Results 1 to 4 of 4

Thread: Access violation at address 3060B743 in module'SDWelcome.exe'.Writeofaddress 00000080

  1. #1
    Junior Member
    Join Date
    Sep 2016
    Posts
    1

    Default Access violation at address 3060B743 in module'SDWelcome.exe'.Writeofaddress 00000080

    2 days ago installed spybot (had ??virus/problem looked like sticky click button, etc.) I run the program at least 7-8 time (for those 2 days) and all looked cleaned yesterday - pc working just normal. Today with the start got the same problem (need to click 3-5 time to select or start a program), so I tried to start spybot and got the message in the subject line. I had aquick look through the forum and found that is better to provide this info:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
    Ran by Vivianne (administrator) on VIVIANNE-PC (08-09-2016 14:34:23)
    Running from C:\Users\Vivianne\Downloads
    Loaded Profiles: Vivianne (Available Profiles: Vivianne)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (O2Micro International) C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Chicony) C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    AND THE TEXT (sorry for the long message):
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by Vivianne (08-09-2016 14:36:04)
    Running from C:\Users\Vivianne\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2016-07-19 14:23:48)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4007634487-3081395449-3363616060-500 - Administrator - Disabled)
    Guest (S-1-5-21-4007634487-3081395449-3363616060-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4007634487-3081395449-3363616060-1002 - Limited - Enabled)
    Vivianne (S-1-5-21-4007634487-3081395449-3363616060-1000 - Administrator - Enabled) => C:\Users\Vivianne

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Belgium e-ID middleware 4.0.7 (build 7466) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207466}) (Version: 4.0.7466 - Belgian Government)
    BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
    Camera Assistant Software for Toshiba (HKLM-x32\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.260.0526L - Chicony Electronics Co.,Ltd.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
    Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.6.0 - Conexant)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.6.61 - Conexant)
    Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    GPL Ghostscript (HKLM\...\GPL Ghostscript 9.19) (Version: 9.19 - Artifex Software Inc.)
    HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA)
    HDMI Control Manager (Version: 2.0 - TOSHIBA) Hidden
    HDMI Control Manager (x32 Version: 2.0 - TOSHIBA) Hidden
    HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.34.7 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HydraVision (x32 Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
    IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
    Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Mozilla Firefox 48.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x64 en-US)) (Version: 48.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
    O2Micro Flash Memory Card Reader Driver (x64) (HKLM\...\{81261CED-B06F-46E9-9E4B-D66DA6E41FFD}) (Version: 3.22 - O2Micro)
    OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
    PDF Reader for Windows 7 (HKLM-x32\...\PDF Reader for Windows_is1) (Version: - PDFLogic Corporation)
    Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
    Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
    Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
    Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 beta 6 - Ghisler Software GmbH)
    Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.0.1 - UltraDefrag Development Team)
    Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Windows Driver Package - Chicony (usbvideo) Image (05/12/2009 6.3.251.0512) (HKLM\...\4D0A78D60CE7E81C31D46CB92DBA41CCF993C9BD) (Version: 05/12/2009 6.3.251.0512 - Chicony)
    Windows Driver Package - Fedict SmartCard (04/30/2014 4.0.7.5) (HKLM\...\C5357B4AD7C02B3F6EF45765A07E5B725E50BBF7) (Version: 04/30/2014 4.0.7.5 - Fedict)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {16974AEA-4437-48CD-AEF4-66FD97CFF981} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-19] (Google Inc.)
    Task: {1870C5C1-77A8-47E5-B6E4-DB08BBBC4D3F} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
    Task: {255E27F2-3E54-4A18-AFC5-FA38D727B8F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-08-23] (HP Inc.)
    Task: {26859782-A923-42DD-8673-44271DC50909} - System32\Tasks\HPCeeScheduleForVivianne => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
    Task: {3FA6955E-F465-43C6-84D8-F2C719631EF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {47AAAF8B-133A-49A6-8A00-35E1B9340715} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {50623AAA-1AD9-4868-9A65-25DBF6D2FFBF} - System32\Tasks\{62274EE7-02CF-40DF-9BD4-9E6970BD52BF} => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {7A6F3FDE-B8E8-4155-9EC6-CD8A15DFDB96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
    Task: {7CB1E921-722F-457E-AF91-969E21010602} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
    Task: {82ECED0A-05AE-44C3-8D50-21E1BC07C573} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
    Task: {8CCA59A5-8DB5-47BB-9AA9-B9C0B26B1C02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-19] (Google Inc.)
    Task: {917B4FC1-473E-4BCE-A3B7-4D9AB0D7C75A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {97175C4A-E539-4622-AC7C-CEEC28DE927D} - System32\Tasks\SafeZone scheduled Autoupdate 1465225859 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {B0CA7C7D-0AC1-45B4-9223-8032A9642635} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
    Task: {B825A98F-BEF6-427F-A2AE-0A862F89455F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {C43CC7CB-2CBA-4E5D-B78E-B2B5C3A33966} - System32\Tasks\{8AF9CAE4-DBEF-42A8-A72B-4924D9AC3834} => pcalua.exe -a C:\Users\Vivianne\AppData\Local\Temp\mozOpenDownload\irfanview_plugins_442_setup.exe -d C:\Users\Vivianne\AppData\Local\Temp\mozOpenDownload <==== ATTENTION
    Task: {C4C8A1EC-D4E9-43DE-B929-9BE728BFFC75} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-21] (AVAST Software)
    Task: {C7817F8C-FFF9-4787-BED3-AD6A456E17D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
    Task: {C886148C-EF5F-4179-A2E8-16F836755D1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {EF2106B9-FB75-4745-A257-D3A48016F0FA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-21] (AVAST Software)
    Task: {F838D6A6-8FC3-4195-B913-3748F79F415E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForVivianne.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2016-08-08 21:59 - 2016-08-03 01:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
    2016-08-08 21:59 - 2016-08-03 01:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
    2016-08-21 11:39 - 2016-08-21 11:39 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-09-08 12:01 - 2016-09-08 12:01 - 03084464 _____ () C:\Program Files\AVAST Software\Avast\defs\16090800\algo.dll
    2016-08-21 11:39 - 2016-08-21 11:39 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-09-04 18:31 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-09-04 18:31 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-09-04 18:31 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-07-21 15:02 - 2016-07-21 15:03 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4007634487-3081395449-3363616060-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vivianne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{34D76D05-CF17-4386-A282-D32122F994E7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{C3991812-57EC-4CBC-A891-80719FFC6CBD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{33D7E4D4-BF6E-4249-BE70-EFBDB659DB8D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{AC206FE3-BACB-4F71-A2AE-AA384A69229A}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
    FirewallRules: [{16C92BB4-ADAE-4071-B2EB-1A644E701523}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
    FirewallRules: [{2E7960BD-E789-4054-800A-B41D7EBE3100}] => (Allow) LPort=5357
    FirewallRules: [{DD98FEFF-8009-44A5-94EA-220DB8911424}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{87A0C28D-DBCE-4BB9-8697-B5E0E77C519F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    10-08-2016 22:32:05 Windows Backup
    14-08-2016 19:05:01 Windows Backup
    21-08-2016 19:00:28 Windows Backup
    24-08-2016 14:22:52 Windows Backup
    28-08-2016 19:02:15 Windows Backup
    30-08-2016 10:45:25 ASU_MSI_TRAN
    04-09-2016 19:02:07 Windows Backup
    04-09-2016 20:35:52 Cleaner (Spybot - Search & Destroy 2.6, administrator privileges
    07-09-2016 16:05:01 Installed O2Micro Flash Memory Card Reader Driver (x64).
    07-09-2016 16:08:33 Device Driver Package Install: Fedict Smart cards

