Hi everybody,
In last days an intruder connected to my computer, he moved the mouse and I take control of the computer. (like remote control tool).
Immediately disconnect the internet but I don't know how does he connects, scan with malwarebytes 3.2.2 but does not throw any infections.
Could they help me detect the infection?
My configuration:
Windows 10 Profesional (updated)
Malwarebytes 3.2.2
Windows Defender (updated)
Sorry for my English.
Thanks,
This is FRST log:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> Secure System
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Sysinternals - www.sysinternals.com) C:\Users\Carlos\Desktop\Administrative Tools\SysinternalsSuite\Tcpview.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Colasoft) C:\Program Files\Colasoft Capsa 9 Free Edition\Capsa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-08-01] (QFX Software Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
Startup: C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-08-06]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{47f83b5f-5075-4c7c-bfbd-e5d9b11f2ea0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{47f83b5f-5075-4c7c-bfbd-e5d9b11f2ea0}: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{d618db93-f575-47c0-b94b-ecec0613a142}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{d618db93-f575-47c0-b94b-ecec0613a142}: [DhcpNameServer] 200.44.32.12 200.109.78.12
Internet Explorer:
==================
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7r0571km.default
FF ProfilePath: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default [2017-10-13]
FF NetworkProxy: Mozilla\Firefox\Profiles\7r0571km.default -> type", 4
FF Extension: (Flash Block (Plus)) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2017-07-25]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-06]
FF Extension: (NoScript) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-01]
FF Extension: (Tamper Data) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2017-07-25]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2231296 2017-07-24] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14415360 2017-07-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Capsax64Drv; C:\WINDOWS\System32\Drivers\Capsax64Drv.sys [44312 2016-09-01] (Colasoft Co., Ltd.)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [22016 2017-07-24] (Microsoft Corporation)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23552 2017-07-24] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-13] (Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [25088 2017-07-24] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2017-07-24] (Microsoft Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [84792 2017-10-13] (Sysinternals - www.sysinternals.com)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-07-24] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31232 2017-07-24] (Microsoft Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [14368 1999-09-14] () [File not signed]
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [104448 2017-07-24] (Microsoft Corporation)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [31232 2017-07-24] (Microsoft Corporation)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-07-24] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wfpcapture; C:\WINDOWS\System32\Drivers\wfpcapture.sys [64728 2016-10-21] (Microsoft Corporation)
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-13 18:54 - 2017-10-13 18:55 - 000061852 _____ C:\TDSSKiller.3.1.0.15_13.10.2017_18.54.34_log.txt
2017-10-13 18:19 - 2017-10-13 15:17 - 000001827 _____ C:\Users\Carlos\Desktop\Wireshark.lnk
2017-10-13 15:17 - 2017-10-13 17:13 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\Wireshark
2017-10-13 15:17 - 2017-10-13 15:17 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-10-13 15:17 - 2017-10-13 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-10-13 15:17 - 2017-10-13 15:17 - 000000000 ____D C:\Program Files (x86)\WinPcap
2017-10-13 15:16 - 2017-10-13 15:17 - 000000000 ____D C:\Program Files\Wireshark
2017-10-13 15:03 - 2017-10-13 15:13 - 057888880 _____ (Wireshark development team) C:\Users\Carlos\Downloads\Wireshark-win64-2.4.2.exe
2017-10-10 22:13 - 2017-10-13 10:23 - 000084792 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-10-10 20:41 - 2017-10-10 20:48 - 005365960 _____ (COMODO) C:\Users\Carlos\Downloads\cfw_installer_6106_53.exe
2017-10-10 18:43 - 2017-10-10 18:43 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-10 18:29 - 2017-09-30 01:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-10 18:29 - 2017-09-30 01:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-10 18:29 - 2017-09-30 01:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-10 18:29 - 2017-09-30 01:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-10 18:29 - 2017-09-30 01:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-10 18:29 - 2017-09-30 01:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-10 18:29 - 2017-09-30 01:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-10 18:29 - 2017-09-30 01:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-10 18:29 - 2017-09-30 01:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-10 18:29 - 2017-09-30 01:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-10 18:29 - 2017-09-30 01:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-10 18:29 - 2017-09-30 01:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-10 18:29 - 2017-09-30 01:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-10 18:29 - 2017-09-30 01:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-10 18:29 - 2017-09-30 01:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-10 18:29 - 2017-09-30 01:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-10 18:29 - 2017-09-30 01:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-10 18:29 - 2017-09-30 01:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-10 18:29 - 2017-09-30 01:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-10 18:29 - 2017-09-30 01:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-10 18:29 - 2017-09-29 22:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-10 18:29 - 2017-09-29 22:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-10 18:29 - 2017-09-29 22:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 18:29 - 2017-09-29 22:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-10 18:29 - 2017-09-29 22:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-10 18:29 - 2017-09-29 22:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-10 18:29 - 2017-09-29 22:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-10 18:29 - 2017-09-29 22:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-10 18:29 - 2017-09-29 22:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-10 18:29 - 2017-09-29 22:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-10 18:29 - 2017-09-29 22:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-10 18:29 - 2017-09-29 22:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-10 18:29 - 2017-09-29 22:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-10 18:29 - 2017-09-29 22:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-10 18:29 - 2017-09-29 22:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-10 18:29 - 2017-09-29 22:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-10 18:29 - 2017-09-29 22:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-10 18:29 - 2017-09-29 22:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-10 18:29 - 2017-09-29 22:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 18:29 - 2017-09-29 22:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-10 18:29 - 2017-09-29 03:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-10 18:29 - 2017-09-29 03:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-10 18:29 - 2017-09-29 03:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 18:29 - 2017-09-29 03:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-10 18:29 - 2017-09-29 03:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-10 18:29 - 2017-09-29 03:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-10 18:29 - 2017-09-29 03:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-10 18:29 - 2017-09-29 03:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-10 18:29 - 2017-09-29 03:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-10 18:29 - 2017-09-29 03:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 18:29 - 2017-09-29 03:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-10 18:29 - 2017-09-29 03:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-10 18:29 - 2017-09-29 03:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-10 18:29 - 2017-09-29 03:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-10 18:29 - 2017-09-29 03:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 18:29 - 2017-09-29 03:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-10 18:29 - 2017-09-29 03:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-10 18:29 - 2017-09-29 03:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-10 18:29 - 2017-09-29 03:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-10 18:29 - 2017-09-29 03:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-10 18:29 - 2017-09-29 03:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-10 18:29 - 2017-09-29 03:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-10 18:29 - 2017-09-29 03:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-10 18:29 - 2017-09-29 03:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-10 18:29 - 2017-09-29 03:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-10 18:29 - 2017-09-29 03:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-10 18:29 - 2017-09-29 03:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-10 18:29 - 2017-09-29 03:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-10 18:29 - 2017-09-29 03:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-10 18:29 - 2017-09-29 03:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-10 18:29 - 2017-09-29 03:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-10 18:29 - 2017-09-29 03:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-10 18:29 - 2017-09-29 03:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-10 18:29 - 2017-09-29 03:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-10 18:29 - 2017-09-29 03:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-10 18:29 - 2017-09-29 03:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-10 18:29 - 2017-09-29 03:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-10 18:29 - 2017-09-29 03:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-10 18:29 - 2017-09-29 03:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-10 18:29 - 2017-09-29 03:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-10 18:29 - 2017-09-29 03:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-10 18:29 - 2017-09-29 03:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-10 18:29 - 2017-09-29 03:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-10 18:29 - 2017-09-29 03:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-10 18:29 - 2017-09-29 03:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-10 18:29 - 2017-09-29 03:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-10 18:29 - 2017-09-29 03:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-10 18:29 - 2017-09-29 03:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-10 18:29 - 2017-09-29 03:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-10 18:29 - 2017-09-29 03:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-10 18:29 - 2017-09-29 03:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 18:29 - 2017-09-29 03:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-10 18:29 - 2017-09-29 03:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-10 18:29 - 2017-09-29 03:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-10 18:29 - 2017-09-29 03:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 18:29 - 2017-09-29 03:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-10 18:29 - 2017-09-29 03:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-10 18:29 - 2017-09-29 03:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-10-10 18:29 - 2017-09-29 03:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-10 18:29 - 2017-09-29 03:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-10 18:29 - 2017-09-29 01:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-10 18:29 - 2017-09-29 01:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-10 18:29 - 2017-09-20 11:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 18:29 - 2017-09-20 11:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-10 18:29 - 2017-09-20 11:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-10 18:29 - 2017-09-18 19:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-10 18:29 - 2017-09-18 18:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-10 18:29 - 2017-09-18 18:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-10 18:29 - 2017-09-18 18:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-10 18:28 - 2017-09-30 01:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-10 18:28 - 2017-09-30 01:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 18:28 - 2017-09-30 01:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-10 18:28 - 2017-09-30 01:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 18:28 - 2017-09-30 01:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-10 18:28 - 2017-09-30 01:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-10 18:28 - 2017-09-30 01:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-10 18:28 - 2017-09-30 01:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-10 18:28 - 2017-09-30 01:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-10 18:28 - 2017-09-30 01:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-10 18:28 - 2017-09-30 01:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-10 18:28 - 2017-09-30 01:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-10 18:28 - 2017-09-30 01:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-10 18:28 - 2017-09-30 01:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-10 18:28 - 2017-09-30 01:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-10-10 18:28 - 2017-09-30 01:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-10 18:28 - 2017-09-30 01:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-10 18:28 - 2017-09-30 01:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-10 18:28 - 2017-09-30 01:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-10 18:28 - 2017-09-30 01:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-10 18:28 - 2017-09-30 01:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-10 18:28 - 2017-09-30 01:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-10 18:28 - 2017-09-30 01:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-10 18:28 - 2017-09-30 01:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 18:28 - 2017-09-30 01:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-10 18:28 - 2017-09-30 01:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-10 18:28 - 2017-09-30 01:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-10 18:28 - 2017-09-30 01:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-10 18:28 - 2017-09-30 01:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-10 18:28 - 2017-09-30 01:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-10 18:28 - 2017-09-30 01:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-10 18:28 - 2017-09-29 03:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-10 18:28 - 2017-09-29 03:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-10 18:28 - 2017-09-29 03:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 18:28 - 2017-09-29 03:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-10 18:28 - 2017-09-29 03:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-10 18:28 - 2017-09-29 03:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-10 18:28 - 2017-09-29 03:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-10 18:28 - 2017-09-29 03:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-10 18:28 - 2017-09-29 03:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-10 18:28 - 2017-09-29 03:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 18:28 - 2017-09-29 03:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 18:28 - 2017-09-29 03:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-10 18:28 - 2017-09-29 03:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-10 18:28 - 2017-09-29 03:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-10 18:28 - 2017-09-29 03:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-10 18:28 - 2017-09-29 03:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-10 18:28 - 2017-09-29 03:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-10 18:28 - 2017-09-29 03:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-10 18:28 - 2017-09-29 03:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-10 18:28 - 2017-09-29 03:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-10 18:28 - 2017-09-29 03:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-10 18:28 - 2017-09-29 03:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-10 18:28 - 2017-09-29 03:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-10 18:28 - 2017-09-29 03:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-10 18:28 - 2017-09-29 03:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-10 18:28 - 2017-09-29 03:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-10 18:28 - 2017-09-29 03:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 18:28 - 2017-09-29 03:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-10 18:28 - 2017-09-29 03:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-10 18:28 - 2017-09-29 03:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 18:28 - 2017-09-29 03:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-10 18:28 - 2017-09-29 03:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-10 18:28 - 2017-09-29 03:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 18:28 - 2017-09-29 03:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-10 