Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: TrickBot Banking Trojan Starts Stealing Windows Problem History

Featured Deal: Get 97% off The Complete C# Programming Bundle: Lifetime Access Bundle

Unable to remove Proxy 127.0.0.1:8080 - Logs attached

Started by dishneggo , Sep 23 2016 12:23 PM

This topic is locked

9 replies to this topic

#1 dishneggo

Members
4 posts
OFFLINE

Posted 23 September 2016 - 12:23 PM

I've been reading a lot on Bleeping, have tried several online scans, with no success.

Running Windows 10 Pro

I am unable to remove the proxy from Internet Options- 127.0.0.1:8080
It syas "some settings are controlled by the administrator" and gray's out the button.

I have changed the Proxy Registry to Disable but after reboot it comes back.

Also, Chrome onmibox redirects when a search item is typed.

Any help is greatly appreciated!

See logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Diego Miranda (administrator) on LENOVO (23-09-2016 13:15:09)
Running from C:\Users\Diego Miranda\Downloads
Loaded Profiles: Diego Miranda (Available Profiles: Diego Miranda)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Caphyon LTD) C:\Windows\Installer\MSI5A70.tmp
(InstallShield®) C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Farbar) C:\Users\Diego Miranda\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Intel® WiDi Receiver Updater] => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [89600 2015-10-27] ()
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [555688 2015-08-21] (Lenovo.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-09-04] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25382344 2016-09-19] (Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\...\RunOnce: [Uninstall C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\...\RunOnce: [Uninstall C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1"
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\...\RunOnce: [Uninstall C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\...\RunOnce: [Uninstall C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1df5118a-d757-4f39-824a-be217bbf7383}: [DhcpNameServer] 172.16.1.4
Tcpip\..\Interfaces\{5fe280d9-d9d3-4001-8cf5-be4602542bb5}: [DhcpNameServer] 162.150.8.16 68.87.66.234
Tcpip\..\Interfaces\{686a86f1-9b1e-42ea-b0d0-eb40d976e1d0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-2871485870-1023841466-4125669101-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2871485870-1023841466-4125669101-1001 -> {61F9063F-7E31-4A79-9874-7B11F5C37D53} URL =
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-07-10] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-10] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-10] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-10] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-22] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: LTS Web Components -> C:\Program Files (x86)\LTS Web Components\npLTSWebVideoPlugin.dll [2014-12-25] ()
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-07-10] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR Profile: C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default [2016-09-23]
CHR Extension: (Google Slides) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-10]
CHR Extension: (Google Docs) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-10]
CHR Extension: (Google Drive) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-10]
CHR Extension: (YouTube) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-10]
CHR Extension: (Adblock Plus) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-27]
CHR Extension: (Image Downloader) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2016-07-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-21]
CHR Extension: (Google Finance) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2016-07-10]
CHR Extension: (Google Sheets) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-10]
CHR Extension: (Google Docs Offline) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-10]
CHR Extension: (1Password) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmbinomkfhmgknkoicejolfdfjeajmk [2016-07-10]
CHR Extension: (Email Extractor) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdianbbpnakhcmfkcckaboohfgnngfcc [2016-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
CHR Extension: (Gmail) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-10]
CHR Extension: (Chrome Media Router) - C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [604656 2016-05-12] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-10] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-19] (Windows ® Win 7 DDK provider)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-07-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-05-12] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [60752 2016-08-24] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 Lenovo Instant On; C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe [3123728 2016-07-20] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263288 2016-08-03] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [531424 2015-08-12] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250096 2015-07-01] (Intel Corporation)
R1 InstantOn; C:\Program Files\Lenovo\InstantOn\InstantOn.sys [25856 2015-10-14] (Lenovo Group Limited)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
S3 pelmouse; C:\Windows\System32\drivers\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.)
S3 pelusblf; C:\Windows\System32\drivers\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.)
S3 pelvendr; C:\Windows\System32\drivers\pelvendr.sys [11776 2009-11-02] (TPMX Electronics Ltd.)
S3 phidmice; C:\Windows\System32\drivers\phidmice.sys [35328 2015-12-17] (TPMX Electronics Ltd.)
S3 pmouself; C:\Windows\System32\drivers\pmouself.sys [23040 2013-03-26] (TPMX Electronics Ltd.)
S3 pvendrlf; C:\Windows\System32\drivers\pvendrlf.sys [12288 2013-03-26] (TPMX Electronics Ltd.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [50808 2016-03-23] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [72312 2016-08-03] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [701784 2015-09-08] (Sunplus)
R1 SynaMetSMI; C:\Windows\system32\DRIVERS\SynaSmi.sys [38200 2016-06-28] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 13:14 - 2016-09-23 13:14 - 00066288 _____ C:\Users\Diego Miranda\Desktop\FRST.txt
2016-09-23 13:12 - 2016-09-23 13:13 - 02402816 _____ (Farbar) C:\Users\Diego Miranda\Downloads\FRST64 (1).exe
2016-09-23 13:12 - 2016-09-23 13:12 - 01753088 _____ (Farbar) C:\Users\Diego Miranda\Downloads\FRST.exe
2016-09-23 13:10 - 2016-09-23 13:10 - 05659691 _____ (Swearware) C:\Users\Diego Miranda\Downloads\ComboFix.exe
2016-09-23 13:09 - 2016-09-23 13:09 - 03861056 _____ C:\Users\Diego Miranda\Downloads\AdwCleaner.exe
2016-09-23 13:08 - 2016-09-23 13:08 - 00002280 _____ C:\Users\Diego Miranda\Downloads\FSS.txt
2016-09-23 13:07 - 2016-09-23 13:07 - 00899584 _____ (Farbar) C:\Users\Diego Miranda\Downloads\FSS.exe
2016-09-23 13:00 - 2016-09-23 12:48 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-09-23 12:48 - 2016-09-23 12:58 - 00000000 ____D C:\zoek_backup
2016-09-23 12:47 - 2016-09-23 12:48 - 01309184 _____ C:\Users\Diego Miranda\Downloads\zoek.exe
2016-09-23 12:44 - 2016-09-23 13:06 - 00003598 _____ C:\Users\Diego Miranda\Desktop\fixlist.txt
2016-09-23 12:44 - 2016-09-23 12:44 - 00000000 _____ C:\Users\Diego Miranda\Desktop\ProxyEnable
2016-09-23 12:44 - 2016-09-23 12:44 - 00000000 _____ C:\Users\Diego Miranda\Desktop\http
2016-09-23 12:42 - 2016-09-23 13:15 - 00030723 _____ C:\Users\Diego Miranda\Downloads\FRST.txt
2016-09-23 12:42 - 2016-09-23 13:15 - 00000000 ____D C:\FRST
2016-09-23 12:42 - 2016-09-23 12:47 - 00468480 _____ () C:\Users\Diego Miranda\Downloads\CKScanner.exe
2016-09-23 12:42 - 2016-09-23 12:43 - 00050629 _____ C:\Users\Diego Miranda\Downloads\Addition.txt
2016-09-23 12:41 - 2016-09-23 12:42 - 02402816 _____ (Farbar) C:\Users\Diego Miranda\Downloads\FRST64.exe
2016-09-23 02:24 - 2016-09-22 22:32 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-23 02:21 - 2016-09-23 02:21 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-09-23 02:21 - 2016-09-23 02:21 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-09-23 02:21 - 2016-09-23 02:21 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-09-23 02:21 - 2016-09-23 02:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-23 02:21 - 2016-09-23 02:21 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-09-23 02:21 - 2016-09-23 02:21 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-09-23 02:21 - 2016-09-23 02:21 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-09-23 02:21 - 2016-09-23 02:21 - 00000000 ____D C:\Windows.old
2016-09-23 02:21 - 2016-09-23 02:21 - 00000000 ____D C:\Program Files\CMAK
2016-09-23 02:21 - 2016-09-23 02:21 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-09-23 02:20 - 2016-09-23 02:20 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-09-23 02:20 - 2016-09-22 22:24 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-09-23 02:19 - 2016-09-23 02:19 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-23 02:19 - 2016-09-23 02:19 - 00000000 ____D C:\Program Files\MSBuild
2016-09-23 02:19 - 2016-09-23 02:19 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-09-23 02:19 - 2016-09-23 02:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-23 02:19 - 2016-05-25 18:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-09-23 02:19 - 2016-05-25 18:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-23 02:19 - 2016-05-25 18:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-09-23 02:19 - 2016-05-25 15:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-09-23 02:19 - 2016-05-25 15:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-09-23 02:19 - 2016-05-25 15:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-09-22 22:57 - 2016-09-22 22:57 - 02870984 _____ (ESET) C:\Users\Diego Miranda\Downloads\esetsmartinstaller_enu.exe
2016-09-22 22:57 - 2016-09-22 22:57 - 00000000 ____D C:\Program Files (x86)\ESET
2016-09-22 22:49 - 2016-09-22 22:49 - 00000000 ____D C:\ProgramData\USOShared
2016-09-22 22:41 - 2016-09-22 22:41 - 00000000 ____D C:\Users\Diego Miranda\Downloads\FixProxy
2016-09-22 22:40 - 2016-09-22 22:40 - 00000266 _____ C:\Users\Diego Miranda\Downloads\FixProxy.zip
2016-09-22 22:38 - 2016-09-23 13:11 - 00000000 ____D C:\AdwCleaner
2016-09-22 22:38 - 2016-09-22 22:38 - 03861056 _____ C:\Users\Diego Miranda\Downloads\adwcleaner_6.020.exe
2016-09-22 22:35 - 2016-09-22 22:35 - 00003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-09-22 22:34 - 2016-09-22 22:34 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-22 22:32 - 2016-09-22 22:49 - 00000000 ____D C:\Users\Diego Miranda\AppData\Local\ConnectedDevicesPlatform
2016-09-22 22:32 - 2016-09-22 22:32 - 00000020 ___SH C:\Users\Diego Miranda\ntuser.ini
2016-09-22 22:32 - 2016-09-22 22:32 - 00000000 _SHDL C:\Users\Default\My Documents
2016-09-22 22:32 - 2016-09-22 22:32 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-09-22 22:32 - 2016-09-22 22:32 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-09-22 22:32 - 2016-09-22 22:32 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-09-22 22:32 - 2016-09-22 22:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-09-22 22:32 - 2016-09-22 22:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-09-22 22:32 - 2016-09-22 22:32 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-09-22 22:31 - 2016-09-23 13:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-22 22:31 - 2016-09-22 22:31 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-09-22 22:31 - 2016-09-22 22:31 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-09-22 22:31 - 2016-09-22 22:31 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-22 22:31 - 2016-09-22 22:31 - 00003450 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-09-22 22:31 - 2016-09-22 22:31 - 00003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-22 22:31 - 2016-09-22 22:31 - 00003226 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-09-22 22:31 - 2016-09-22 22:31 - 00003208 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-22 22:31 - 2016-09-22 22:31 - 00003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-09-22 22:31 - 2016-09-22 22:31 - 00003040 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2016-09-22 22:31 - 2016-09-22 22:31 - 00002798 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-09-22 22:31 - 2016-09-22 22:31 - 00002772 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-LENOVO-Diego Miranda
2016-09-22 22:31 - 2016-09-22 22:31 - 00002674 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2016-09-22 22:31 - 2016-09-22 22:31 - 00002356 _____ C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache Files
2016-09-22 22:31 - 2016-09-22 22:31 - 00002336 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_LENOVO_MICPKEY
2016-09-22 22:31 - 2016-09-22 22:31 - 00002306 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_Dolby
2016-09-22 22:31 - 2016-09-22 22:31 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-09-22 22:31 - 2016-09-22 22:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-09-22 22:31 - 2016-09-22 22:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-09-22 22:31 - 2016-09-22 22:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2016-09-22 22:31 - 2016-09-22 22:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-09-22 22:29 - 2016-09-22 22:29 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-22 22:29 - 2016-09-22 22:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-09-22 22:29 - 2016-09-22 22:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-09-22 22:26 - 2016-09-22 22:53 - 00000000 ____D C:\Users\Diego Miranda
2016-09-22 22:26 - 2016-09-22 22:29 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-09-22 22:26 - 2016-09-22 22:26 - 00000000 _SHDL C:\Users\Diego Miranda\My Documents
2016-09-22 22:26 - 2016-09-22 22:26 - 00000000 _SHDL C:\Users\Diego Miranda\Documents\My Videos
2016-09-22 22:26 - 2016-09-22 22:26 - 00000000 _SHDL C:\Users\Diego Miranda\Documents\My Pictures
2016-09-22 22:26 - 2016-09-22 22:26 - 00000000 _SHDL C:\Users\Diego Miranda\Documents\My Music