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/08/2016 02:33:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (09/08/2016 02:33:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (09/08/2016 12:03:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (09/08/2016 12:03:01 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (09/08/2016 12:03:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (09/08/2016 12:01:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/08/2016 10:40:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (09/08/2016 10:39:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (09/08/2016 10:39:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.

    Error: (09/08/2016 10:39:56 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The system cannot find the file specified.


    System errors:
    =============
    Error: (09/08/2016 12:09:17 PM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort2.

    Error: (09/08/2016 12:01:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Error: (09/08/2016 12:01:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/08/2016 12:01:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (09/08/2016 10:48:38 AM) (Source: atapi) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Ide\IdePort2.

    Error: (09/08/2016 10:40:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Error: (09/08/2016 09:11:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (09/07/2016 10:25:12 PM) (Source: cdrom) (EventID: 15) (User: )
    Description: The device, \Device\CdRom0, is not ready for access yet.

    Error: (09/07/2016 04:11:05 PM) (Source: SCardSvr) (EventID: 610) (User: )
    Description: Smart Card Reader 'Generic Smart Card Reader Interface 0' rejected IOCTL GET_STATE: The I/O operation has been aborted because of either a thread exit or an application request. If this error persists, your smart card or reader may not be functioning correctly.

    Command Header: XX XX XX XX

    Error: (09/07/2016 04:09:23 PM) (Source: SCardSvr) (EventID: 610) (User: )
    Description: Smart Card Reader 'Generic Smart Card Reader Interface 0' rejected IOCTL 0x313520: Incorrect function. If this error persists, your smart card or reader may not be functioning correctly.

    Command Header: XX XX XX XX


    CodeIntegrity:
    ===================================
    Date: 2016-09-08 14:34:58.427
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 14:34:58.339
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 14:34:58.163
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 14:34:58.118
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 12:01:43.465
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 10:40:17.324
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 10:36:02.464
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 10:36:02.433
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 10:12:39.547
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2016-09-08 10:12:39.501
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
    Percentage of memory in use: 67%
    Total physical RAM: 4090.85 MB
    Available physical RAM: 1315.08 MB
    Total Virtual: 8179.9 MB
    Available Virtual: 4800.53 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.88 GB) (Free:114.59 GB) NTFS
    Drive d: () (Fixed) (Total:118.66 GB) (Free:11.4 GB) NTFS
    Drive e: (Data) (Fixed) (Total:113.88 GB) (Free:102.48 GB) NTFS
    Drive f: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.24 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 0C0A58EA)
    Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 52431B63)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=113.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
    Last edited by tashi; 2016-09-08 at 16:21. Reason: Because a farbar log was posted topic moved to the malware forum.

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Can you please locate and repost this file FRST.txt ? it was cut off.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Still need help?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Due to the lack of feedback this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •