Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

rtmpsrv.exe - Application Error unable to start correctly (0xc0000142)

Started by barbieshamrocks , Jun 11 2018 07:33 PM

This topic is locked

8 replies to this topic

#1 barbieshamrocks

Member

Full Member
16 posts

Posted 11 June 2018 - 07:33 PM

Hello I keep getting frozen internet,getting kicked off repeatedly and have to keep connecting and when I power down get this message: rtmpsrv.exe application unable to start correctly (0xc0000142) click ok to close the application and have to force shut down. here are the logs that I ran:

mb-check log version: 3.1.10.1000

User Account type: Administrator

Date Log Created: 06/11/18

Time Log Created: 21:16:30

Path to mb-check: C:\Users\Barb\Downloads\mb-check-3.1.10.1000.exe

Product Name: Windows 8.1

System Type: 64 bit

Current Build: 9600

DomainComputer: No

Malwarebytes Version information

==================================

"controllers_version" : "1.0.374",

"db_version" : "2018.06.11.08",

"dbcls_pkg_version" : "1.0.5442",

"installer_version" : "3.5.1",

"installationToken" : "QkPZ9A-ypASSKxsWrVAY1528763001",

"licenseState" : "free",

"machineId" : "0bd24e27d4adb4f7e997c08c249614ef3ea2deab",

Installation Date: 06/11/2018

Version Installed: 3.x Installed

Installation Directory: C:\Program Files\Malwarebytes\Anti-Malware\

User Information for Local System:

===========================================

User Account: Administrator

Account Level: Admin

User Account: Barb

Account Level: Admin

User Account: Guest

Account Level: Guest

User Account: HomeGroupUser$

Account Level: Guest

Total # of user entries: 4

UAC Settings:

===================

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

DWORD 1 Status: ON

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin

DWORD 5 Status: ON

AntiVirus Information:

===================

AntiVirus Installed: Windows Defender

Status: Up to Date and Enabled

FireWall Information:

===================

NO 3rd Party Firewall Installed

AntiSpyware Information:

===================

AntiSpyware Software Installed: Windows Defender

Status: Up to Date and Enabled

Machine Information

===============================================

System has been up for: 0.655278 Hours

Scheduler Information

===========================

"scheduleParams" : {

"frequency" : "months", "lastTriggeredTime" : { "day" : 1, "hour" : 0, "minute" : 0, "month" : 1, "second" : 0, "year" : 2000 "originalScheduleTime" : { "day" : 11, "hour" : 4, "minute" : 22, "month" : 7, "second" : 3, "year" : 2018 "recoveryPeriod" : 23, "recurrence" : 1 "scheduledScanParams" : { "autoClean" : false, "autoRestart" : false, "checkForUpdates" : true, "clientMetadata" : { "jobId" : "", "scheduleId" : "", "scheduleTag" : "" "enableShuriken" : true, "externalDetections" : [ "filesToScan" : [ "pumHandling" : "detect", "pupHandling" : "detect", "scanArchives" : true, "scanExtra" : true, "scanFileSystem" : true, "scanMemory" : true, "scanRegistry" : true, "scanRootkit" : false, "scanStartup" : true, "type" : "normal" "checkLicenseState" : true, "id" : "c479d144-6dd6-11e8-9476-ace010435742",

"scheduleParams" : {

"frequency" : "days", "lastTriggeredTime" : { "day" : 1, "hour" : 0, "minute" : 0, "month" : 1, "second" : 0, "year" : 2000 "originalScheduleTime" : { "day" : 19, "hour" : 3, "minute" : 11, "month" : 8, "second" : 34, "year" : 2016 "recoveryPeriod" : 0, "recurrence" : 1 "scheduledScanParams" : { "autoClean" : false, "autoRestart" : false, "checkForUpdates" : false, "clientMetadata" : { "jobId" : "", "scheduleId" : "", "scheduleTag" : "" "enableShuriken" : true, "externalDetections" : [ "filesToScan" : [ "pumHandling" : "detect", "pupHandling" : "detect", "scanArchives" : true, "scanExtra" : true, "scanFileSystem" : true, "scanMemory" : true, "scanRegistry" : true, "scanRootkit" : false, "scanStartup" : true, "type" : "normal" "swissArmyEarlyBootStartSet" : false, "totalNumberOfScans" : 1, "totalPUMsDetected" : "0", "totalPUPsDetected" : "10", "totalScannedItems" : "265934", "totalThreatsDetected" : "10"

Update Information

===================================

(enable_auto_update_dbcls = Automatically Check for Updates) (enable_auto_update_sdkctlr = Automatically download and install application component updates) (auto_update_interval = Check for updates every...) (NotifyWhenFullUpdatesAvailable = Notify me when full version updates are available) (warnWhenDefsAreOutOfDate = Notify me if time since last update exceeds 24 hours)

"auto_update_interval" : 60,

"enable_auto_update_dbcls" : true,

"enable_auto_update_sdkctlr" : true,

"NotifyWhenFullUpdatesAvailable" : true,

"WarnWhenDefsAreOutOfDate" : true

Scan Config (additional Handling is scheduled parameters)

===========================================

"globalScanParams" : {

"enableShuriken" : true,

"pumHandling" : "detect",

"pupHandling" : "detect",

"scanArchives" : true,

"scanRootkit" : false,

"scheduledScans" : [

"id" : "c4769c5e-6dd6-11e8-80ef-ace010435742",

"scheduledScanParams" : {

"enableShuriken" : true,

"pumHandling" : "detect",

"pupHandling" : "detect",

"scanArchives" : true,

"scanRootkit" : false,

"type" : "normal"

"id" : "c479d144-6dd6-11e8-9476-ace010435742",

"scheduledScanParams" : {

"enableShuriken" : true,

"pumHandling" : "detect",

"pupHandling" : "detect",

"scanArchives" : true,

"scanRootkit" : false,

"type" : "normal"

RTP Config

==============================

"enableShuriken" : true,

"protectionState" : "enabled",

"pumHandling" : "detect",

"pupHandling" : "detect",

Mwac Controller Config

==============================

"protectionState" : "enabled",

Arw Controller Config

==============================

"protectionState" : "enabled",

AE Controller Config

==============================

"protectionState" : "enabled",

Malwarebytes Anti-Malware Service and Driver Status:

=======================================================

--------------Driver File Info:--------------

C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 253664 BYTES FileVersion: 4.2.0.150 MD5: [351bf8f77b0a15a7b5a2ae098c52a387]

C:\Windows\system32\drivers\mbae64.sys File Size: 152184 BYTES FileVersion: 1.12.4.57 MD5: [1e01f509048bef78831ac89401b172bd]

--------------MBAMService:--------------

Type: 16

State: 4 (The service is running.)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

--------------MBAMChameleon:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