2016-09-22 22:26 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-09-22 22:25 - 2016-09-23 13:02 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-22 22:25 - 2016-09-22 22:27 - 00000000 ____D C:\Program Files\Intel
2016-09-22 22:25 - 2016-09-22 22:27 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-09-22 22:25 - 2016-09-22 22:25 - 00091816 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-09-22 22:25 - 2016-09-22 22:25 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-09-22 22:25 - 2016-09-22 22:25 - 00000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_synaWudfBioUsb_01_11_00.Wdf
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\ProgramData\Validity
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\ProgramData\Dolby
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\Program Files\Realtek
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\Program Files\Dolby
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\Program Files (x86)\Synaptics
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 ____D C:\Program Files (x86)\SunplusIT Integrated Camera
2016-09-22 22:25 - 2016-09-22 22:25 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-09-22 22:25 - 2016-05-12 11:47 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-09-22 22:24 - 2016-09-23 12:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-22 22:24 - 2016-09-22 22:46 - 00338312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-22 22:24 - 2016-09-22 22:25 - 00000000 ____D C:\Program Files\Synaptics
2016-09-22 22:24 - 2016-09-22 22:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-09-22 22:13 - 2016-09-22 22:13 - 01714987 _____ C:\Users\Diego Miranda\AppData\Local\ars.cache
2016-09-22 22:13 - 2016-09-22 22:13 - 00986299 _____ C:\Users\Diego Miranda\AppData\Local\census.cache
2016-09-22 22:12 - 2016-09-22 22:12 - 00000010 _____ C:\Users\Diego Miranda\AppData\Local\sponge.last.runtime.cache
2016-09-22 22:05 - 2016-09-22 22:05 - 00000000 ____D C:\WINDOWS\Trend Micro
2016-09-22 22:05 - 2016-09-22 22:05 - 00000000 ____D C:\ProgramData\Trend Micro
2016-09-22 22:03 - 2016-09-22 22:03 - 02527376 _____ (Trend Micro Inc.) C:\Users\Diego Miranda\Downloads\HousecallLauncher64.exe
2016-09-22 22:03 - 2016-09-22 22:03 - 00000036 _____ C:\Users\Diego Miranda\AppData\Local\housecall.guid.cache
2016-09-22 22:03 - 2015-12-24 09:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-09-22 21:56 - 2016-09-22 22:27 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-09-22 20:18 - 2016-09-22 20:18 - 00293722 _____ C:\Users\Diego Miranda\Downloads\Bank Info & Transfer Form.pdf
2016-09-22 20:18 - 2016-09-22 20:18 - 00268870 _____ C:\Users\Diego Miranda\Downloads\New Account Items Checklist.pdf
2016-09-22 16:38 - 2016-09-22 16:38 - 01101388 _____ C:\Users\Diego Miranda\Downloads\2015 WILSON & CARMEN JAYKOSZ-1040.pdf
2016-09-22 16:37 - 2016-09-22 16:37 - 01020095 _____ C:\Users\Diego Miranda\Downloads\2014 WILSON & CARMEN JAYKOSZ-1040.pdf
2016-09-21 13:13 - 2016-09-21 13:13 - 00611147 _____ C:\Users\Diego Miranda\Downloads\WebServices MoneyExchange_ES1.5.pdf
2016-09-21 12:58 - 2016-09-21 12:58 - 00103391 _____ C:\Users\Diego Miranda\Downloads\List of Branches.pdf
2016-09-21 12:57 - 2016-09-21 12:57 - 00086672 _____ C:\Users\Diego Miranda\Downloads\fax02496908.pdf
2016-09-21 12:53 - 2016-09-21 12:53 - 00162464 _____ C:\Users\Diego Miranda\Downloads\Letter.pdf
2016-09-21 12:52 - 2016-09-21 12:52 - 00068823 _____ C:\Users\Diego Miranda\Downloads\Essential Financial License.pdf
2016-09-21 12:52 - 2016-09-21 12:52 - 00054528 _____ C:\Users\Diego Miranda\Downloads\EX776651736538.PDF
2016-09-21 12:47 - 2016-09-21 12:47 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-21 12:36 - 2016-09-21 13:31 - 00000000 ____D C:\Users\Diego Miranda\Desktop\Maryland
2016-09-21 11:39 - 2016-09-21 11:39 - 00000204 _____ C:\Users\Diego Miranda\Desktop\sms_response.xml
2016-09-21 11:37 - 2016-09-21 11:45 - 00006929 _____ C:\Users\Diego Miranda\Desktop\essential.php
2016-09-21 11:02 - 2016-09-22 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-19 21:15 - 2016-09-19 21:15 - 00042792 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DbxSvc.exe
2016-09-19 21:07 - 2016-09-19 21:07 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-09-19 21:07 - 2016-09-19 21:07 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-09-19 21:07 - 2016-09-19 21:07 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-09-14 14:09 - 2016-09-14 14:09 - 01453563 _____ C:\Users\Diego Miranda\Downloads\MSB_New_Accounts.zip
2016-09-14 14:09 - 2016-09-14 14:09 - 00000000 ____D C:\Users\Diego Miranda\Downloads\MSB_New_Accounts
2016-09-14 13:56 - 2016-09-22 11:27 - 00000000 ____D C:\Users\Diego Miranda\Downloads\Essential-_NCC_Agreements
2016-09-14 13:56 - 2016-09-14 13:56 - 06143702 _____ C:\Users\Diego Miranda\Downloads\Essential-_NCC_Agreements.zip
2016-09-13 12:25 - 2016-09-13 12:25 - 00107271 _____ C:\Users\Diego Miranda\Downloads\Independent-Directors-Appointment-Letter.pdf
2016-09-13 12:25 - 2016-09-13 12:25 - 00060567 _____ C:\Users\Diego Miranda\Downloads\Lifeline Australia Director - Letter of Appointment..pdf
2016-09-13 11:55 - 2016-09-13 12:39 - 00000000 ____D C:\Users\Diego Miranda\Desktop\Beka
2016-09-13 11:51 - 2016-09-13 11:55 - 00031081 _____ C:\Users\Diego Miranda\Downloads\Essential Chart (1).pptx
2016-09-05 20:49 - 2016-09-05 20:49 - 00033878 _____ C:\Users\Diego Miranda\Downloads\BBF-117212332-NDA-BBF-1172001.pdf
2016-09-05 19:44 - 2016-09-05 19:45 - 00038400 _____ C:\Users\Diego Miranda\Downloads\CHECK CASHING- BROWARD.xls
2016-09-03 13:36 - 2016-09-03 13:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-09-01 15:43 - 2016-09-01 15:43 - 00288372 _____ C:\Users\Diego Miranda\Desktop\DANCAR-AMENDMENT.pdf
2016-08-31 21:41 - 2016-08-31 21:41 - 00107351 _____ C:\Users\Diego Miranda\Desktop\Shareholder Resolution - Directors.pdf
2016-08-31 21:25 - 2016-08-31 21:25 - 00000000 ____D C:\Users\Diego Miranda\AppData\LocalLow\Temp
2016-08-31 18:45 - 2016-08-31 18:45 - 01284668 _____ C:\Users\Diego Miranda\Desktop\Dental.xlsx
2016-08-31 18:32 - 2016-08-31 18:32 - 03079570 _____ C:\Users\Diego Miranda\Desktop\Dental.txt
2016-08-31 18:23 - 2016-09-22 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-31 18:23 - 2016-09-22 21:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-31 18:23 - 2016-08-31 18:23 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-31 18:23 - 2016-08-31 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-31 18:23 - 2016-08-31 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-31 18:23 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-31 18:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-31 18:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-31 18:17 - 2016-08-31 18:17 - 00082182 _____ C:\Users\Diego Miranda\Desktop\Memorandum - Instant Cash FZE.pdf
2016-08-31 18:08 - 2016-08-31 18:08 - 00083108 _____ C:\Users\Diego Miranda\Desktop\Corporate Resolution - Signing Authority.pdf
2016-08-30 21:57 - 2016-08-30 21:57 - 00038912 _____ C:\Users\Diego Miranda\Downloads\Crescent - Meritas Funds Flow.xls
2016-08-28 16:11 - 2016-08-28 16:12 - 02506383 _____ C:\Users\Diego Miranda\Downloads\Unconfirmed 347069.crdownload
2016-08-24 14:50 - 2016-08-24 14:50 - 00257872 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 13:08 - 2015-11-03 15:28 - 00978608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-23 13:02 - 2016-07-14 16:58 - 00000000 ___RD C:\Users\Diego Miranda\Dropbox
2016-09-23 13:02 - 2016-07-10 20:17 - 00000000 ___RD C:\Users\Diego Miranda\Google Drive
2016-09-23 13:02 - 2016-07-10 13:02 - 00000000 __SHD C:\Users\Diego Miranda\IntelGraphicsProfiles
2016-09-23 13:01 - 2016-07-16 02:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-09-23 12:43 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-23 10:47 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-23 04:04 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-09-23 02:24 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-09-23 02:21 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-23 02:21 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-23 02:21 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-23 02:21 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-23 02:21 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-23 02:21 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-23 02:21 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-23 02:00 - 2016-07-10 23:15 - 00000000 ____D C:\Users\Diego Miranda\AppData\Local\Adobe
2016-09-22 23:16 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-22 23:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-22 22:49 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-22 22:47 - 2016-07-10 13:02 - 00000000 ____D C:\Users\Diego Miranda\AppData\Local\Packages
2016-09-22 22:45 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration
2016-09-22 22:35 - 2016-07-10 13:04 - 00002398 _____ C:\Users\Diego Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-22 22:35 - 2016-07-10 13:04 - 00000000 ___RD C:\Users\Diego Miranda\OneDrive
2016-09-22 22:33 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-22 22:32 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-22 22:32 - 2015-11-03 15:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-22 22:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-09-22 22:31 - 2016-06-22 18:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-09-22 22:30 - 2016-07-16 07:47 - 00000000 __RSD C:\WINDOWS\Media
2016-09-22 22:30 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-22 22:30 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-22 22:30 - 2016-06-22 17:42 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-09-22 22:29 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\System
2016-09-22 22:29 - 2016-07-14 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTSWebComponents
2016-09-22 22:29 - 2016-07-14 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HFSExplorer
2016-09-22 22:29 - 2016-07-13 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Password
2016-09-22 22:29 - 2016-07-11 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-09-22 22:29 - 2016-07-10 23:15 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-09-22 22:29 - 2016-07-10 20:13 - 00000000 ____D C:\Users\Diego Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-22 22:29 - 2016-07-10 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-22 22:29 - 2016-07-10 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-09-22 22:29 - 2016-07-10 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2016-09-22 22:29 - 2016-07-10 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-09-22 22:29 - 2016-07-10 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-09-22 22:29 - 2016-07-10 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-09-22 22:29 - 2016-07-10 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-22 22:29 - 2016-07-10 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-22 22:29 - 2016-06-22 18:19 - 00000000 ____D C:\Users\Default.migrated
2016-09-22 22:29 - 2016-05-12 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-09-22 22:29 - 2016-05-12 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2016-09-22 22:29 - 2016-05-12 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2016-09-22 22:27 - 2016-07-20 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-09-22 22:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-22 22:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-09-22 22:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-22 22:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-22 22:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-22 22:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-09-22 22:27 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-22 22:27 - 2016-07-10 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-22 22:27 - 2016-05-12 09:50 - 00000000 ____D C:\Program Files\Intel Corporation
2016-09-22 22:27 - 2016-05-12 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-09-22 22:27 - 2016-05-12 09:44 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-09-22 22:26 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-22 22:25 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-09-22 22:25 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-09-22 22:25 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-22 22:25 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-22 22:15 - 2016-07-16 11:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-22 22:01 - 2016-07-19 00:12 - 00000390 _____ C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job
2016-09-22 22:01 - 2016-07-10 20:14 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-22 22:01 - 2016-07-10 20:10 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-22 21:56 - 2016-08-02 11:22 - 00000000 ____D C:\Users\Diego Miranda\AppData\Local\Apple
2016-09-22 21:56 - 2016-07-10 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-09-22 21:45 - 2016-07-10 23:13 - 00000000 ____D C:\Users\Diego Miranda\AppData\Local\CrashDumps
2016-09-22 21:21 - 2016-07-10 20:10 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 21:19 - 2016-07-10 20:14 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-21 20:46 - 2016-07-10 20:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-21 20:43 - 2016-07-10 20:13 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-21 12:46 - 2016-07-11 10:42 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-21 12:30 - 2016-06-22 18:28 - 00000000 ____D C:\Program Files\Lenovo
2016-09-21 12:30 - 2016-05-12 09:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-21 11:48 - 2016-07-10 20:35 - 00000000 ____D C:\Users\Diego Miranda\AppData\Roaming\FileZilla
2016-09-21 11:24 - 2016-07-10 20:10 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-21 11:19 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-09-21 11:19 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-09-21 11:02 - 2016-07-10 20:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-05 19:42 - 2016-08-18 00:57 - 00038400 _____ C:\Users\Diego Miranda\Downloads\CHECK CASHING NUMBERS.xls
2016-09-03 13:36 - 2016-08-02 11:22 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-30 21:28 - 2016-07-26 14:21 - 00002322 _____ C:\Users\Diego Miranda\Desktop\Essential-AD.rdp