18:28 - 2017-09-29 03:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-10 18:28 - 2017-09-29 03:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-10 18:28 - 2017-09-29 03:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-10 18:28 - 2017-09-29 03:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-10 18:28 - 2017-09-29 03:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-10 18:28 - 2017-09-29 03:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-10 18:28 - 2017-09-29 03:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-10 18:28 - 2017-09-29 03:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-10 18:28 - 2017-09-29 03:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-10 18:28 - 2017-09-29 03:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-10 18:28 - 2017-09-29 03:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-10 18:28 - 2017-09-18 19:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-10 18:28 - 2017-09-18 19:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-10 18:28 - 2017-09-18 19:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-10 18:28 - 2017-09-18 19:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-10 18:28 - 2017-09-18 19:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-10 18:28 - 2017-09-18 19:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-10 18:28 - 2017-09-18 19:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-10 18:28 - 2017-09-18 18:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-10 18:28 - 2017-09-18 18:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-10 18:28 - 2017-09-18 18:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-10 15:12 - 2017-10-13 17:47 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-09 23:37 - 2017-10-13 19:38 - 000000000 ____D C:\FRST
2017-10-08 21:03 - 2017-10-08 21:03 - 000023404 _____ C:\Users\Carlos\Downloads\thedarktower2017720pblurayx264-ytsag-spanish-115368.zip
2017-10-05 13:00 - 2017-10-06 10:30 - 000000000 ____D C:\Program Files\Recuva
2017-10-05 12:59 - 2017-10-05 13:00 - 005562976 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\rcsetup153.exe
2017-10-05 12:49 - 2017-10-05 12:49 - 000167773 _____ C:\Users\Carlos\Downloads\Restoration.zip
2017-09-22 22:22 - 2017-09-22 22:23 - 009809688 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\ccsetup535.exe
2017-09-18 16:17 - 2017-09-18 16:17 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\Macromedia
2017-09-18 15:32 - 2017-09-22 22:24 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-18 15:32 - 2017-09-18 15:32 - 000002878 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-18 15:32 - 2017-09-18 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-18 15:32 - 2017-09-18 15:32 - 000000000 ____D C:\Program Files\CCleaner
2017-09-18 15:22 - 2017-09-18 15:24 - 009826968 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\ccsetup534.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-13 19:39 - 2016-11-09 20:01 - 000000000 ____D C:\Temporal
2017-10-13 19:33 - 2016-11-15 20:00 - 000000000 ____D C:\Users\Carlos\Desktop\Desktop Work
2017-10-13 17:56 - 2017-07-21 22:11 - 000000000 ____D C:\Program Files\Colasoft Capsa 9 Free Edition
2017-10-13 17:47 - 2017-07-21 21:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-13 17:47 - 2017-07-21 16:08 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-10-13 15:16 - 2017-07-21 22:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-13 15:06 - 2016-11-15 20:02 - 000000000 ___RD C:\Users\Carlos\Desktop\Administrative Tools
2017-10-13 10:33 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 10:30 - 2017-07-21 21:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-12 17:54 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-10-11 19:01 - 2017-07-21 16:18 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-11 19:01 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-11 18:53 - 2017-07-21 16:17 - 000000000 ____D C:\WINDOWS\INF
2017-10-10 21:41 - 2017-07-22 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-10-10 19:55 - 2017-08-14 12:44 - 000001183 _____ C:\Users\Carlos\Desktop\Microsoft Message Analyzer.lnk
2017-10-10 19:21 - 2016-11-14 20:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-10 19:19 - 2017-07-21 21:42 - 003749892 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-10 19:19 - 2017-07-21 16:23 - 001832350 _____ C:\WINDOWS\system32\perfh00A.dat
2017-10-10 19:19 - 2017-07-21 16:23 - 000467016 _____ C:\WINDOWS\system32\perfc00A.dat
2017-10-10 19:16 - 2017-07-21 21:28 - 000421752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-10 19:12 - 2017-07-21 16:19 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-10 19:12 - 2017-07-21 16:19 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-10 18:45 - 2017-07-21 22:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-10 18:43 - 2017-07-21 22:25 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-10 18:43 - 2017-07-21 16:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-10 18:39 - 2017-07-21 16:18 - 000000167 _____ C:\WINDOWS\win.ini
2017-10-09 23:05 - 2017-02-21 17:48 - 000000000 ___RD C:\Users\Carlos\Desktop\Journal
2017-10-08 22:38 - 2017-07-22 00:32 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\vlc
2017-10-08 20:51 - 2017-07-21 21:56 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-07 00:56 - 2017-07-21 21:35 - 000000000 ____D C:\Users\Carlos
2017-10-05 12:06 - 2017-08-26 14:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-05 12:06 - 2017-07-21 23:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-05 08:58 - 2017-07-21 22:11 - 000001166 _____ C:\Users\Carlos\Desktop\Colasoft Capsa 9 Free.lnk
2017-09-29 22:10 - 2016-07-16 08:58 - 000395312 __RSH C:\bootmgr
2017-09-22 12:07 - 2017-07-27 11:29 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4132324553-1498383444-2591444562-1001
2017-09-22 12:07 - 2017-07-21 21:44 - 000002411 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-22 12:07 - 2016-11-14 20:33 - 000000000 ___RD C:\Users\Carlos\OneDrive
2017-09-21 09:34 - 2017-09-07 07:02 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-21 09:34 - 2017-09-07 07:02 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-14 09:41 - 2016-11-15 21:40 - 000001510 _____ C:\Users\Carlos\Desktop\Tcpview.lnk
==================== Files in the root of some directories =======
2017-07-22 13:29 - 2017-10-13 14:49 - 000007671 _____ () C:\Users\Carlos\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-11 22:49
==================== End of FRST.txt ============================
And this is addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Carlos (13-10-2017 19:39:55)
Running from D:\Users\Carlos\Documents\CaseWork\Abiertos\11. Antivirus y Seguridad\Aplicaciones
Windows 10 Pro Version 1703 170317-1834 (X64) (2017-07-22 01:41:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-4132324553-1498383444-2591444562-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4132324553-1498383444-2591444562-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4132324553-1498383444-2591444562-1000 - Limited - Disabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-4132324553-1498383444-2591444562-501 - Limited - Disabled)
Carlos (S-1-5-21-4132324553-1498383444-2591444562-1001 - Administrator - Enabled) => C:\Users\Carlos
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Centro de Mouse y Teclado de Microsoft (HKLM\...\{E5665840-466D-4B22-A5E5-00C73BFDAC03}) (Version: 2.8.106.0 - Microsoft Corporation) Hidden
Centro de Mouse y Teclado de Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation)
Colasoft Capsa 9 Free (HKLM\...\6764EB45-A821-4F9B-B33C-545964A732E3_is1) (Version: 9.2.0.9267 - Colasoft)
Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ghost Recon (HKLM-x32\...\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Message Analyzer (HKLM\...\{93AA1795-974B-4F77-A498-D070EE66A764}) (Version: 4.0.8112.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 56.0 (x64 es-ES)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
OpenOffice 4.1.3 (HKLM-x32\...\{EF451311-C2EC-4245-911F-4847C2294A82}) (Version: 4.13.9783 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Radmin Viewer 3.5 (HKLM-x32\...\{199127DC-7BDB-41AB-825B-4229A86F8F0D}) (Version: 3.50.0000 - Famatech)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Visio 2013 (KB2817443) 32-Bit Edition (HKLM-x32\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.4.2 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.2 - The Wireshark developer community, hxxps://www.wireshark.org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3241ED0A-7522-4FDF-BDB9-B34B6180EBC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {5F6F58E3-6E2A-41CD-84AA-312E4075620C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {64C1E460-D5EB-4D08-924C-9F554AAE9AB1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6A130D8C-D0C3-4613-A487-F5BE4E9AF91C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {7CD3FC88-F5D7-49AD-8D1F-CF9761C67294} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)
Task: {B18C70F0-7F99-4F66-AE2C-59DA8CCCA544} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {CE39A31F-B86D-45E5-B068-E28A0FA8D3B1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2016-08-15] (Microsoft)
Task: {F41F53E9-F4FA-49F8-94A0-AF197D37E6B1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {FA0D53AC-6C77-4038-AC30-E302EAC343B3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-07-21 21:56 - 2017-10-08 20:51 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-20 01:14 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-22 18:04 - 2017-08-22 18:21 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 18:04 - 2017-08-22 18:21 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 18:04 - 2017-08-22 18:32 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 18:04 - 2017-08-22 18:21 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-07-21 22:11 - 2017-02-08 02:40 - 215886104 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\cstre.dll
2017-07-21 22:11 - 2017-02-08 02:40 - 000444184 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSPLC.dll
2017-07-21 22:11 - 2016-08-07 18:54 - 000069632 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\tsharkdecode.dll
2017-07-21 22:11 - 2016-08-07 19:03 - 000106496 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\zlibwapi.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000572416 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgcrypt-20.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 001019430 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgnutls-28.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000447977 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgmp-10.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000184907 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libhogweed-2-4.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000095232 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgpg-error6-0.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000182365 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libnettle-4-6.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000247415 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libp11-kit-0.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000032585 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libffi-6.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000080653 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libtasn1-6.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000090195 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\zlib1.dll
2017-07-21 22:11 - 2017-02-08 02:40 - 000119064 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSBAE.dll