--------------MBAMWebProtection:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebProtection

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

--------------MBAMSwissArmy:--------------

Type: 1

State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

--------------MBAMFarflt:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamFarflt

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

--------------MBAMProtection:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamProtection

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

--------------ES Protection Driver:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: ESProtectionDriver

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

Required Dependencies:

======================

------------------BFE:------------------

Type: 32

State: 4 (The service is running.)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Compatibility Flag Settings:

=================================

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Program Files\Malwarebytes\Anti-Malware\

--EXTRA FILE INSIDE DIRECTORY--: BROWSERSDKDLL.DLL

--EXTRA FILE INSIDE DIRECTORY--: BROWSERSDKDLLSHIM.DLL

7z.dll File Size: 1677824 BYTES FileVersion: 18.5.0.0 MD5: [7580437d0fb8c1ae60d96dafb6883d30]

Actions.dll File Size: 4191440 BYTES FileVersion: 3.1.0.229 MD5: [bbf8d1bd3fed70264553c43933c0778f]

ActionsShim.dll File Size: 2082512 BYTES FileVersion: 3.1.0.229 MD5: [97882d8ae90c1f16d1539dd6ef546458]

AEControllerImpl.dll File Size: 2945744 BYTES FileVersion: 3.0.0.228 MD5: [b43511de77b4b45276aeb90ea37087c9]

AeShim.dll File Size: 1924304 BYTES FileVersion: 3.0.0.156 MD5: [24e006a909c925fe514c257a686cd5ca]

ArwControllerImpl.dll File Size: 3325648 BYTES FileVersion: 3.1.0.266 MD5: [2c526a5b7d9a9c27d884e4ab1abefec3]

arwlib.dll File Size: 3872976 BYTES FileVersion: 3.0.0.645 MD5: [b09bebdfb68d4af061bc12e0c1c85ca2]

ArwSdkShim.dll File Size: 1909456 BYTES FileVersion: 3.0.0.418 MD5: [b023fb2533802aed9218778c57101769]

assistant.exe File Size: 877776 BYTES FileVersion: 3.0.0.1496 MD5: [1c9970c34f766168d07f6efd8857b4fc]

BrowserSDKDLL.dll File Size: 3498704 BYTES FileVersion: 3.2.0.38 MD5: [92e9642560b3824d14886b5a07abc0fe]

BrowserSDKDLLShim.dll File Size: 2072272 BYTES FileVersion: 3.2.0.38 MD5: [102d11ade6874bde5a0ac6af7630e032]

changes.txt File Size: 1010 BYTES FileVersion: N/A MD5: [1d588962fe8f738a4c69828b28266109]

CleanControllerImpl.dll File Size: 5355216 BYTES FileVersion: 3.1.0.409 MD5: [6fc8a69f6702c7dffadfdcd17101f737]

CloudControllerImpl.dll File Size: 3416272 BYTES FileVersion: 3.1.0.164 MD5: [bdb0adcf1fa2d6ad11ca148925fc6056]

libeay32.dll File Size: 1622528 BYTES FileVersion: 1.0.1.9 MD5: [ffc329a6636b6b930c86513c2239bbce]

LicenseControllerImpl.dll File Size: 3441872 BYTES FileVersion: 3.1.0.253 MD5: [c091823974c144a4ad60253346be986f]

malwarebytes_assistant.exe File Size: 876752 BYTES FileVersion: 3.0.0.1496 MD5: [764a7adf001e803e3a8ff365546c09a3]

mbae-api-na.dll File Size: 2268368 BYTES FileVersion: 1.12.4.81 MD5: [4d94c0e3c091503b1710ea966c17db37]

mbae.dll File Size: 410320 BYTES FileVersion: 1.12.4.81 MD5: [23b5a8933ff5bf482198dd6be9060d60]

mbae64.dll File Size: 492752 BYTES FileVersion: 1.12.4.81 MD5: [93da5e4697e7b419091c2c29b0637e7e]

mbam.exe File Size: 11316432 BYTES FileVersion: 3.0.0.1496 MD5: [435d53006b7ada204dd124fc3128293a]

MBAMCore.dll File Size: 4638416 BYTES FileVersion: 3.0.0.673 MD5: [b9294c963255eb48561d04ce5066d849]

MbamPt.exe File Size: 6144 BYTES FileVersion: 3.0.0.219 MD5: [f457eefa52116c47a0f68b916af9d2b4]

MBAMService.exe File Size: 6541008 BYTES FileVersion: 3.1.0.667 MD5: [f7265b7490428499f2fe409fa9247866]

MBAMShim.dll File Size: 1965264 BYTES FileVersion: 3.0.0.667 MD5: [83d2d3c1683e880a0f45dfb5c9a85dda]

mbamtray.exe File Size: 3784400 BYTES FileVersion: 3.0.0.1496 MD5: [be38b471a99bf7fd0e6445308df2e8ab]

mbamwow.exe File Size: 532176 BYTES FileVersion: 3.0.0.1496 MD5: [eeed48842ebf61cc3cfc9b6585829e88]

MBAMWsc.exe File Size: 2110152 BYTES FileVersion: 3.0.0.167 MD5: [45708f32ad9ee179f5fdc19069d6c695]

mbshlext.dll File Size: 2171976 BYTES FileVersion: 3.0.0.57 MD5: [5265576f992af1de32d79b8570f95922]

mbshlext_proto File Size: 2171976 BYTES FileVersion: 3.0.0.57 MD5: [5265576f992af1de32d79b8570f95922]

msvcp120.dll File Size: 455328 BYTES FileVersion: 12.0.21005.1 MD5: [fd5cabbe52272bd76007b68186ebaf00]

msvcr120.dll File Size: 970912 BYTES FileVersion: 12.0.21005.1 MD5: [034ccadc1c073e4216e9466b720f9849]

MWACControllerImpl.dll File Size: 3061968 BYTES FileVersion: 3.0.0.278 MD5: [4d0f82a297c6eebe7a40177b1be87058]

MwacLib.dll File Size: 2493648 BYTES FileVersion: 3.0.0.413 MD5: [1954e15aec4333a802dd5a964e2b612a]

MwacSdkShim.dll File Size: 1927376 BYTES FileVersion: 3.0.0.274 MD5: [940684267476e579dfd70429d9184592]

PoliciesControllerImpl.dll File Size: 2271352 BYTES FileVersion: 3.0.0.177 MD5: [9461138ffbdb975a8e125163bf948158]

Qt5Core.dll File Size: 4809728 BYTES FileVersion: 5.6.3.0 MD5: [6a60ea3c81c70089063169f3e3169e08]

Qt5Gui.dll File Size: 5100032 BYTES FileVersion: 5.6.3.0 MD5: [ee7e90e8e700c04629c01493b1d2fbf7]

Qt5Network.dll File Size: 2012672 BYTES FileVersion: 5.6.3.0 MD5: [9188a989c32dfe9f1d0d2d8bfb543e99]

Qt5Qml.dll File Size: 2522112 BYTES FileVersion: 5.6.3.0 MD5: [df593f35dadf5127e1abf3cadfe3582b]

Qt5Quick.dll File Size: 2570752 BYTES FileVersion: 5.6.3.0 MD5: [830f2103b3ad31303627112804910123]

Qt5Svg.dll File Size: 247808 BYTES FileVersion: 5.6.3.0 MD5: [56401a33f71c544a203edd7f33d7a773]

Qt5Widgets.dll File Size: 4482048 BYTES FileVersion: 5.6.3.0 MD5: [2eea5c9566fa85135da26b339132cb47]

Qt5WinExtras.dll File Size: 206336 BYTES FileVersion: 5.6.3.0 MD5: [cc4fc8869c41913b98142a219bd6e98f]

rtp.dll File Size: 2118352 BYTES FileVersion: 3.0.0.215 MD5: [74d669ba416684a6e439482c5f45d8b6]

RTPControllerImpl.dll File Size: 2981072 BYTES FileVersion: 3.0.0.384 MD5: [e29c66e21824a2bd033b9b21c54097e0]

RtpShim.dll File Size: 1919696 BYTES FileVersion: 3.0.0.215 MD5: [70628afe8b356849627bd1d34ad90628]

ScanControllerImpl.dll File Size: 4325072 BYTES FileVersion: 3.0.0.842 MD5: [a7e39e856a7a4846c6fc0b4cd31c18eb]

SelfProtectionSdk.dll File Size: 2297040 BYTES FileVersion: 3.0.0.326 MD5: [5c3985c07688511a28d8e85ea1531b02]

SelfProtectionShim.dll File Size: 1955024 BYTES FileVersion: 3.0.0.326 MD5: [07f81931d26fef2863c25dfde3279e4d]

ServiceConfig.json File Size: 614 BYTES FileVersion: N/A MD5: [e95385bc1f77e394efe0b638df2c72e7]

SPControllerImpl.dll File Size: 2468560 BYTES FileVersion: 3.0.0.193 MD5: [2e73a140741a648f3529a0538106b087]

ssleay32.dll File Size: 321024 BYTES FileVersion: 1.0.1.9 MD5: [4e92c5e12237b7caec5011839310f87d]

suhlpr.dll File Size: 2672848 BYTES FileVersion: 3.0.0.305 MD5: [fad7ff3ad298b98af90ee28e8ac9e8ea]

Swissarmy.dll File Size: 2716880 BYTES FileVersion: 4.2.0.215 MD5: [84af94a3f5d777dc890339ae64e6d7d4]

SwissarmyShim.dll File Size: 2009296 BYTES FileVersion: 4.2.0.215 MD5: [0b87e5eb8e7285425516013112a0ee1b]

TelemetryControllerImpl.dll File Size: 4097232 BYTES FileVersion: 3.1.0.224 MD5: [a90608b69d21ca273ea2d3a809fddae7]

unins000.dat File Size: 202282 BYTES FileVersion: N/A MD5: [8e3c68cd61c4ba4b24da2382c944127c]

unins000.exe File Size: 1191120 BYTES FileVersion: 51.1052.0.0 MD5: [75e9f0fb1fcd43a7b92a7b5676666579]

unins000.msg File Size: 22739 BYTES FileVersion: N/A MD5: [200ec5a2e63a8ac04906333e6b92e50c]

UpdateControllerImpl.dll File Size: 3507920 BYTES FileVersion: 3.1.0.350 MD5: [441ec847e501ddd547fc10492fd5a287]

zlib.dll File Size: 81408 BYTES FileVersion: 1.2.8.0 MD5: [b924d807b91ec0e911c975fc5c201c1e]

C:\Program Files\Malwarebytes\Anti-Malware\iconengines

ALL FILES PRESENT

qsvgicon.dll File Size: 30208 BYTES FileVersion: 5.6.3.0 MD5: [3c5a574d4c17024fd3697e3d21ab0849]

C:\Program Files\Malwarebytes\Anti-Malware\imageformats

MISSING FILE!: QDDS.DLL

qgif.dll File Size: 24576 BYTES FileVersion: 5.6.3.0 MD5: [f359fdf463a2b6864d2fea930f622b4f]

qicns.dll File Size: 31232 BYTES FileVersion: 5.6.3.0 MD5: [024bb6f5c7a2c5e0bbca3882a903c974]

qico.dll File Size: 25088 BYTES FileVersion: 5.6.3.0 MD5: [a7574b7330800ddf38572a3d23f62238]

qjpeg.dll File Size: 242688 BYTES FileVersion: 5.6.3.0 MD5: [252a29048945b6a46ed1e4162334b2af]

qsvg.dll File Size: 19968 BYTES FileVersion: 5.6.3.0 MD5: [7fdc8cd4da3237f926cbb0a1f960ab97]

qtga.dll File Size: 18944 BYTES FileVersion: 5.6.3.0 MD5: [b222b938d1652c62478d06c41e87b3f9]

qtiff.dll File Size: 318976 BYTES FileVersion: 5.6.3.0 MD5: [ce58327f1e946370ca3f271886092ea6]

qwbmp.dll File Size: 17920 BYTES FileVersion: 5.6.3.0 MD5: [3de2c79ede82f1ba9e12c07a997dbff9]

qwebp.dll File Size: 328704 BYTES FileVersion: 5.6.3.0 MD5: [e69339fc849c588727581afe5451fd9b]

C:\Program Files\Malwarebytes\Anti-Malware\Languages

ALL FILES PRESENT

lang_bg.qm File Size: 238862 BYTES FileVersion: N/A MD5: [9814b09b8621a7ef5bf6121418d1bf5d]

lang_cs.qm File Size: 235137 BYTES FileVersion: N/A MD5: [499db8dda8a9823e80bba4dab5d8324b]

lang_da.qm File Size: 233076 BYTES FileVersion: N/A MD5: [680aad18176f82274b75712570a3fd0d]

lang_de.qm File Size: 249262 BYTES FileVersion: N/A MD5: [a72d871104c98a7467418f0ebe6a3e1c]

lang_en_GB.qm File Size: 43235 BYTES FileVersion: N/A MD5: [7feff3fb3ffbb154a80663120ecd263b]

lang_en_US.qm File Size: 7658 BYTES FileVersion: N/A MD5: [d7ec967efdc80d92145351e4f8ce18dd]

lang_es.qm File Size: 244872 BYTES FileVersion: N/A MD5: [15cf1cf7b807776cc0b326fb13346dae]

lang_fi.qm File Size: 241644 BYTES FileVersion: N/A MD5: [dcd76ae99a9d02121e31ed25327ea88a]

lang_fr.qm File Size: 251182 BYTES FileVersion: N/A MD5: [1f59f23b656f1b5ed55a2452a0252225]

lang_hr.qm File Size: 245924 BYTES FileVersion: N/A MD5: [63ad4129a5bff878fe98d3bfa2eca706]

lang_hu.qm File Size: 241754 BYTES FileVersion: N/A MD5: [5884e1c90841833a374fe8211a836eb2]

lang_it.qm File Size: 241730 BYTES FileVersion: N/A MD5: [248ecbdaca14b8ff893db48d5a957558]

lang_ja.qm File Size: 182318 BYTES FileVersion: N/A MD5: [ebc050847ffac2fbeba58303f365e1cc]

lang_ko.qm File Size: 178184 BYTES FileVersion: N/A MD5: [afd0817357622525617ec41748543413]

lang_nl.qm File Size: 238956 BYTES FileVersion: N/A MD5: [dc4bdaba1bf60b5f1ee4d8a3ecd6814e]

lang_no.qm File Size: 231472 BYTES FileVersion: N/A MD5: [b6f7262f7a59014718c806f8e37871d2]

lang_pl.qm File Size: 247115 BYTES FileVersion: N/A MD5: [fff9af09ad2dfedf60d93340f94fbde9]

lang_pt_BR.qm File Size: 240679 BYTES FileVersion: N/A MD5: [797082413fc5b14d239bdd7b6494602f]

lang_pt_PT.qm File Size: 242416 BYTES FileVersion: N/A MD5: [21a12b1979c5d6f937fe1042ac7d9fe8]

lang_ro.qm File Size: 255586 BYTES FileVersion: N/A MD5: [de0a3cc2597f3dede07f9f97e769578e]

lang_ru.qm File Size: 255328 BYTES FileVersion: N/A MD5: [d2bbb918533e9196aa5881e5ecb5012a]

lang_sk.qm File Size: 239539 BYTES FileVersion: N/A MD5: [2f1e1d2ed57d8d809701b64ffc7dcabd]

lang_sl.qm File Size: 249373 BYTES FileVersion: N/A MD5: [87fba087a940e28eb145a43a907a0696]

lang_sv.qm File Size: 231722 BYTES FileVersion: N/A MD5: [e419218aaf0de8a8ef0102174355813c]

lang_zh_TW.qm File Size: 163452 BYTES FileVersion: N/A MD5: [dd7fd0b8254e92ab5bc55beb506dc167]

C:\Program Files\Malwarebytes\Anti-Malware\platforms

ALL FILES PRESENT

qwindows.dll File Size: 993792 BYTES FileVersion: 5.6.3.0 MD5: [ccbc1d1f25595a220739a3e4d48d8639]

C:\Program Files\Malwarebytes\Anti-Malware\Qt

ALL FILES PRESENT

C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs

ALL FILES PRESENT

C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel

ALL FILES PRESENT

plugins.qmltypes File Size: 12407 BYTES FileVersion: N/A MD5: [e44b896376f64f29dee0dc486d2e06f1]

qmldir File Size: 128 BYTES FileVersion: N/A MD5: [df20f8fc4bd37e9d47303359fe2ec138]

qmlfolderlistmodelplugin.dll File Size: 44032 BYTES FileVersion: 5.6.3.0 MD5: [40dcdef6593b35eaa1cb6fa7bcfb5951]

C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings

ALL FILES PRESENT

plugins.qmltypes File Size: 518 BYTES FileVersion: N/A MD5: [5a95a726ed78bd30027bd9c015d6ff6d]

qmldir File Size: 107 BYTES FileVersion: N/A MD5: [b1f564e1cec8d91ffa94c36ede2a8f24]

qmlsettingsplugin.dll File Size: 22528 BYTES FileVersion: 5.6.3.0 MD5: [dd3bcd144e8e45dba2f9963bbf11d46e]

C:\Program Files\Malwarebytes\Anti-Malware\QtQml

ALL FILES PRESENT

C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2

ALL FILES PRESENT

modelsplugin.dll File Size: 13312 BYTES FileVersion: 5.6.3.0 MD5: [778cdce67207258279ce8c786a134c8e]

plugins.qmltypes File Size: 21799 BYTES FileVersion: N/A MD5: [5e0d6299c808b9405b6a9638f5bf402f]

qmldir File Size: 90 BYTES FileVersion: N/A MD5: [c6d831ad43afa82977d838183de61cd2]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick

ALL FILES PRESENT

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls

ALL FILES PRESENT

plugins.qmltypes File Size: 135655 BYTES FileVersion: N/A MD5: [eea727a00ba543acfff8325965799151]

qmldir File Size: 191 BYTES FileVersion: N/A MD5: [e9cef8a994d9570462ad247e7c959148]

qtquickcontrolsplugin.dll File Size: 698368 BYTES FileVersion: 5.6.3.0 MD5: [0bdc82d828ce6d7cb2e37d9745a2b684]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles

ALL FILES PRESENT

qmldir File Size: 1575 BYTES FileVersion: N/A MD5: [413dcf3e49e01ca487fa65136c6fb0a9]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat

ALL FILES PRESENT

qmldir File Size: 106 BYTES FileVersion: N/A MD5: [abbf675a3b243f93a4391ecf7aa9f62e]

qtquickextrasflatplugin.dll File Size: 809472 BYTES FileVersion: 5.6.3.0 MD5: [22ec0899be4dbee1750f2b0e3e97da32]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs

ALL FILES PRESENT

dialogplugin.dll File Size: 173056 BYTES FileVersion: 5.6.3.0 MD5: [2731b8305a22a0dec2418697f9627d29]

plugins.qmltypes File Size: 116824 BYTES FileVersion: N/A MD5: [e0fbd4e6fbbab46f3352e39a86a01742]

qmldir File Size: 239 BYTES FileVersion: N/A MD5: [3395c40a33f999a8ce8c5f63b0983cf8]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private

ALL FILES PRESENT

dialogsprivateplugin.dll File Size: 35328 BYTES FileVersion: 5.6.3.0 MD5: [0ba49c643ff86d405cc465b35ee66c3c]

plugins.qmltypes File Size: 12302 BYTES FileVersion: N/A MD5: [be212b606484272fb2d32dd5fab12496]

qmldir File Size: 128 BYTES FileVersion: N/A MD5: [d859e992832670dffa54ebc48137c3e0]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras

ALL FILES PRESENT

plugins.qmltypes File Size: 29879 BYTES FileVersion: N/A MD5: [bf5048e8527be9940b9d6ff1e7d49fb9]

qmldir File Size: 144 BYTES FileVersion: N/A MD5: [08cceb0b03c1e9e2365fbb1c7c941a6a]

qtquickextrasplugin.dll File Size: 121344 BYTES FileVersion: 5.6.3.0 MD5: [641d1b803577acf00a5c6fc5ccdbdee5]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts

ALL FILES PRESENT

plugins.qmltypes File Size: 3777 BYTES FileVersion: N/A MD5: [b8378c5fa81c020dcde7a72994a3654e]

qmldir File Size: 130 BYTES FileVersion: N/A MD5: [e9ca7d1d1f439c9be217759f619bf102]

qquicklayoutsplugin.dll File Size: 69632 BYTES FileVersion: 5.6.3.0 MD5: [243ea4e7d3ee30a1a8571d05c9946225]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets

ALL FILES PRESENT

plugins.qmltypes File Size: 11103 BYTES FileVersion: N/A MD5: [50a9b64c522ef413f46f22215ed14c99]

qmldir File Size: 120 BYTES FileVersion: N/A MD5: [816f665be0760d3076997d321c1a4602]

widgetsplugin.dll File Size: 97280 BYTES FileVersion: 5.6.3.0 MD5: [851ed86a7d7912b352cc62663d577a39]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2

ALL FILES PRESENT

plugins.qmltypes File Size: 10394 BYTES FileVersion: N/A MD5: [e6c66c53b7009f2c764969843eb3dd74]

qmldir File Size: 122 BYTES FileVersion: N/A MD5: [c434589591a9b33cbe88891afbb7c144]

windowplugin.dll File Size: 13312 BYTES FileVersion: 5.6.3.0 MD5: [678f48149b0c866386e2d6707e8c711e]

C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2

ALL FILES PRESENT

plugins.qmltypes File Size: 177432 BYTES FileVersion: N/A MD5: [603b4b64138d15ccf21f4b85d0e310e9]

qmldir File Size: 111 BYTES FileVersion: N/A MD5: [fcedccc4408c301dc6b1fe45721353ac]

qtquick2plugin.dll File Size: 13824 BYTES FileVersion: 5.6.3.0 MD5: [7adc5daad23335a47599b51cfadf4094]

C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras

ALL FILES PRESENT

JumpListDestination.qml File Size: 2279 BYTES FileVersion: N/A MD5: [927851ddab1d2220d2b51aeb463102ed]

JumpListLink.qml File Size: 2748 BYTES FileVersion: N/A MD5: [458c59749f618f2aca803e1f25b16f36]

JumpListSeparator.qml File Size: 2071 BYTES FileVersion: N/A MD5: [6859186f10892380a27fc277add020d5]

plugins.qmltypes File Size: 14616 BYTES FileVersion: N/A MD5: [3fdb2e85892e4bff392b7fafe693fcde]

qmldir File Size: 171 BYTES FileVersion: N/A MD5: [f8589c6293d7e99c8b5ceff87e3a76fe]

qml_winextras.dll File Size: 74752 BYTES FileVersion: 5.6.3.0 MD5: [1d7183b6462bec1b98780bf2c4b6a304]

C:\Program Files\Malwarebytes\Anti-Malware\scenegraph

ALL FILES PRESENT

softwarecontext.dll File Size: 102400 BYTES FileVersion: 5.6.3.0 MD5: [3f5f9142406fac1e5d061be12172e163]

C:\Program Files\Malwarebytes\Anti-Malware\sdk

MBAMSwissArmy.cat File Size: 10714 BYTES FileVersion: N/A MD5: [4be0870e91877390e328566b338ff411]

MBAMSwissArmy.inf File Size: 2273 BYTES FileVersion: N/A MD5: [674f323a2e134b22b02c2eb1b1418442]

MBAMSwissArmy.sys File Size: 253664 BYTES FileVersion: 4.2.0.150 MD5: [351bf8f77b0a15a7b5a2ae098c52a387]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware

MISSING DIRECTORY: ARW

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\gatekeeper.conf

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\license.conf

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\notifications.conf

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\scheduler.conf

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\settings.conf

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\statistics.conf

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\exclusions.dat

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2016-08-18 (19-19-34).xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2016-08-23 (20-32-13).xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2016-08-28 (11-51-39).xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2018-06-04 (20-31-03).xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2016-08-18.xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2016-08-19.xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2016-08-20.xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2016-08-22.xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2016-08-23.xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2016-08-26.xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2016-08-28.xml

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2018-06-04.xml

C:\ProgramData\Malwarebytes\MBAMService\clean.mbdb

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json.bak

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

C:\ProgramData\Malwarebytes\MBAMService\dbmanifest.dat

C:\ProgramData\Malwarebytes\MBAMService\dbmanifest2.dat

C:\ProgramData\Malwarebytes\MBAMService\dbupdate.log

C:\ProgramData\Malwarebytes\MBAMService\dynconfig.dat

C:\ProgramData\Malwarebytes\MBAMService\exclusions.txt

C:\ProgramData\Malwarebytes\MBAMService\HubbleCache

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest.dat

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig.dat

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot.mbdb

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG

C:\ProgramData\Malwarebytes\MBAMService\mbdigsig.dat

C:\ProgramData\Malwarebytes\MBAMService\mbdigsig2.dat

C:\ProgramData\Malwarebytes\MBAMService\prot.mbdb

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0a768732-6dd7-11e8-ba0b-ace010435742.data

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0a76ae4c-6dd7-11e8-bc21-ace010435742.data

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2b2817a2-6dd7-11e8-a4ea-ace010435742.data

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2b2817a2-6dd7-11e8-a4ea-ace010435742.quar

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2b2be8d3-6dd7-11e8-b61b-ace010435742.data

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2b2be8d3-6dd7-11e8-b61b-ace010435742.quar

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2b390a94-6dd

Back to top

#2 nasdaq

Forum Deity

Global Moderator
49,288 posts

Posted 12 June 2018 - 05:25 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post the FRST.txt log that was created by the Farbar program.

I need to review it before suggesting any remedial action.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#3 barbieshamrocks

Member

Full Member
16 posts

Posted 13 June 2018 - 04:04 PM

Thank you very much: here it is:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by Barb (administrator) on BARBARABRUESKI (11-06-2018 21:07:19)

Running from C:\Users\Barb\Downloads

Loaded Profiles: Barb (Available Profiles: Barb)

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Corel Corporation) C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe

(Apowersoft) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(The CefSharp Authors) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Apowersoft.Browser.exe

() C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)

HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)

HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"

HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-11-15] (WinZip)

HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-11-15] (WinZip Computing, S.L.)

HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-11-15] (WinZip Computing, S.L.)

HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-07] (TOSHIBA)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)

HKU\S-1-5-21-2224570990-2050318907-3262021388-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)

HKU\S-1-5-21-2224570990-2050318907-3262021388-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2224570990-2050318907-3262021388-1001\...\Run: [VideoDownloadCapture] => C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe [6153880 2018-03-07] (Apowersoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{91C12545-CFCF-4514-9855-FE08794F64C9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB

HKU\S-1-5-21-2224570990-2050318907-3262021388-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB

HKU\S-1-5-21-2224570990-2050318907-3262021388-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB

HKU\S-1-5-21-2224570990-2050318907-3262021388-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com/

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2224570990-2050318907-3262021388-1001 -> DefaultScope {F6ACC77A-319E-43A3-881B-B42661503136} URL =

SearchScopes: HKU\S-1-5-21-2224570990-2050318907-3262021388-1001 -> {F6ACC77A-319E-43A3-881B-B42661503136} URL =

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)

FireFox:

========

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2015-04-02] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2015-04-02] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-21] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-21] (Intel Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://homepage-web.com/?s=toshibaupd&m=home

CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxp://google.com/maps","hxxp://www.facebook.com/","hxxp://ancestry.com/","hxxps://www.google.com/"

CHR DefaultSearchURL: Default -> hxxp://search.myappzcenter.com/search/?category=web&s=49ds&q={searchTerms}

CHR DefaultSearchKeyword: Default -> MusicFinder Search

CHR DefaultSuggestURL: Default -> hxxp://sug.myappzcenter.com/search/index_sg.php?q={searchTerms}

CHR Profile: C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default [2018-06-11]

CHR Extension: (Slides) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]

CHR Extension: (Docs) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]

CHR Extension: (Google Drive) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-20]

CHR Extension: (YouTube) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-20]

CHR Extension: (DoctoPDF) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhbdbilphcancnmheonmkiejhbabelh [2018-06-11]

CHR Extension: (Google Search) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-20]

CHR Extension: (MusicFinder Search) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebhcflbfnmlobiplacldedddeplbjfoc [2018-06-11]

CHR Extension: (Sheets) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]

CHR Extension: (Google Docs Offline) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]

CHR Extension: (Gmail) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-20]

CHR Extension: (Chrome Media Router) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows ® Win 7 DDK provider) [File not signed]

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-11] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-11] (Dropbox, Inc.)

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [342928 2014-12-10] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-21] (Intel Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()

S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

S3 McODS; "C:\ProgramData\McAfee\Update\Installs\pkg_default\Download_Files\default\vso\vso_li_cat\%VSINSTALL_DIR64%\mcods.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-11] (Malwarebytes)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-21] (Intel Corporation)

S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)

R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-08-03] (Riverbed Technology, Inc.)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)

S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [27136 2014-03-24] (Windows ® Win 7 DDK provider)

R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]

S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-11 21:07 - 2018-06-11 21:07 - 000017278 _____ C:\Users\Barb\Downloads\FRST.txt

2018-06-11 21:07 - 2018-06-11 21:07 - 000000000 ____D C:\FRST

2018-06-11 21:06 - 2018-06-11 21:06 - 002413056 _____ (Farbar) C:\Users\Barb\Downloads\FRST64 (1).exe

2018-06-11 21:05 - 2018-06-11 21:06 - 002413056 _____ (Farbar) C:\Users\Barb\Downloads\FRST64.exe

2018-06-11 21:04 - 2018-06-11 21:04 - 000001143 _____ C:\Users\Barb\Desktop\FRST - Shortcut.lnk

2018-06-11 21:02 - 2018-06-11 21:02 - 001773568 _____ (Farbar) C:\Users\Barb\Downloads\FRST (2).exe

2018-06-11 21:00 - 2018-06-11 21:00 - 001773568 _____ (Farbar) C:\Users\Barb\Downloads\FRST (1).exe

2018-06-11 20:58 - 2018-06-11 20:59 - 001773568 _____ (Farbar) C:\Users\Barb\Downloads\FRST.exe

2018-06-11 20:50 - 2018-06-11 20:50 - 002326304 _____ (Malwarebytes Corporation) C:\Users\Barb\Downloads\mb-check-3.1.10.1000.exe

2018-06-11 20:50 - 2018-06-11 20:50 - 000232402 _____ C:\Users\Barb\Desktop\mb-check-results.zip

2018-06-11 20:50 - 2018-06-11 20:50 - 000000191 _____ C:\Users\Barb\Desktop\mb-grab-errors.txt

2018-06-11 20:44 - 2018-06-11 20:44 - 077565720 _____ (Malwarebytes ) C:\Users\Barb\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5434 (1).exe

2018-06-11 20:34 - 2018-06-11 20:34 - 000000000 ____D C:\SPYWARE FILES TO SHARE

2018-06-11 20:22 - 2018-06-11 20:38 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2018-06-11 20:22 - 2018-06-11 20:22 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2018-06-11 20:22 - 2018-06-11 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2018-06-11 20:22 - 2018-06-11 20:22 - 000000000 ____D C:\ProgramData\MB2Migration

2018-06-11 20:22 - 2018-06-11 20:22 - 000000000 ____D C:\Program Files\Malwarebytes

2018-06-11 20:22 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys

2018-06-11 20:20 - 2018-06-11 20:21 - 077565720 _____ (Malwarebytes ) C:\Users\Barb\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5434.exe

2018-06-10 12:40 - 2018-06-10 12:40 - 000150741 _____ C:\Users\Barb\Downloads\mcgrath and howard birth certs from 1864_5.pdf

2018-06-10 12:40 - 2018-06-10 12:40 - 000150741 _____ C:\Users\Barb\Downloads\mcgrath and howard birth certs from 1864_5 (2).pdf

2018-06-10 12:40 - 2018-06-10 12:40 - 000150741 _____ C:\Users\Barb\Downloads\mcgrath and howard birth certs from 1864_5 (1).pdf

2018-06-10 12:22 - 2018-06-10 12:22 - 000119503 _____ C:\Users\Barb\Downloads\mcgrath and howard birth certs from 1864.pdf

2018-06-06 17:40 - 2018-06-06 19:47 - 000048640 _____ C:\Users\Barb\Downloads\Marshall Wilson.xls

2018-06-05 17:24 - 2018-06-05 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2018-06-04 06:18 - 2018-06-04 06:18 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe

2018-06-04 06:18 - 2018-06-04 06:18 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys

2018-06-04 06:18 - 2018-06-04 06:18 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

2018-06-04 06:18 - 2018-06-04 06:18 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys

2018-06-03 12:32 - 2018-06-03 12:57 - 000000000 ____D C:\UNCLE BILL

2018-06-03 12:29 - 2018-06-03 12:29 - 000000000 ____D C:\ProgramData\Apowersoft

2018-06-03 11:26 - 2018-06-03 11:26 - 066477576 _____ (APOWERSOFT LIMITED ) C:\Users\Barb\Downloads\video-download-capture (2).exe

