






Similar Topics


Also tagged with one or more of these keywords: infection, antivirus de-activated

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP