Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dw20.exe Message Followed by an Applilcation Error Message


  • Please log in to reply
13 replies to this topic

#1 techgnosis

techgnosis

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:04:18 PM

Posted 23 March 2015 - 10:52 PM

I have a slow home computer that I'm trying to fix.  My specs are listed at the bottom.  It slows down considerably after I use the computer for about an hour.  But I also get this message from Internet Explore Security consistently:  dw20.exe

 

=========================

A website wants to open web content using this program on your computer

 

This program will open outside of Protected mode.  Internet Explorer's Protected mode helps protect your computer.  If you do not trust this website, do not open this program.

 

Name:  dw20.exe.

Publisher Microsoft Corporation

=======================

 

When you push either allow or don't allow, the response is the same.  The website goes offline. 

 

After that, another message comes on from IEXPLORER.EXE - Application Error

 

========================

Process ID=0x158c (5516), Thread ID=0x369c (13980).

 

Click OK to terminate the application.

Click Cancel to debut the application.

========================

 

Whichever is chosen, the computer begins to slow down drastically. 

 

 

 

=============================

My Specs::

 

(1) Dell XPS 8500; 3.4 GHz; 12 Gb RAM; 64-bit OS; 2 Tb HD

(2) Windows 8.1 2013; Kaspersky 2014 15.0.1.415©; Comodo Firewall 8.1.0.4426.  

(3) Have run free versions of:  MalwayreBytes; Super AntiSpyware; HitmanPro; JRT; FRST64; FSS; MiniToolBox; rkill; tdsskiller


Edited by techgnosis, 24 March 2015 - 01:33 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 24 March 2015 - 08:39 AM

Hi techgnosis :)

Just so you know, FSS and FRST are reporting/logging tools when used in scan mode only, so they won't fix anything unless instructed otherwise via a fix-list. Thus, I do not suggest you to attempt doing a such thing without proper training since you could easily mess up your whole system with that. Let's take a closer look at these errors.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      wNeKMCX.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:04:18 PM

Posted 24 March 2015 - 08:52 AM

Hi thanks.  I'll do that ASAP.  How do you copy the screen capture?  Is there a file upload?



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 24 March 2015 - 08:52 AM

You can copy and paste the content of the output log, no need to screenshot it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:18 PM

Posted 24 March 2015 - 09:21 AM

FWIW:  DW20.exe is the Windows Error Reporting Tool so the error message you posted appears to be related to XP.  Are you running XP?

 

Iexplorer.exe..is NOT the Internet Explorer process, iexplore.exe is.  It's a big difference, since last time I saw iexplorer.exe referenced, it was considered malware.

 

Topic moved to XP forum.

 

Louis



#6 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:04:18 PM

Posted 24 March 2015 - 10:30 AM

FWIW:  DW20.exe is the Windows Error Reporting Tool so the error message you posted appears to be related to XP.  Are you running XP?

 

Iexplorer.exe..is NOT the Internet Explorer process, iexplore.exe is.  It's a big difference, since last time I saw iexplorer.exe referenced, it was considered malware.

 

Topic moved to XP forum.

 

Louis

 

No, it's not XP.  I'm using Windows 8.1 2013.  And I mistyped.  It actually says:  IEXPLORE.EXE - Application Error

 

Mod Edit: Topic moved to Win 8 forum - Hamluis.


Edited by hamluis, 24 March 2015 - 10:39 AM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 24 March 2015 - 11:46 AM

tech, is it possible to have the MiniToolBox like I instructed in my first post? Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:04:18 PM

Posted 24 March 2015 - 12:16 PM

tech, is it possible to have the MiniToolBox like I instructed in my first post? Thank you.

Yes, ok, thanks.  Here it is and rather long.  Also, please see my other post which I didn't post here since I felt it was another topic, which seems to happen when things slow down:

 

http://www.bleepingcomputer.com/forums/t/571135/slow-computer;-two-processes-hoggin-up-cpu-memory-and-disk/

 

===================================================

MiniToolBox by Farbar  Version: 30-11-2014

Ran by Dolby (administrator) on 24-03-2015 at 12:59:42

Running from "C:\Users\Dolby\Downloads\anti-spyware\ran"

Microsoft Windows 8.1  (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (03/24/2015 00:58:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 00:58:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 00:53:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 00:53:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 00:53:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 02:15:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 02:15:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 02:15:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 01:41:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (03/24/2015 01:41:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: SA_DOLBY)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