2017-07-21 22:11 - 2017-02-08 02:40 - 000044824 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSCrypto.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-07-21 16:19 - 2017-07-21 16:17 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\Carlos\Imagenes\WallPapers\Wallpaper 1920x1080.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{62F7AFF4-E0E5-46DD-A98D-7D6D8D09B5CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{54DF448F-4469-4B05-8EA4-373D46309B1E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [TCP Query User{BD3C9C8C-140F-4794-8138-609AEECB948F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3288AD6B-CDEB-4D6C-AA2A-2B2F1E36EF54}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5CAEF407-E503-4C1A-B467-4D42A60BEDF1}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Block) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe
FirewallRules: [UDP Query User{81A05DC5-950A-43E1-AFA4-69B2AB5F7C0A}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Block) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe
FirewallRules: [{898E8724-E18D-4E79-910B-D3267D7FE41D}] => (Block) LPort=445
FirewallRules: [{2094D883-8186-4FC4-99A7-3A79350D49A4}] => (Block) LPort=135
FirewallRules: [{7550A20F-E117-4195-A8DC-BDF28FA3EBDE}] => (Block) LPort=139
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2017 09:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0xb34
Hora de inicio de la aplicación con errores: 0x01d34231e35538e8
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: 72be0c80-52f1-45bd-bea6-b89ad2c586a8
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI
Error: (10/10/2017 09:40:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-C3QABMH)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
Error: (10/10/2017 09:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x2610
Hora de inicio de la aplicación con errores: 0x01d34231e10dc83a
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: 2ab0e12f-2ef5-4425-82e6-35a7306e9907
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI
Error: (10/10/2017 09:40:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x774
Hora de inicio de la aplicación con errores: 0x01d34231debe444d
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: b99b0a39-cea5-49b7-a5f5-674e681aa43f
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI
Error: (10/10/2017 09:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc000041d
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x129c
Hora de inicio de la aplicación con errores: 0x01d34231db563c79
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: ec5f06fa-bea2-4049-8f70-fe3799ebf147
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI
Error: (10/10/2017 09:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x129c
Hora de inicio de la aplicación con errores: 0x01d34231db563c79
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: 4028fbd2-50b5-452b-8e6e-860953b83530
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI
Error: (10/10/2017 09:39:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x25b8
Hora de inicio de la aplicación con errores: 0x01d34231d80c0264
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: 52b60199-10b0-47a0-b3d8-8af156207f8f
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI
Error: (10/10/2017 07:53:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio ".NETFramework" en el archivo DLL "C:\WINDOWS\system32\mscoree.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.
Error: (10/10/2017 07:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SystemSettings.exe, versión: 10.0.15063.502, marca de tiempo: 0x7c8bd05a
Nombre del módulo con errores: MusUpdateHandlers.dll, versión: 10.0.15063.674, marca de tiempo: 0x19e82d6b
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000002da9f
Identificador del proceso con errores: 0x1438
Hora de inicio de la aplicación con errores: 0x01d3422012ea793e
Ruta de acceso de la aplicación con errores: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\MusUpdateHandlers.dll
Identificador del informe: 191a19fa-6adb-4b33-a99f-d3ed4b60fb8d
Nombre completo del paquete con errores: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: microsoft.windows.immersivecontrolpanel
Error: (10/10/2017 06:44:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.
System errors:
=============
Error: (10/13/2017 05:55:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (10/13/2017 05:55:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (10/13/2017 05:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (10/13/2017 05:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (10/13/2017 05:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
Solicitud no compatible.
Error: (10/13/2017 05:35:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
Solicitud no compatible.
Error: (10/13/2017 05:32:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
Solicitud no compatible.
Error: (10/13/2017 05:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (10/13/2017 05:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
Error: (10/13/2017 05:16:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.
CodeIntegrity:
===================================
Date: 2017-10-13 18:54:40.027
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-13 18:22:01.621
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements.
Date: 2017-10-13 18:20:50.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements.
Date: 2017-10-13 17:55:53.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-13 17:54:42.182
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-13 17:43:02.331
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-13 17:36:39.808
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-13 17:21:55.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-13 17:16:13.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-13 15:15:43.331
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8100.43 MB
Available physical RAM: 4989.56 MB
Total Virtual: 9380.43 MB
Available Virtual: 5861.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.12 GB) (Free:61.23 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:400.39 GB) (Free:120.39 GB) NTFS
Drive f: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E6F6F789)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=97.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=400.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================