Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Requested Resource is in use trojan is on my computer


  • This topic is locked This topic is locked
6 replies to this topic

#1 rcraig35

rcraig35

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 11 April 2017 - 06:52 PM

I have upon some research found out that i have a rootkit trojan on my computer and it says winNT/adclicker how can i remove it i can't open any anivirus scanners without a "Requested Resource is in use" message coming up?

Edit: Moved topic from Introductions to the more appropriate forum, at the request of MR Team member. ~ Animal

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:15 AM

Posted 12 April 2017 - 01:35 PM

Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:15 AM

Posted 16 April 2017 - 03:39 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 rcraig35

rcraig35
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 16 April 2017 - 05:33 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2017
Ran by Ryan Craig (16-04-2017 18:23:31)
Running from C:\Users\Ryan Craig\Downloads
Windows 10 Pro Version 1607 (X64) (2017-04-06 23:32:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3356770317-460246843-610640971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3356770317-460246843-610640971-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3356770317-460246843-610640971-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3356770317-460246843-610640971-501 - Limited - Disabled)
Ryan Craig (S-1-5-21-3356770317-460246843-610640971-1001 - Administrator - Enabled) => C:\Users\Ryan Craig

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_1_0) (Version: 14.1.0 - Adobe Systems Incorporated)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_2) (Version: 16.2 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_2) (Version: 10.0.2 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_2) (Version: 17.0.2 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_1_0) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.9 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Adobe Prelude CC 2017 (HKLM-x32\...\PRLD_6_0_2) (Version: 6.0.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe SpeedGrade CC 2015 (HKLM-x32\...\{8FD7F1DB-7355-469E-A3F2-2118148D8477}) (Version: 9.1.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3356770317-460246843-610640971-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.45.5 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk MatchMover 2014 64-bit (HKLM\...\{48C9E1CA-2D13-4660-9442-363996E4431C}) (Version: 14.0.0.0 - Autodesk)
Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.0.1335.0 - Autodesk)
Autodesk Maya 2015 (Version: 15.0.1335.0 - Autodesk) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Plus 2017 (HKLM\...\Bitdefender) (Version: 21.0.24.62 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.23.1101 - Bitdefender)
Catalyst Control Center Next Localization BR (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.5913 - CyberLink Corp.)
Discover HP Touchpoint Manager (HKLM-x32\...\{0B100034-B9FF-4F2E-8DF2-EC2E77FB2916}) (Version: 1.0.17.1 - Hewlett-Packard Company)
FLT 7.0v2 (HKLM-x32\...\FLT 7.0v2_is1) (Version:  - The Foundry)
Google Chrome (HKU\S-1-5-21-3356770317-460246843-610640971-1001\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.18.284 - SurfRight B.V.)
Houdini 16.0.504.20 (HKLM\...\Houdini 16.0.504.20) (Version: 16.0.504.20 - Side Effects Software)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Hotkey Support (HKLM-x32\...\{EAEBD050-D20B-4D2B-B3A7-6BDBBF3F1A3E}) (Version: 6.2.31.1 - HP)
HP Performance Advisor (HKLM-x32\...\{C29F36C1-C93B-45CF-9F1F-F34DA1F2FF61}) (Version: 1.8.9208 - HP Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.2.19 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1031 - Intel Corporation)
Intel® Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 4.5.6.1004 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mari 3.2v1 (HKLM\...\Mari 3.2v1_is1) (Version:  - The Foundry)
Marvelous Designer 6 Personal (HKLM-x32\...\Marvelous Designer 6 Personal) (Version:  - CLO Virtual Fashion Inc.)
mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.0.1335.0 - mental ray)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3356770317-460246843-610640971-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
Nuke 10.5v3 (HKLM\...\Nuke 10.5v3_is1) (Version:  - The Foundry)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7830.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Pixar RenderMan Pro Server 21.3 (HKLM\...\{16392F70-F3B7-11E6-A198-9C35EBEEE7A7}) (Version: 21.3.1715407 - Pixar)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
RenderManForMaya-21.3-maya2015 (HKLM\...\{4FB2EE2E-F3B7-11E6-B92E-9C35EBEEE7A7}) (Version: 21.3.1715407 - Pixar)
RenderMan-Installer (HKLM\...\{E657B64F-C030-11E6-B7F6-9C35EBEEE7A7}) (Version: 21.3.0 - Pixar)