System errors:

=============

Error: (03/24/2015 00:54:19 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (03/24/2015 02:38:53 AM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

 

Error: (03/24/2015 00:28:52 AM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (03/23/2015 01:14:06 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (03/23/2015 01:13:36 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (03/23/2015 01:13:05 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (03/23/2015 01:12:35 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (03/23/2015 01:09:35 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (03/22/2015 04:53:28 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (03/22/2015 01:35:46 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

 

Microsoft Office Sessions:

=========================

Error: (03/24/2015 00:58:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 00:58:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 00:53:54 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 00:53:54 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 00:53:54 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 02:15:58 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 02:15:58 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 02:15:58 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 01:41:14 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

Error: (03/24/2015 01:41:14 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: SA_DOLBY)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-03-24 02:40:55.420

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-03-24 02:40:52.077

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-03-24 01:52:43.004

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-24 01:45:54.639

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-24 01:20:21.640

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-24 00:39:55.519

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-23 14:09:55.896

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-03-23 14:09:52.086

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-03-23 01:50:24.779

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-03-23 01:50:20.921

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

 

=========================== Installed Programs ============================

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden

Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)

COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)

CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden

CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden

CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden

CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{0E5D2277-B9CB-4FD2-92B7-7D145B0CE418}) (Version:  - Microsoft)

Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)

Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)

Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)

GeekBuddy (HKLM\...\{54859C62-94AF-4639-AEEB-8687413F396B}) (Version: 4.19.127 - Comodo Security Solutions Inc)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden

Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)

Kaspersky Anti-Virus (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden

K-Defense R6 : Anti-Keylogger (HKLM-x32\...\kdefense) (Version:  - Kings Information & Network)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)

Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7359 - Memeo Inc.)

Memeo Share (HKLM-x32\...\{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}) (Version: 3.1.0.3265 - Memeo Inc.)

Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)

Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden

NVIDIA 3D Vision Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 326.60 - NVIDIA Corporation)

NVIDIA Control Panel 326.60 (Version: 326.60 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.60 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2660 - NVIDIA Corporation) Hidden

NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Seagate Drive Settings Installer (HKLM-x32\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)

Seagate Drive Settings Installer (x32 Version: 1.00.0000 - Seagate Technologies LLC) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SignGATE EWS v4.0 (HKLM-x32\...\SignGATE EWS) (Version:  - )

SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden

TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden

TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden

TurboTax 2013 wnjiper (x32 Version: 013.000.1358 - Intuit Inc.) Hidden

TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{53FAC141-5C6B-4F97-ABC4-E635ABBC59E5}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{74BC74BD-9032-4646-B248-F9F45E6D1326}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{53FDC948-3ABA-4BDE-BCEB-F1465C93D91C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{82148027-13B5-4920-97F3-6A44A29B83D0}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{FC666DD5-8A58-401B-9B1E-2CBB451932E8}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2956203) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{4C42857F-202A-4CB2-8FF7-74624CE22318}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DF548669-AAED-467B-A074-AE2B72A4A871}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2878283) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{174382ED-333C-4C27-81BB-27288080CA16}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

 

========================= Devices: ================================

 

Name: Unknown USB Device (Device Descriptor Request Failed)

Description: Unknown USB Device (Device Descriptor Request Failed)

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service:

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 27%

Total physical RAM: 12248.98 MB

Available physical RAM: 8863.19 MB

Total Pagefile: 24536.98 MB

Available Pagefile: 19852.36 MB

Total Virtual: 4095.88 MB

Available Virtual: 3982.8 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:1846.9 GB) (Free:1462.51 GB) NTFS

2 Drive d: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.21 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\SA_DOLBY

 

Administrator            sadoi_000                Guest                   

sadol_000                sadol_000                Dolby                    

UpdatusUser             

 

 

**** End of log ****

 

______________________

My Specs:

 

(1) Dell XPS 8500; 3.4 GHz; 12 Gb RAM; 64-bit OS; 2 Tb HD

(2) Windows 8.1 2013; Kaspersky 2014 15.0.1.415©; Comodo Firewall 8.1.0.4426.  

(3) Have run free versions of:  MalwayreBytes; Super AntiSpyware; HitmanPro; JRT; FRST64; FSS; MiniToolBox; rkill; tdsskiller


Edited by techgnosis, 24 March 2015 - 12:19 PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 24 March 2015 - 12:21 PM

It seems like you have an issue with COMODO Firewall. I suggest you to uninstall it and reinstall it. If you do not wish to use it, the Windows Firewall is more than enough to cover your needs in term of firewall security. Also, uninstall the following programs:
  • HiJackThis - Cannot be used under Windows 8;
  • Java 8 Update 31 (64-bits) - Outdated;
  • Java 8 Update 31 - Outdated;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:04:18 PM

Posted 24 March 2015 - 01:00 PM

It seems like you have an issue with COMODO Firewall. I suggest you to uninstall it and reinstall it. If you do not wish to use it, the Windows Firewall is more than enough to cover your needs in term of firewall security. Also, uninstall the following programs:

  • HiJackThis - Cannot be used under Windows 8;
  • Java 8 Update 31 (64-bits) - Outdated;
  • Java 8 Update 31 - Outdated;

 

OK, thanks.  So you think Comodo is slowing things down that badly?  I've been watching Comodo with Task Manager but none of their processes seemed to be hogging my CPU, Memory, or Disk.  If it's the compatibility issue, how about me getting Kaspersky's Internet Security, the full version, rather than using 2 separate systems. 

 

I just never felt comfortable with just Windows Firewall since some of my work is sensitive and I felt obliged to block any possible intrusions.


Edited by techgnosis, 24 March 2015 - 01:02 PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 24 March 2015 - 01:08 PM

I can see that there's an issue with it's drivers, so reinstalling it would most likely fix it. And you can use Kaspersky Internet Security. I've been using it for 7 years and it didn't dissapoint me once. It's a great product that offers great protection and also great features.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:04:18 PM

Posted 24 March 2015 - 01:58 PM

OK, great, thanks so very much.  I'll try that later today and report back if I have any issues.  Hopefully, that will solve it and I'll see those 2 processes that are hogging my system in the background through Task Manager disappear:  (1) "Host Process for Setting Synchronization" and (2) "Service Host: Local System (Network Restricted)"  Thanks a million.



#13 techgnosis

techgnosis
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City Area
  • Local time:04:18 PM

Posted 15 April 2015 - 11:34 PM

Ok, the problem is still ongoing.  I've upgraded to 2015 Kaspersky, got rid of Comodo Firewall, and upgraded Kaspersky Total Security.  The same thing is happening and it's actually getting a bit worse.  I have 12GB installed RAM and it's ridiculously slowing down. 

 

Basically the same story:  "Host Process for Setting Synchronization" seems to be hogging CPU, Disk and Memory in Task Manager.  This is a Microsoft process.  Is this supposedly to be constantly running in the background? 

 

And I get that "dw20.exe" message again:

 

=========================

A website wants to open web content using this program on your computer

 

This program will open outside of Protected mode.  Internet Explorer's Protected mode helps protect your computer.  If you do not trust this website, do not open this program.

 

Name:  dw20.exe.

Publisher Microsoft Corporation

=======================

 

The Explorer then goes offline. 

 

After that, another message comes on from IEXPLORER.EXE - Application Error

 

========================

Process ID=0x158c (5516), Thread ID=0x369c (13980).

 

Click OK to terminate the application.

Click Cancel to debut the application.

 

Should I post this as a new thread, explaining what's been done so far?  Is there a possibility that I've been hacked.  Around the time this started happening, which was back in late Feb, I was sent a Twitter link that led me to some bogus site which hijacked me for a few minutes.  My Kaspersky Antivirus blocked the site, I think, and I thought I was safe.  It may be a coincidence but this started happening immediately after I accessed that potentially malicious site.  Since then, I've run Kaspersky, MalwareBytes, and dozens of other malware/spyware software but found nothing. 

 

But that's always in the back of my mind just because of the timing.  And the possibility that this could have been a sophisticated attack.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 PM

Posted 16 April 2015 - 05:22 AM

You could have been hit by an Exploit Kit on that website, yes. If you want to have a check-up done, you'll have to post in the MRT section. In order to do that, you have to post a thread in the Virus, Trojan, Spyware, and Malware Removal Logs section. You have to follow the instructions in the preparation guide prior to posting your thread, since it contains the steps to follow when posting it. Once you've been declared clean by your helper, you are free to comeback in this thread so we can continue working on your current issue, if it wasn't solved during your malware clean-up :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users