hi guys
every so often may be once a day i hear the sound like a usb device is being unplugged !!
im in event viewer and noticed these errors around the time i get it....
windows logs>system..
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 22/07/2015 16:32:06
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: DAVE-PC
Description:
Name resolution for the name www.amenajari.zidar.net timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2015-07-22T15:32:06.293350400Z" />
<EventRecordID>219040</EventRecordID>
<Correlation />
<Execution ProcessID="1276" ThreadID="2564" />
<Channel>System</Channel>
<Computer>DAVE-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">www.amenajari.zidar.net</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801010000000000000000</Data>
</EventData>
</Event>
now this looks like my computer is reaching out to this zidar.net site !!!!
and im not liking this at all
has anyone come across this at all ???
second warning in there
Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 22/07/2015 16:08:53
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: DAVE-PC
Description:
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_ USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.01# EE054F77&1#.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2015-07-22T15:08:53.921856500Z" />
<EventRecordID>219030</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>System</Channel>
<Computer>DAVE-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">111</Data>
<Data Name="DriverName">WpdBusEnumRoot\UMB\2&37c186b &0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN _GENERIC&PROD_FLASH_DISK&REV_8.01#EE054F77 &1#</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
third error is..
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 22/07/2015 16:06:55
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: DAVE-PC
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-07-22T15:06:55.000000000Z" />
<EventRecordID>219018</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DAVE-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Launch</Data>
<Data Name="param4">{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}</Data>
<Data Name="param5">{344ED43D-D086-4961-86A6-1106F4ACAD9B}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
</EventData>
</Event>
has anyone come across this before and am i safe here ??
thanks
dave
every so often may be once a day i hear the sound like a usb device is being unplugged !!
im in event viewer and noticed these errors around the time i get it....
windows logs>system..
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 22/07/2015 16:32:06
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: DAVE-PC
Description:
Name resolution for the name www.amenajari.zidar.net timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2015-07-22T15:32:06.293350400Z" />
<EventRecordID>219040</EventRecordID>
<Correlation />
<Execution ProcessID="1276" ThreadID="2564" />
<Channel>System</Channel>
<Computer>DAVE-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">www.amenajari.zidar.net</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801010000000000000000</Data>
</EventData>
</Event>
now this looks like my computer is reaching out to this zidar.net site !!!!
and im not liking this at all
has anyone come across this at all ???
second warning in there
Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 22/07/2015 16:08:53
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: DAVE-PC
Description:
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_ USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.01# EE054F77&1#.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2015-07-22T15:08:53.921856500Z" />
<EventRecordID>219030</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>System</Channel>
<Computer>DAVE-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">111</Data>
<Data Name="DriverName">WpdBusEnumRoot\UMB\2&37c186b &0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN _GENERIC&PROD_FLASH_DISK&REV_8.01#EE054F77 &1#</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
third error is..
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 22/07/2015 16:06:55
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: DAVE-PC
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-07-22T15:06:55.000000000Z" />
<EventRecordID>219018</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DAVE-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Launch</Data>
<Data Name="param4">{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}</Data>
<Data Name="param5">{344ED43D-D086-4961-86A6-1106F4ACAD9B}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
</EventData>
</Event>
has anyone come across this before and am i safe here ??
thanks
dave
its only polite....
Comment