RFRK 2014 for Maya (HKLM-x32\...\RFRK4Maya) (Version: 2014.0.0.34 - Next Limit)
The Face Machine for Maya 2015 (64-bit edition) (HKLM\...\The Face Machine for Maya 2015 (64-bit edition)) (Version: version 1.09 (built 11.12.2014) - Anzovin Studio)
Transmission 2.92 (14714) (HKLM-x32\...\{AC6472B8-230F-4F26-9827-30EB86F5AC63}) (Version: 2.92.0 - Transmission Project)
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.5 - Simply Super Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.24.0 (HKLM\...\VulkanRT1.0.24.0) (Version: 1.0.24.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.21-10 - Wacom Technology Corp.)
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3356770317-460246843-610640971-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-3356770317-460246843-610640971-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-678C9DD3726F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3356770317-460246843-610640971-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-3356770317-460246843-610640971-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan Craig\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3356770317-460246843-610640971-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan Craig\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3356770317-460246843-610640971-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\B (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-3356770317-460246843-610640971-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3356770317-460246843-610640971-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan Craig\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1510B464-163D-4BC9-89FD-B90B9AD1B8C7} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle => C:\windows\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION
Task: {38FEDFCF-800C-467C-A4E5-5DA884106D03} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock => C:\windows\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION
Task: {4B505D0F-5D12-48DB-948D-8554F15B06BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {5007669B-B2FF-421C-9459-63F5216EA63B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rcraig320@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {5580E7B9-D898-4485-9111-BE0E7D558FCD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {5844697D-D423-430F-9154-AD2D00515FFE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {5BBA6A58-8DC2-4A79-9AE9-976574009FBE} - System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager => C:\windows\System32\UNP\UNPCampaignManager.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION
Task: {69133B33-39FD-4431-BD53-6EEEBA028EF2} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle => C:\windows\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION
Task: {7F0409F1-33DF-40FE-9CBA-209E23A572A2} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon => C:\windows\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION
Task: {8AF4F06A-865A-49BC-A781-0DBB6F50D40F} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 => C:\Windows\system32\UNP\UNPCampaignManager.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION
Task: {96019DE9-F8C1-486F-A73C-6A9F65D669E1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {AD930148-41A0-445F-9442-1EA8F0CDFC2F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3356770317-460246843-610640971-1001UA => C:\Users\Ryan Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)
Task: {C3D43486-BB7D-453F-8BA8-94E7B5176032} - System32\Tasks\Simple Malware Protector_ipm => C:\Program Files (x86)\Simple Malware Protector\AppManager.exe
Task: {C6AFF995-9AF8-40C1-941E-E80D635C208C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {C7BFAD08-8D60-4883-B31C-EB46017DD4DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3356770317-460246843-610640971-1001Core => C:\Users\Ryan Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-07] (Google Inc.)
Task: {D1452FA7-C27E-4BF9-B49F-50667C7EBDCA} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-DRKELJL-Ryan Craig => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {D17570FA-8D19-4F17-9E5F-0C4DB155FAE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {DAE76B23-6471-4849-970A-D6CA381661C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {DF860A66-D0C3-4C43-A07E-2F8C8707A063} - System32\Tasks\Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time => C:\windows\system32\UNP\UNPUXLauncher.exe [2017-04-02] (Microsoft Corporation) <==== ATTENTION
Task: {EDA7091E-6461-46F7-B6DE-60AD18451F51} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-03-24] (Bitdefender)
Task: {FF4EBD1F-DF97-4E47-9F34-B92CE76EC5C0} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-02-02] (Bitdefender)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ryan Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Next Limit\RFRK 2014\Documentation.lnk -> hxxp://support.nextlimit.com/display/rfdocs/RealFlow+RenderKi

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\windows\SYSTEM32\ism32k.dll
2017-04-11 17:08 - 2017-03-28 02:22 - 02681200 _____ () C:\windows\system32\CoreUIComponents.dll
2017-04-11 21:33 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-04-11 21:33 - 2017-02-07 12:34 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
2017-04-11 21:33 - 2017-02-07 12:34 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
2017-04-11 21:33 - 2017-02-07 12:34 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
2017-04-11 21:33 - 2017-02-07 12:34 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
2017-04-15 17:16 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-15 17:16 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-06 22:19 - 2017-04-05 15:21 - 01658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-04-11 17:08 - 2017-03-28 02:22 - 02681200 _____ () C:\windows\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-04-07 21:29 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-04-07 21:27 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-07 21:28 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-04-07 21:28 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-07 21:27 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 17:08 - 2017-03-28 01:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 17:08 - 2017-03-28 01:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 17:08 - 2017-03-28 01:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-25 20:34 - 2015-06-25 20:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 20:37 - 2015-06-25 20:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 20:35 - 2015-06-25 20:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 20:38 - 2015-06-25 20:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 19:53 - 2015-06-25 19:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 19:51 - 2015-06-25 19:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-04-11 21:33 - 2017-03-09 18:24 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
2013-12-12 07:38 - 2013-12-12 07:38 - 05617480 _____ () C:\Program Files\Autodesk\Maya2015\bin\synHub.dll
2013-08-08 12:50 - 2013-08-08 12:50 - 01592832 _____ () C:\Program Files\Autodesk\Maya2015\bin\fbxassetscore2.dll
2013-08-08 12:50 - 2013-08-08 12:50 - 00606720 _____ () C:\Program Files\Autodesk\Maya2015\bin\OpenAL32.dll
2013-12-14 03:55 - 2013-12-14 03:55 - 01644032 _____ () C:\Program Files\Autodesk\Maya2015\bin\OpenColorIO.dll
2013-05-21 09:30 - 2013-05-21 09:30 - 00167936 _____ () C:\Program Files\Autodesk\Maya2015\bin\avutil-51.dll
2013-05-21 09:30 - 2013-05-21 09:30 - 00921600 _____ () C:\Program Files\Autodesk\Maya2015\bin\avcodec-53.dll
2013-05-21 09:30 - 2013-05-21 09:30 - 00257024 _____ () C:\Program Files\Autodesk\Maya2015\bin\avformat-53.dll
2013-05-21 09:30 - 2013-05-21 09:30 - 00212992 _____ () C:\Program Files\Autodesk\Maya2015\bin\swscale-2.dll
2013-07-22 10:29 - 2013-07-22 10:29 - 00010752 _____ () C:\Program Files\Autodesk\Maya2015\Python\DLLs\select.pyd
2013-07-22 10:29 - 2013-07-22 10:29 - 00046592 _____ () C:\Program Files\Autodesk\Maya2015\Python\DLLs\_socket.pyd
2013-07-22 10:29 - 2013-07-22 10:29 - 00026624 _____ () C:\Program Files\Autodesk\Maya2015\Python\DLLs\_ssl.pyd
2013-07-22 10:29 - 2013-07-22 10:29 - 00014336 _____ () C:\Program Files\Autodesk\Maya2015\Python\DLLs\_hashlib.pyd
2013-07-22 10:29 - 2013-07-22 10:29 - 00110080 _____ () C:\Program Files\Autodesk\Maya2015\Python\DLLs\_ctypes.pyd
2017-02-19 02:11 - 2017-02-19 02:11 - 00583680 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\engine\maya\maya2015\plug-ins\houdiniEngine.mll
2017-02-19 02:06 - 2017-02-19 02:06 - 00024064 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\boost_system-vc140-mt-1_55.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 02655232 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\openvdb_sesi.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00279552 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\Half.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00024576 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\OpenCL.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00657920 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\las.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00081408 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\zlib1.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00731648 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\hfreetype.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00114176 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\boost_thread-vc140-mt-1_55.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00491520 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\tiff.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 01318912 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libxml2.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00039424 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\blosc.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00587776 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\clFFT.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00034816 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\boost_chrono-vc140-mt-1_55.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00143872 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\jpeg.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00931840 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\iconv.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00199680 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libAlembicAbc.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00956416 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libAlembicAbcGeom.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00023552 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libAlembicAbcCoreFactory.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00158720 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libAlembicAbcCoreAbstract.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00079872 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\Imath.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00068608 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\Iex.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00534528 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libAlembicAbcCoreOgawa.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00738304 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libAlembicAbcCoreHDF5.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00046080 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libAlembicUtil.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00109568 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libAlembicOgawa.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00102400 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\hdf5_hl.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 02213888 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\hdf5.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00140800 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libpng13.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 01032704 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\event_core.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00866304 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\audiere.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00309248 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\libsndfile.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 02894336 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\IlmImf.dll
2017-02-19 02:06 - 2017-02-19 02:06 - 00039424 ____N () C:\Program Files\Side Effects Software\Houdini 16.0.504.20\bin\IlmThread.dll
2014-11-12 13:29 - 2014-11-12 13:28 - 01497088 _____ () C:\Program Files\Autodesk\Maya2015\bin\plug-ins\faceMachine.mll
2013-09-13 01:00 - 2013-09-13 01:00 - 00050176 _____ () C:\Program Files\Autodesk\Maya2015\Python\lib\site-packages\shiboken.pyd
2013-09-10 00:58 - 2013-09-10 00:58 - 00331264 _____ () C:\Program Files\Autodesk\Maya2015\bin\shiboken-python2.7.dll
2013-08-08 12:51 - 2013-08-08 12:51 - 03063808 _____ () C:\Program Files\Autodesk\Maya2015\Python\lib\site-packages\PySide\QtCore.pyd
2013-08-08 12:50 - 2013-08-08 12:50 - 00248832 _____ () C:\Program Files\Autodesk\Maya2015\bin\pyside-python2.7.dll
2013-08-08 12:51 - 2013-08-08 12:51 - 12748288 _____ () C:\Program Files\Autodesk\Maya2015\Python\lib\site-packages\PySide\QtGui.pyd
2017-02-15 11:42 - 2017-02-15 11:42 - 69850112 _____ () C:\Program Files\Pixar\RenderManForMaya-21.3-maya2015\plug-ins\RenderMan_for_Maya.mll
2013-07-22 10:29 - 2013-07-22 10:29 - 00032256 _____ () C:\Program Files\Autodesk\Maya2015\Python\DLLs\_multiprocessing.pyd
2017-02-15 11:42 - 2017-02-15 11:42 - 07626240 _____ () C:\Program Files\Pixar\RenderManForMaya-21.3-maya2015\plug-ins\OpenVDB.mll
2013-09-05 01:07 - 2013-09-05 01:07 - 00069632 _____ () C:\Program Files\Autodesk\Maya2015\plug-ins\xgen\scripts\xgenm\ui\XgExprEditor.pyd
2013-09-05 01:07 - 2013-09-05 01:07 - 00069120 _____ () C:\Program Files\Autodesk\Maya2015\plug-ins\xgen\scripts\xgenm\ui\XgMessageUI.pyd
2017-03-09 01:46 - 2017-03-09 01:46 - 18503272 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\mona.dll
2017-03-09 01:46 - 2017-03-09 01:46 - 00551016 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\manta.dll
2017-03-09 01:46 - 2017-03-09 01:46 - 00093800 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\libglog.dll
2017-03-09 01:46 - 2017-03-09 01:46 - 02544232 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\opencv_core249.dll
2017-03-09 01:46 - 2017-03-09 01:46 - 02199656 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\opencv_imgproc249.dll
2017-03-09 01:47 - 2017-03-09 01:47 - 92159592 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-ins\Spaces\libcef.dll
2017-03-09 01:46 - 2017-03-09 01:46 - 01862248 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\aif.dll
2017-03-09 01:48 - 2017-03-09 01:48 - 01164904 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-ins\Spaces\Adobe Spaces Helper.exe
2017-03-09 01:47 - 2017-03-09 01:47 - 02559080 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-ins\Spaces\libglesv2.dll
2017-03-09 01:47 - 2017-03-09 01:47 - 00100456 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-ins\Spaces\libegl.dll
2017-04-06 23:37 - 2016-01-19 01:15 - 00055304 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2017-04-06 23:37 - 2016-01-19 01:15 - 00103944 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2017-03-14 08:31 - 2017-03-14 08:31 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-04-06 23:37 - 2013-09-23 13:52 - 00043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2017-04-06 23:37 - 2013-09-23 13:52 - 00052616 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2017-04-06 23:37 - 2013-09-23 13:52 - 00195976 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2017-04-06 23:38 - 2013-09-23 13:51 - 00742792 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2017-04-06 23:38 - 2016-01-19 00:12 - 00277440 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\en-US\AdWingManRes.dll
2017-04-06 23:38 - 2015-09-08 02:31 - 40640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2017-04-06 23:38 - 2014-09-02 20:29 - 00912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2017-04-06 23:37 - 2014-09-02 20:29 - 00134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2017-04-06 23:38 - 2014-09-02 20:29 - 00950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-03-14 08:29 - 2017-03-14 08:29 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-02-23 18:13 - 2017-02-23 18:13 - 00098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-09-14 23:49 - 2016-09-14 23:49 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-03-09 01:47 - 2017-03-09 01:47 - 44048488 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libcef.dll
2017-03-09 01:47 - 2017-03-09 01:47 - 01489512 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libglesv2.dll
2017-03-09 01:47 - 2017-03-09 01:47 - 00081000 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [153]
AlternateDataStreams: C:\Users\Ryan Craig\Downloads\adwcleaner_6.045.exe:BDU [0]
AlternateDataStreams: C:\Users\Ryan Craig\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Ryan Craig\Downloads\hitmanpro_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Ryan Craig\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe:BDU [0]
AlternateDataStreams: C:\Users\Ryan Craig\Downloads\SH-Alt-Install.exe:BDU [0]
AlternateDataStreams: C:\Users\Ryan Craig\Downloads\trjsetup.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2017-04-16 18:19 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3356770317-460246843-610640971-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3356770317-460246843-610640971-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_SNOW_3840x2160.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16D3F1F5-895B-44F2-9D07-6843DCDCAC87}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0376B6B6-542C-4B21-83BB-1EF74AC6B7C7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{370531BD-DA69-4203-AC2B-16BC5898ADD4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{3D77F659-91AD-47EC-B036-310BC98AC241}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{A0ABF515-8722-4F08-A77B-A7F1BFA5A86A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{EC2F875A-51E0-4A1A-ACEB-28307BDBED2D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{11212FDC-1CA5-4551-8153-9EE22DD597EA}C:\program files (x86)\transmission\transmission-qt.exe] => (Allow) C:\program files (x86)\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{79DC8677-A606-4C18-89B6-9EFE1A7CD4C1}C:\program files (x86)\transmission\transmission-qt.exe] => (Allow) C:\program files (x86)\transmission\transmission-qt.exe
FirewallRules: [{8E9B3591-7BAC-49EB-8732-BA393ECAF5C1}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [TCP Query User{D9EC4095-8DBA-4C2C-B92E-460E94A774CC}C:\users\ryan craig\downloads\the foundry nukex 8.0v1 (win 64 bit) (crack xforce) [chingliu]\crack\rlm.foundry.exe] => (Allow) C:\users\ryan craig\downloads\the foundry nukex 8.0v1 (win 64 bit) (crack xforce) [chingliu]\crack\rlm.foundry.exe
FirewallRules: [UDP Query User{CDD85533-2333-46F5-A5B5-7557A6F8DFDD}C:\users\ryan craig\downloads\the foundry nukex 8.0v1 (win 64 bit) (crack xforce) [chingliu]\crack\rlm.foundry.exe] => (Allow) C:\users\ryan craig\downloads\the foundry nukex 8.0v1 (win 64 bit) (crack xforce) [chingliu]\crack\rlm.foundry.exe
FirewallRules: [TCP Query User{83671EC6-D225-4535-9129-57B8D0AEC694}C:\program files (x86)\transmission\transmission-qt.exe] => (Allow) C:\program files (x86)\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{86B111E7-FEB7-498A-8940-D4FFABA70CC7}C:\program files (x86)\transmission\transmission-qt.exe] => (Allow) C:\program files (x86)\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4F29C356-E16B-4C01-8C0F-D9A78E25DCAF}C:\users\ryan craig\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ryan craig\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1D6D6CC2-6E0E-4474-91E0-56D94A6C822E}C:\users\ryan craig\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ryan craig\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{687F071C-0346-4D10-BB9A-D35B41913B8D}C:\program files\autodesk\maya2015\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2015\bin\maya.exe
FirewallRules: [UDP Query User{E8508075-4B00-43AE-B578-E206F9E7F814}C:\program files\autodesk\maya2015\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2015\bin\maya.exe
FirewallRules: [{E5E604E0-E4CE-44A5-A9EA-6DCDA8A92241}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{A2C05B02-2D38-4E38-9D4C-E7FE5578ABA8}C:\program files\pixar\rendermanproserver-21.3\bin\it.exe] => (Allow) C:\program files\pixar\rendermanproserver-21.3\bin\it.exe
FirewallRules: [UDP Query User{EC05EA1F-2609-4AE7-A9AF-897DC98645A0}C:\program files\pixar\rendermanproserver-21.3\bin\it.exe] => (Allow) C:\program files\pixar\rendermanproserver-21.3\bin\it.exe
FirewallRules: [{4DF4275D-1024-43BB-8E0F-FDFBC3BEFA1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0050E7E5-D1CC-4B85-A9AD-9EACBFD7C77A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{29008D72-EC35-494E-9964-019511970C44}C:\program files\side effects software\houdini 16.0.504.20\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 16.0.504.20\bin\houdinifx.exe
FirewallRules: [UDP Query User{AEBFA91A-E6F0-4DF1-BE57-FDD9C0138113}C:\program files\side effects software\houdini 16.0.504.20\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 16.0.504.20\bin\houdinifx.exe
FirewallRules: [TCP Query User{F60873AD-6341-4D92-83C3-7982442D2B51}C:\users\ryan craig\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ryan craig\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{688972B0-6D12-495A-9700-263709704BCB}C:\users\ryan craig\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ryan craig\appdata\local\akamai\netsession_win.exe

==================== Restore Points =========================

15-04-2017 10:59:16 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
16-04-2017 13:32:27 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2017 01:32:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/16/2017 01:32:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {77bd7ae0-c799-4aa1-9907-b9bc488f8af8}

Error: (04/16/2017 01:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Nuke10.5.exe, version: 0.0.0.0, time stamp: 0x58e1962b
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0x2be4
Faulting application start time: 0x01d2b6d61bfdf312
Faulting application path: C:\Program Files\Nuke10.5v3\Nuke10.5.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 25e75b20-8942-4370-b042-516654a17a21
Faulting package full name:
Faulting package-relative application ID:

Error: (04/16/2017 01:22:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Nuke10.5.exe, version: 0.0.0.0, time stamp: 0x58e1962b
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0x57a4
Faulting application start time: 0x01d2b6d5e3505272
Faulting application path: C:\Program Files\Nuke10.5v3\Nuke10.5.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: f6b4edaa-e1f3-452b-adb9-199ba4d6ee01
Faulting package full name:
Faulting package-relative application ID:

Error: (04/16/2017 12:24:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Nuke10.5.exe, version: 0.0.0.0, time stamp: 0x58e1962b
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0x34ac
Faulting application start time: 0x01d2b6cda69be316
Faulting application path: C:\Program Files\Nuke10.5v3\Nuke10.5.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 2897b1b6-c473-44c9-b592-8aa46a08f916
Faulting package full name:
Faulting package-relative application ID:

Error: (04/16/2017 12:21:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Nuke10.5.exe, version: 0.0.0.0, time stamp: 0x58e1962b
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0x39d8
Faulting application start time: 0x01d2b6cd73aa702d
Faulting application path: C:\Program Files\Nuke10.5v3\Nuke10.5.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 2e5de6ac-2906-4ccb-a43d-496521476593
Faulting package full name:
Faulting package-relative application ID:

Error: (04/16/2017 12:03:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Nuke10.0.exe, version: 0.0.0.0, time stamp: 0x577124c3
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0x1de4
Faulting application start time: 0x01d2b6cafb99cfe3
Faulting application path: C:\Program Files\Nuke10.0v3\Nuke10.0.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: be248831-6c55-40a7-9c89-1aa5c900503a
Faulting package full name:
Faulting package-relative application ID:

Error: (04/16/2017 12:01:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Nuke10.0.exe, version: 0.0.0.0, time stamp: 0x577124c3
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0x744
Faulting application start time: 0x01d2b6caaab21d8b
Faulting application path: C:\Program Files\Nuke10.0v3\Nuke10.0.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 1fc30378-b52a-450f-a3e3-856964ad8e11
Faulting package full name:
Faulting package-relative application ID:

Error: (04/16/2017 12:01:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Nuke10.0.exe, version: 0.0.0.0, time stamp: 0x577124c3
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0x2984
Faulting application start time: 0x01d2b6ca8cabfb9d
Faulting application path: C:\Program Files\Nuke10.0v3\Nuke10.0.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 8671bfc3-7f77-4579-a61b-9c88cdbde8df
Faulting package full name:
Faulting package-relative application ID:

Error: (04/15/2017 07:39:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DRKELJL)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (04/16/2017 04:32:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/16/2017 03:40:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/16/2017 01:23:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/16/2017 01:19:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/16/2017 01:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (04/16/2017 01:07:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/16/2017 01:07:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/16/2017 01:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FlexNet Licensing Service 64 service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/16/2017 01:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/16/2017 01:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-04-16 13:09:10.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-16 09:15:22.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-16 00:57:53.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-14 09:15:15.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-13 22:33:44.144
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-12 16:33:57.934
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-12 09:26:40.758
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-12 09:15:53.081
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-11 21:56:58.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-11 21:43:22.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU E5-2630 v4 @ 2.20GHz
Percentage of memory in use: 43%
Total physical RAM: 16300.21 MB
Available physical RAM: 9164.19 MB
Total Virtual: 17324.21 MB
Available Virtual: 6005.01 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:223.32 GB) (Free:123.59 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:13.72 GB) (Free:1.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1859.83 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================Attached File  FRST.txt   279.75KB   1 downloads

 



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:15 AM

Posted 16 April 2017 - 06:50 PM

Hi. You seem to have ran an antirootkit tool, as the files that causes this problem are no longer there.
 
Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:15 AM

Posted 19 April 2017 - 06:29 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:15 AM

Posted 21 April 2017 - 02:56 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users