2018-06-03 11:24 - 2018-06-03 11:24 - 066477576 _____ (APOWERSOFT LIMITED ) C:\Users\Barb\Downloads\video-download-capture (1).exe

2018-06-03 11:14 - 2018-06-03 11:14 - 000000000 ____D C:\Users\Barb\Documents\Apowersoft

2018-06-03 11:14 - 2018-06-03 11:14 - 000000000 ____D C:\Users\Barb\AppData\Local\CEF

2018-06-03 11:13 - 2018-06-03 11:27 - 000001335 _____ C:\Users\Public\Desktop\Video Download Capture.lnk

2018-06-03 11:13 - 2018-06-03 11:14 - 000000000 ____D C:\Users\Barb\AppData\Roaming\Apowersoft

2018-06-03 11:13 - 2018-06-03 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft

2018-06-03 11:13 - 2018-06-03 11:13 - 000000000 ____D C:\Program Files (x86)\Apowersoft

2018-06-03 11:13 - 2017-08-03 09:15 - 000370424 _____ (Riverbed Technology, Inc.) C:\Windows\system32\wpcap.dll

2018-06-03 11:13 - 2017-08-03 09:15 - 000282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll

2018-06-03 11:13 - 2017-08-03 09:15 - 000107768 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Packet.dll

2018-06-03 11:13 - 2017-08-03 09:15 - 000098040 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Packet.dll

2018-06-03 11:13 - 2017-08-03 09:15 - 000053299 _____ C:\Windows\SysWOW64\pthreadVC.dll

2018-06-03 11:13 - 2017-08-03 09:15 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\npf.sys

2018-06-03 11:11 - 2018-06-03 11:12 - 066477576 _____ (APOWERSOFT LIMITED ) C:\Users\Barb\Downloads\video-download-capture.exe

2018-05-23 20:37 - 2018-05-23 20:37 - 001617913 _____ C:\Users\Barb\Downloads\50th Wedding Anniversary Party.pdf

2018-05-22 19:29 - 2018-05-22 19:29 - 060051653 _____ C:\Users\Barb\Downloads\2012 Romano Tree (3).pdf

2018-05-22 19:08 - 2018-05-22 19:08 - 000036352 _____ C:\Users\Barb\Downloads\JUDY CHARRIOTT DIMEGIO TREE.xls

2018-05-22 18:04 - 2018-05-22 18:04 - 000065980 _____ C:\Users\Barb\Downloads\Obit C T Sculley.pdf

2018-05-22 18:04 - 2018-05-22 18:04 - 000065980 _____ C:\Users\Barb\Downloads\Obit C T Sculley (1).pdf

2018-05-19 16:40 - 2018-05-19 16:40 - 000101888 _____ C:\Users\Barb\Downloads\FORD-Carlsson Families-Compare (3).xls

2018-05-19 16:39 - 2018-05-19 16:39 - 000101888 _____ C:\Users\Barb\Downloads\FORD-Carlsson Families-Compare (2).xls

2018-05-18 17:39 - 2018-05-18 17:39 - 000101888 _____ C:\Users\Barb\Downloads\FORD-Carlsson Families-Compare (1).xls

2018-05-17 19:34 - 2018-05-17 19:36 - 060051653 _____ C:\Users\Barb\Downloads\2012 Romano Tree (1).pdf

2018-05-17 19:34 - 2018-05-17 19:34 - 060051653 _____ C:\Users\Barb\Downloads\2012 Romano Tree.pdf

2018-05-17 19:34 - 2018-05-17 19:34 - 060051653 _____ C:\Users\Barb\Downloads\2012 Romano Tree (2).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-11 20:53 - 2015-04-02 21:46 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2018-06-11 20:43 - 2015-12-20 14:29 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2224570990-2050318907-3262021388-1001

2018-06-11 20:42 - 2015-12-20 15:55 - 004462592 ___SH C:\Users\Barb\Downloads\Thumbs.db

2018-06-11 20:38 - 2017-03-11 09:03 - 000000930 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job

2018-06-11 20:37 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-06-11 20:33 - 2015-04-02 21:41 - 000000000 ____D C:\Program Files (x86)\Amazon

2018-06-11 20:22 - 2016-08-18 19:18 - 000000000 ____D C:\ProgramData\Malwarebytes

2018-06-11 20:18 - 2016-01-03 08:49 - 000000000 ____D C:\BARB

2018-06-11 20:13 - 2017-03-11 09:03 - 000000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

2018-06-11 19:34 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp

2018-06-11 19:12 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\LiveKernelReports

2018-06-11 18:57 - 2015-12-20 14:44 - 000003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4ACEB62B-84B9-4E1C-88FA-C04782DCD157}

2018-06-10 14:07 - 2015-12-20 15:17 - 000000000 ____D C:\FAMILY HISTORY

2018-06-07 17:59 - 2015-12-20 14:45 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-06-07 17:59 - 2015-12-20 14:45 - 000002174 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2018-06-06 17:40 - 2015-12-20 14:23 - 000000000 ____D C:\Users\Barb\AppData\Local\Packages

2018-06-05 17:36 - 2015-12-29 12:54 - 000000000 ____D C:\PHOTOS

2018-06-05 17:25 - 2017-03-11 09:03 - 000000000 ____D C:\Program Files (x86)\Dropbox

2018-06-05 15:19 - 2018-01-14 09:23 - 000835056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2018-06-05 15:19 - 2018-01-14 09:23 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2018-06-04 18:14 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf

2018-06-03 12:56 - 2014-03-18 05:53 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI

2018-06-03 11:32 - 2018-02-24 21:24 - 000000000 ____D C:\IRELAND 2012

2018-05-22 19:29 - 2018-04-26 07:34 - 000000000 ____D C:\BIG REVEAL HIAY FILES

2018-05-19 19:09 - 2018-05-03 08:35 - 000000000 ____D C:\A WILLIAM FORD TRACKING

2018-05-19 10:08 - 2017-03-11 09:03 - 000003906 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA

2018-05-19 10:08 - 2017-03-11 09:03 - 000003670 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore

2018-05-18 17:43 - 2018-03-14 18:21 - 000000132 _____ C:\Users\Barb\AppData\Roaming\Adobe PNG Format CS5 Prefs

2018-05-17 17:52 - 2015-12-20 14:45 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2018-05-17 17:52 - 2015-12-20 14:45 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2018-05-16 18:13 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache

2018-05-16 17:42 - 2013-08-22 10:44 - 005043208 _____ C:\Windows\system32\FNTCACHE.DAT

2018-05-16 17:28 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI

2018-05-14 21:10 - 2017-10-16 18:29 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe

2018-05-14 21:10 - 2015-12-29 19:20 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2018-05-14 21:10 - 2015-12-29 19:20 - 000000000 ____D C:\Windows\system32\MRT

2018-05-12 10:46 - 2015-12-21 11:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

==================== Files in the root of some directories =======

2018-03-14 18:21 - 2018-05-18 17:43 - 000000132 _____ () C:\Users\Barb\AppData\Roaming\Adobe PNG Format CS5 Prefs

Some files in TEMP:

====================

2015-12-29 13:27 - 2015-12-29 13:27 - 000467968 _____ (Realtek Semiconductor Corp.) C:\Users\Barb\AppData\Local\Temp\COMAP.EXE

2015-10-27 18:07 - 2015-10-27 18:07 - 000120336 _____ (McAfee, Inc.) C:\Users\Barb\AppData\Local\Temp\McCSPInstall.dll

2015-12-20 14:39 - 2015-10-27 18:07 - 000123368 _____ (McAfee Inc.) C:\Users\Barb\AppData\Local\Temp\mccspuninstall.exe

2016-03-12 15:23 - 2016-03-12 15:25 - 063142648 _____ (SweetLabs,Inc.) C:\Users\Barb\AppData\Local\Temp\oct12AF.tmp.exe

2016-04-14 19:57 - 2016-04-14 19:58 - 063707840 _____ (SweetLabs,Inc.) C:\Users\Barb\AppData\Local\Temp\oct28EE.tmp.exe

2016-09-24 19:21 - 2016-09-24 19:21 - 064108904 _____ (SweetLabs,Inc.) C:\Users\Barb\AppData\Local\Temp\oct35A8.tmp.exe

2015-12-20 14:31 - 2015-12-20 14:32 - 063066872 _____ (SweetLabs,Inc.) C:\Users\Barb\AppData\Local\Temp\oct4D16.tmp.exe

2016-07-25 19:39 - 2016-07-25 19:40 - 063953600 _____ (SweetLabs,Inc.) C:\Users\Barb\AppData\Local\Temp\oct8D9D.tmp.exe

2016-07-31 16:03 - 2016-07-31 16:03 - 063953128 _____ (SweetLabs,Inc.) C:\Users\Barb\AppData\Local\Temp\oct9622.tmp.exe

2015-12-21 11:04 - 2012-11-10 14:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Barb\AppData\Local\Temp\ose00000.exe

2017-04-25 18:39 - 2017-04-25 18:39 - 000000000 _____ () C:\Users\Barb\AppData\Local\Temp\{4C23E6CD-7B78-4341-8B1D-96B0A41D3C4C}-58.0.3029.81_57.0.2987.133_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-01 17:22

==================== End of FRST.txt ============================

Back to top

#4 nasdaq

Forum Deity

Global Moderator
49,288 posts

Posted 14 June 2018 - 05:45 AM

Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon) <==== ATTENTION
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HomePage: Default -> hxxp://homepage-web.com/?s=toshibaupd&m=home
CHR DefaultSearchURL: Default -> hxxp://search.myappzcenter.com/search/?category=web&s=49ds&q={searchTerms}
CHR DefaultSearchKeyword: Default -> MusicFinder Search
CHR DefaultSuggestURL: Default -> hxxp://sug.myappzcenter.com/search/index_sg.php?q={searchTerms}
CHR Extension: (MusicFinder Search) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebhcflbfnmlobiplacldedddeplbjfoc [2018-06-11]

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If your problem persists re-install the Apowersoft Video Download Capture which is causing this issue.

Faulting application path: C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe

Restart them computer normally.

Please let me know if the problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#5 nasdaq

Forum Deity

Global Moderator
49,288 posts

Posted 14 June 2018 - 05:46 AM

Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon) <==== ATTENTION
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HomePage: Default -> hxxp://homepage-web.com/?s=toshibaupd&m=home
CHR DefaultSearchURL: Default -> hxxp://search.myappzcenter.com/search/?category=web&s=49ds&q={searchTerms}
CHR DefaultSearchKeyword: Default -> MusicFinder Search
CHR DefaultSuggestURL: Default -> hxxp://sug.myappzcenter.com/search/index_sg.php?q={searchTerms}
CHR Extension: (MusicFinder Search) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebhcflbfnmlobiplacldedddeplbjfoc [2018-06-11]

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If your problem persists re-install the Apowersoft Video Download Capture which is causing this issue.

Faulting application path: C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe

Restart them computer normally.

Please let me know if the problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#6 barbieshamrocks

Member

Full Member
16 posts

Posted 16 June 2018 - 01:28 PM

Thanks for your help!

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by Barb (16-06-2018 12:48:17) Run:2

Running from C:\Users\Barb\Downloads

Loaded Profiles: Barb (Available Profiles: Barb)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

CHR HomePage: Default -> hxxp://homepage-web.com/?s=toshibaupd&m=home

CHR DefaultSearchURL: Default -> hxxp://search.myappzcenter.com/search/?category=web&s=49ds&q={searchTerms}

CHR DefaultSearchKeyword: Default -> MusicFinder Search

CHR DefaultSuggestURL: Default -> hxxp://sug.myappzcenter.com/search/index_sg.php?q={searchTerms}

CHR Extension: (MusicFinder Search) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebhcflbfnmlobiplacldedddeplbjfoc [2018-06-11]

End

*****************

Restore point was successfully created.

Processes closed successfully.

"Chrome HomePage" => not found

"Chrome DefaultSearchURL" => not found

"Chrome DefaultSearchKeyword" => not found

"Chrome DefaultSuggestURL" => not found

CHR Extension: (MusicFinder Search) - C:\Users\Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebhcflbfnmlobiplacldedddeplbjfoc [2018-06-11] => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3146160 B

Java, Flash, Steam htmlcache => 0 B

Windows/system/drivers => 0 B

Edge => 0 B

Chrome => 0 B

Firefox => 0 B

Opera => 0 B

Back to top

#7 barbieshamrocks

Member

Full Member
16 posts

Posted 18 June 2018 - 07:26 AM

Im away now til Friday so take yr time and thanks again for your help. B

Back to top

#8 barbieshamrocks

Member

Full Member
16 posts

Posted 23 June 2018 - 07:42 AM

Thank you very much for your help, it's not freezing any more!

Back to top

#9 nasdaq

Forum Deity

Global Moderator
49,288 posts

Posted 19 August 2019 - 05:39 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

Back to Resolved or inactive Malware Removal

rtmpsrv.exe - Application Error unable to start correctly (0xc0000142)

#1 barbieshamrocks

#2 nasdaq

#3 barbieshamrocks

#4 nasdaq

#5 nasdaq

#6 barbieshamrocks

#7 barbieshamrocks

#8 barbieshamrocks

#9 nasdaq

Sign In