==================== Files in the root of some directories =======

2016-09-22 22:13 - 2016-09-22 22:13 - 1714987 _____ () C:\Users\Diego Miranda\AppData\Local\ars.cache
2016-09-22 22:13 - 2016-09-22 22:13 - 0986299 _____ () C:\Users\Diego Miranda\AppData\Local\census.cache
2016-09-22 22:03 - 2016-09-22 22:03 - 0000036 _____ () C:\Users\Diego Miranda\AppData\Local\housecall.guid.cache
2016-07-19 00:11 - 2016-07-19 00:11 - 0000218 _____ () C:\Users\Diego Miranda\AppData\Local\recently-used.xbel
2016-09-22 22:12 - 2016-09-22 22:12 - 0000010 _____ () C:\Users\Diego Miranda\AppData\Local\sponge.last.runtime.cache
2016-09-22 22:25 - 2016-09-22 22:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-22 22:25 - 2016-09-22 22:25 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Diego Miranda\AppData\Local\Temp\wVx4rt.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-22 22:24

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Diego Miranda (23-09-2016 13:15:31)
Running from C:\Users\Diego Miranda\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-23 02:32:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2871485870-1023841466-4125669101-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2871485870-1023841466-4125669101-503 - Limited - Disabled)
Diego Miranda (S-1-5-21-2871485870-1023841466-4125669101-1001 - Administrator - Enabled) => C:\Users\Diego Miranda
Guest (S-1-5-21-2871485870-1023841466-4125669101-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password 4.6.0.604 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.2.30 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 10.4.26 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 51.0.2704.106 - Google, Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HFSExplorer 0.23.1 (HKLM-x32\...\HFSExplorer) (Version: 0.23.1 - Catacombae Software)
Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.5.7.16 - SunplusIT)
Intel® Chipset Device Software (x32 Version: 10.1.1.12 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4444 - Intel Corporation)
Intel® WiDi (HKLM\...\{6C02A234-7A14-4737-9D89-B0C47A64F94E}) (Version: 6.0.52.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f9d669a3-fc5a-449e-a82c-c0ff491369be}) (Version: 18.30.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
K-Lite Codec Pack 12.2.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP)
Lenovo Active Protection System (Version: 1.81.00.07 - Lenovo) Hidden
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.10 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.20 - Lenovo)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Settings - Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.066.00 - Lenovo)
LTS Web Components (HKLM-x32\...\{2D8B9E44-2A39-4C7F-9405-502C9B0BEA76}_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
PuTTY release 0.67 (HKLM-x32\...\PuTTY_is1) (Version: 0.67 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.1.506.2015 - Realtek)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Synaptics WBF Fingerprint Reader Drivers (HKLM\...\{3EAF1BE2-2B6B-4A18-BCDD-E7FC39883570}) (Version: 5.1.311.26 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
ThinkPad Settings Dependency (Version: 3.0.1.29 - Lenovo) Hidden
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 10.1.506.2015 - Lenovo)
ThinkPad WiGig dock audio (HKLM-x32\...\{3B2C70AB-9269-405E-9483-0D1AAD934C8F}) (Version: 1.06 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Synaptics Incorporated (WUDFRd) Biometric (08/26/2015 5.0.62.30) (HKLM\...\EA165370D1496D81DACB932B7F940939B49036D7) (Version: 08/26/2015 5.0.62.30 - Synaptics Incorporated)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2871485870-1023841466-4125669101-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2871485870-1023841466-4125669101-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EA4218-E80C-460A-BB09-D8C76CCBBC4D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {04EC8C0B-8701-443E-8DE8-54E04AF61D94} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {0A1CC766-9EC3-4561-8462-1B79DDC9ECD9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {0A849532-C438-4B5D-A0F6-7396A558BDE7} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {1E1708C1-E399-47B4-9682-BCF58E366BFC} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-03-23] (Realtek Semiconductor)
Task: {1FA3F27F-FD80-4580-AEC0-63005EFC2080} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-09-13] (Microsoft Corporation)
Task: {249FD2B8-7716-493C-98E9-74D022069CFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-09-13] (Microsoft Corporation)
Task: {39AB548D-B701-494F-89E9-88058815C9FF} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {3BD161A7-87BB-4637-A950-31698D10E6FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3EC100A0-64BB-4DB7-93B8-A8D4B8C6DCC7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {40D6774A-B617-4AD5-B752-9C9529FCC95C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {4D5A2743-E3BA-4FF0-BF5C-0259C184B802} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-10] (Dropbox, Inc.)
Task: {514A708F-D803-46D1-80E9-E3BC7ECAEC6E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-03-23] (Realtek Semiconductor)
Task: {5C472482-34AB-4E17-B60A-C2A886350533} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {5E3D4809-3D6F-4D00-8C3D-FA1449836C8D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-22] (Microsoft Corporation)
Task: {6A39DC8B-DA18-40F7-8AD5-722E9540DDAA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
Task: {82CB6196-E2AA-41CA-9625-3B9F6D1624AB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {8D8694CC-867A-498E-ABA1-B9EEEF8819D6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-10] (Dropbox, Inc.)
Task: {906A42CC-8B44-4A4C-AC7D-DE9871BC0537} - System32\Tasks\Optimize Thumbnail Cache Files => Wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION
Task: {A83FAA60-8F12-404D-9BB4-C983C4710567} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {AE9CB492-7312-4798-9E0C-C578E3651D4A} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-03-23] (Realtek Semiconductor)
Task: {B4238CB3-105D-448E-AEE4-CE9849FCE92C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
Task: {B82DF015-C717-499A-9577-D15B147758AA} - System32\Tasks\AdobeAAMUpdater-1.0-LENOVO-Diego Miranda => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {BEF106B8-2C96-4407-8367-32066D86480A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-07-07] ()
Task: {BF82EF38-C5E6-4B17-9DBD-AEA3062E1A4C} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {CC1DB1A2-AB06-42CB-9F50-011D9AFC2E8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {E1165059-C8EF-4F2B-BCF4-DFCFCFE94128} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F14A8074-C046-4010-9C6C-280A18CCAD62} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {FDB65F56-BDD7-4159-A81E-A5406D037B62} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {FE503044-2FC4-4E37-A722-8B6D6595E266} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-27 05:04 - 2016-01-27 05:04 - 00163328 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-05-19 12:11 - 2015-05-19 12:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-22 22:35 - 2016-09-22 22:35 - 01864384 _____ () C:\Users\Diego Miranda\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-23 02:21 - 2016-09-23 02:21 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-12 09:51 - 2016-08-23 08:02 - 00200520 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2015-10-27 17:01 - 2015-10-27 17:01 - 00089600 _____ () C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe
2016-09-21 11:24 - 2016-09-13 22:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-21 11:24 - 2016-09-13 22:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-09-21 11:18 - 2016-09-12 17:48 - 30996160 _____ () C:\Users\Diego Miranda\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll
2016-09-23 13:02 - 2016-09-23 13:02 - 00098816 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32api.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00110080 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\pywintypes27.dll
2016-09-23 13:02 - 2016-09-23 13:02 - 00364544 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\pythoncom27.dll
2016-09-23 13:02 - 2016-09-23 13:02 - 00320512 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32com.shell.shell.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00776704 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\_hashlib.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 01176576 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\wx._core_.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00806400 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\wx._gdi_.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00816128 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\wx._windows_.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 01067008 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\wx._controls_.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00733184 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\wx._misc_.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00682496 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\pysqlite2._sqlite.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00088064 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\_ctypes.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00119808 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32file.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00108544 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32security.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00007168 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\hashobjs_ext.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00017920 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\thumbnails_ext.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00088064 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\usb_ext.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00012800 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\common.time34.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00018432 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32event.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00167936 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32gui.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00046080 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\_socket.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 01208320 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\_ssl.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00128512 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\_elementtree.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00127488 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\pyexpat.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00038912 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32inet.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00036864 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\_psutil_windows.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00525208 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\windows._lib_cacheinvalidation.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00011264 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32crypt.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00077312 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\wx._html2.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00027136 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\_multiprocessing.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00020480 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\_yappi.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00035840 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32process.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00686080 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\unicodedata.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00078848 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\wx._animate.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00123392 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\wx._wizard.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00024064 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32pipe.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00010240 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\select.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00025600 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32pdh.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00017408 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32profile.pyd
2016-09-23 13:02 - 2016-09-23 13:02 - 00022528 ____R () C:\Users\Diego Miranda\AppData\Local\Temp\_MEI81082\win32ts.pyd
2016-07-10 20:14 - 2016-08-24 00:43 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-09-21 11:02 - 2016-08-24 00:43 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-09-21 11:02 - 2016-08-24 00:43 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-09-21 11:02 - 2016-08-24 00:43 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-07-10 20:14 - 2016-08-24 00:43 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-07-10 20:14 - 2016-08-24 00:43 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-07-10 20:14 - 2016-09-19 21:15 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-07-10 20:14 - 2016-08-24 00:43 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-07-10 20:14 - 2016-08-24 00:43 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 11:20 - 2016-09-19 21:15 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-09-21 11:02 - 2016-08-24 00:43 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-09-21 11:02 - 2016-08-24 00:45 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-07-10 20:14 - 2016-09-19 21:15 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 11:20 - 2016-09-19 21:15 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-07-10 20:14 - 2016-08-24 00:43 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-05 11:20 - 2016-08-24 00:44 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-07-10 20:14 - 2016-09-19 21:15 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-07-10 20:14 - 2016-09-19 21:15 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-07-10 20:14 - 2016-09-19 21:15 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-07-10 20:14 - 2016-09-19 21:15 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-07-10 20:14 - 2016-09-19 21:15 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-09-21 11:02 - 2016-08-24 00:41 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-09-21 11:02 - 2016-09-19 21:15 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-09-21 11:02 - 2016-09-19 21:07 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-09-21 11:02 - 2016-09-19 21:15 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-09-21 11:02 - 2016-09-19 21:15 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-07-10 20:14 - 2016-08-24 00:43 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-05 11:20 - 2016-09-19 21:15 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-07-10 20:14 - 2016-08-24 00:45 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-07-10 20:14 - 2016-09-19 21:15 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-05 11:20 - 2016-09-19 21:15 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-09-21 11:02 - 2016-09-19 21:15 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2015-09-04 23:34 - 2015-09-04 23:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "TpShocks"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\...\StartupApproved\Run: => "AdobeTGC"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D5B240BE-DC03-41A7-8840-5293CB95BF79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8E3FF205-5DB6-45AB-B97D-8B59C5F6FB12}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{2C3AB12F-31B8-4BEC-AB37-BA840DCC8997}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B3BE7360-A0EB-4735-BF0B-781B0487E0D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A790BB8-F860-4017-97BD-6C4565DCD099}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ACB51942-6A63-43B1-A432-23C9B8BDED70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F776DF87-FC35-4A24-96F0-8D3946E5E591}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{3848BC8C-718A-4568-9455-3B7A456AEC7A}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe
FirewallRules: [TCP Query User{90761BC1-8146-4DDB-8A6D-2D93162C27B2}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe
FirewallRules: [UDP Query User{328E0269-8ADB-4F3D-B3E2-98476AE65CD7}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{6546806D-ACE2-431E-9043-20116F7D3888}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{3DC66A2F-8BBB-466A-BA98-10AFC9414D4A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{50A6698E-1002-4843-AB60-C1636C43C178}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6ABB4E1F-DD66-472A-8169-B867A9858D2B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{89CEEAA1-6152-44B9-8C0E-05AFFFC95005}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C60EDD9A-32A2-4560-B05F-7C18FA14E18B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2A992DF4-772B-4255-AD96-E2D40A79C0E1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1ECE5BD3-B9F9-42AB-98BA-C3215147FF52}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{9B1A1623-263F-4A8F-AF6F-07831112FA87}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{08551B29-8F3A-42FE-B7F2-83E1CD992279}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{FF3070A7-8334-4861-9202-D14E83AE9924}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe

==================== Restore Points =========================

23-09-2016 12:49:31 zoek.exe restore point

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2016 12:49:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/23/2016 11:00:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.

Error: (09/23/2016 11:00:37 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.

Error: (09/23/2016 11:00:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.

Error: (09/23/2016 10:59:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Diego Miranda\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.

Error: (09/23/2016 10:44:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.

Error: (09/23/2016 10:44:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.

Error: (09/23/2016 04:08:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.

Error: (09/23/2016 04:07:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.

Error: (09/23/2016 04:07:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.

System errors:
=============
Error: (09/23/2016 01:02:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2016 01:02:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%2147770990

Error: (09/23/2016 12:58:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/23/2016 12:58:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/23/2016 12:58:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/23/2016 12:58:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/23/2016 12:58:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/23/2016 12:58:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/23/2016 12:58:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/23/2016 12:58:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

CodeIntegrity:
===================================
Date: 2016-09-23 12:42:06.942
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.919
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.903
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.889
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.866
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-23 12:42:06.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-6600U CPU @ 2.60GHz
Percentage of memory in use: 15%
Total physical RAM: 20347.17 MB
Available physical RAM: 17145.34 MB
Total Virtual: 23419.17 MB
Available Virtual: 20370.06 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:394.36 GB) NTFS
Drive d: (NIKON D5100) (Removable) (Total:30.22 GB) (Free:6.85 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1BD2CE70)

Partition: GPT.

========================================================
Disk: 1 (Size: 30.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Farbar Service Scanner Version: 27-01-2016
Ran by Diego Miranda (administrator) on 23-09-2016 at 13:22:45
Running from "C:\Users\Diego Miranda\Downloads"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Attached Files

Addition.txt 49.91KB 3 downloads
FRST.txt 65.06KB 9 downloads
FSS.txt 2.23KB 1 downloads

Edited by Oh My!, 24 September 2016 - 06:52 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,976 posts
OFFLINE

Gender:Male
Location:California
Local time:03:28 PM

Posted 24 September 2016 - 06:47 PM

Greetings dishneggo and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
When you post your reply, use the button instead.
In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.

Gary

If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,976 posts
OFFLINE

Gender:Male
Location:California
Local time:03:28 PM

Posted 24 September 2016 - 08:24 PM

Greetings and thank you again for your patience.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

Press the Windows key + r on your keyboard at the same time. Type in notepad and press Enter
Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)

CreateRestorePoint:
CloseProcesses:
Task: {906A42CC-8B44-4A4C-AC7D-DE9871BC0537} - System32\Tasks\Optimize Thumbnail Cache Files => Wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION
C:\Windows\Installer\MSI5A70.tmp
C:\ProgramData\InstallShield\Update\isuspm.ini
HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
SearchScopes: HKU\S-1-5-21-2871485870-1023841466-4125669101-1001 -> {61F9063F-7E31-4A79-9874-7B11F5C37D53} URL =
CHR HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
2016-08-28 16:11 - 2016-08-28 16:12 - 02506383 _____ C:\Users\Diego Miranda\Downloads\Unconfirmed 347069.crdownload
C:\Users\Diego Miranda\AppData\Local\Temp\wVx4rt.exe
Task: C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
FirewallRules: [UDP Query User{3848BC8C-718A-4568-9455-3B7A456AEC7A}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe
FirewallRules: [TCP Query User{90761BC1-8146-4DDB-8A6D-2D93162C27B2}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe
C:\windows\temp\files\bin\kmss.exe
removeproxy:

Right click on FRST.exe, select Run as administrator then press the Fix button
When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Check your proxy settings

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Fixlog
Update on computer condition

#4 dishneggo

Topic Starter

Members
4 posts
OFFLINE

Posted 26 September 2016 - 11:42 AM

Thanks for the reply!

Proxy no longer active! Thank you!

See Fixlog.txt below:

====================

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016

Ran by Diego Miranda (26-09-2016 12:38:37) Run:1

Running from C:\Users\Diego Miranda\Desktop

Loaded Profiles: Diego Miranda (Available Profiles: Diego Miranda)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

Task: {906A42CC-8B44-4A4C-AC7D-DE9871BC0537} - System32\Tasks\Optimize Thumbnail Cache Files => Wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION

C:\Windows\Installer\MSI5A70.tmp

C:\ProgramData\InstallShield\Update\isuspm.ini

HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

SearchScopes: HKU\S-1-5-21-2871485870-1023841466-4125669101-1001 -> {61F9063F-7E31-4A79-9874-7B11F5C37D53} URL =

CHR HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

2016-08-28 16:11 - 2016-08-28 16:12 - 02506383 _____ C:\Users\Diego Miranda\Downloads\Unconfirmed 347069.crdownload

C:\Users\Diego Miranda\AppData\Local\Temp\wVx4rt.exe

Task: C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION

FirewallRules: [UDP Query User{3848BC8C-718A-4568-9455-3B7A456AEC7A}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe

FirewallRules: [TCP Query User{90761BC1-8146-4DDB-8A6D-2D93162C27B2}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe

C:\windows\temp\files\bin\kmss.exe

removeproxy:

*****************

Restore point was successfully created.

Processes closed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{906A42CC-8B44-4A4C-AC7D-DE9871BC0537}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{906A42CC-8B44-4A4C-AC7D-DE9871BC0537}" => key removed successfully

C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache Files => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Thumbnail Cache Files" => key removed successfully

C:\Windows\Installer\MSI5A70.tmp => moved successfully

C:\ProgramData\InstallShield\Update\isuspm.ini => moved successfully

HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

"HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61F9063F-7E31-4A79-9874-7B11F5C37D53}" => key removed successfully

HKCR\CLSID\{61F9063F-7E31-4A79-9874-7B11F5C37D53} => key not found.

"HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully

C:\Users\Diego Miranda\Downloads\Unconfirmed 347069.crdownload => moved successfully

C:\Users\Diego Miranda\AppData\Local\Temp\wVx4rt.exe => moved successfully

C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job => moved successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3848BC8C-718A-4568-9455-3B7A456AEC7A}C:\windows\temp\files\bin\kmss.exe => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{90761BC1-8146-4DDB-8A6D-2D93162C27B2}C:\windows\temp\files\bin\kmss.exe => value removed successfully

"C:\windows\temp\files\bin\kmss.exe" => not found.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2871485870-1023841466-4125669101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

The system needed a reboot.

==== End of Fixlog 12:38:48 ====

#5 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,976 posts
OFFLINE

Gender:Male
Location:California
Local time:03:28 PM

Posted 26 September 2016 - 12:14 PM

Greetings.

:thumbsup2:

Please do this now.

===================================================

Emsisoft Emergency Kit Scan

--------------------

Download Emsisoft Emergency Kit and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click 1. Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply

===================================================

screen317's Security Check

--------------------

Please download screen317's Security Check to your desktop
Double-click icon then click Run
Press any key to launch the program
Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
Allow the program to run
When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply

Emsisoft report
Security check report
Update on computer behavior

#6 dishneggo

Topic Starter

Members
4 posts
OFFLINE

Posted 26 September 2016 - 09:45 PM

Here are the logs:

Emsisoft Emergency Kit - Version 11.9

Last update: 9/26/2016 10:41:10 PM

User account: LENOVO\Diego Miranda

Computer name: LENOVO

OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On

Scan archives: Off

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

Scan start: 9/26/2016 10:42:04 PM

Scanned 75447

Found 0

Scan end: 9/26/2016 10:42:52 PM

Scan time: 0:00:48

==================================================

Results of screen317's Security Check version 1.014 --- 12/23/15

x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Defender

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 8 Update 91

Java version 32-bit out of Date!

Adobe Flash Player 22.0.0.209

Google Chrome (53.0.2785.113)

Google Chrome (53.0.2785.116)

Google Chrome (SetupMetrics...)

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSMpEng.exe

Windows Defender MpCmdRun.exe

Windows Defender MSASCuiL.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

===================================================

I have just updated Java

Edited by dishneggo, 26 September 2016 - 09:46 PM.

#7 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,976 posts
OFFLINE

Gender:Male
Location:California
Local time:03:28 PM

Posted 26 September 2016 - 09:49 PM

Things look good. Are there any remaining issues?

#8 dishneggo

Topic Starter

Members
4 posts
OFFLINE

Posted 27 September 2016 - 11:09 AM

No, your help is much appreciated!

#9 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,976 posts
OFFLINE

Gender:Male
Location:California
Local time:03:28 PM

Posted 27 September 2016 - 01:20 PM

Very good sir.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------

Download Delfix and save it to your Desktop
Double click the icon
Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

Click Run

===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:

Simple and easy ways to keep your computer safe and secure on the Internet.

In addition, here are some more links you might find of interest:

Malwarebytes Anti-Ransomware and other similar programs guards against CryptoLocker which encrypts your files making them inaccessible. <<< Very Important. For more information read the explanation by quietman7
Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
How to backup your Data with Cobian Backup: because you never know when your hard disk might fail or your data gets corrupted (CryptoLocker)
osalt: Find (free) open source alternatives to known commercial software.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you.

#10 Oh My!

Adware and Spyware and Malware.....

Malware Response Instructor
37,976 posts
OFFLINE

Gender:Male
Location:California
Local time:03:28 PM

Posted 30 September 2016 - 01:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.