Intruder takes control of my computer

ctom · October 13, 2017

Hi everybody,

In last days an intruder connected to my computer, he moved the mouse and I take control of the computer. (like remote control tool).

Immediately disconnect the internet but I don't know how does he connects, scan with malwarebytes 3.2.2 but does not throw any infections.

Could they help me detect the infection?

My configuration:

Windows 10 Profesional (updated)

Malwarebytes 3.2.2

Windows Defender (updated)

Sorry for my English.

Thanks,

This is FRST log:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Sysinternals - www.sysinternals.com) C:\Users\Carlos\Desktop\Administrative Tools\SysinternalsSuite\Tcpview.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Colasoft) C:\Program Files\Colasoft Capsa 9 Free Edition\Capsa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-08-01] (QFX Software Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
Startup: C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-08-06]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{47f83b5f-5075-4c7c-bfbd-e5d9b11f2ea0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{47f83b5f-5075-4c7c-bfbd-e5d9b11f2ea0}: [DhcpNameServer] 200.44.32.12 200.109.78.12
Tcpip\..\Interfaces\{d618db93-f575-47c0-b94b-ecec0613a142}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{d618db93-f575-47c0-b94b-ecec0613a142}: [DhcpNameServer] 200.44.32.12 200.109.78.12

Internet Explorer:
==================
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7r0571km.default
FF ProfilePath: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default [2017-10-13]
FF NetworkProxy: Mozilla\Firefox\Profiles\7r0571km.default -> type", 4
FF Extension: (Flash Block (Plus)) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2017-07-25]
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-06]
FF Extension: (NoScript) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-01]
FF Extension: (Tamper Data) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2017-07-25]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2231296 2017-07-24] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14415360 2017-07-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Capsax64Drv; C:\WINDOWS\System32\Drivers\Capsax64Drv.sys [44312 2016-09-01] (Colasoft Co., Ltd.)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [22016 2017-07-24] (Microsoft Corporation)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23552 2017-07-24] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-13] (Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [25088 2017-07-24] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2017-07-24] (Microsoft Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [84792 2017-10-13] (Sysinternals - www.sysinternals.com)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-07-24] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31232 2017-07-24] (Microsoft Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [14368 1999-09-14] () [File not signed]
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [104448 2017-07-24] (Microsoft Corporation)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [31232 2017-07-24] (Microsoft Corporation)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-07-24] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wfpcapture; C:\WINDOWS\System32\Drivers\wfpcapture.sys [64728 2016-10-21] (Microsoft Corporation)
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-13 18:54 - 2017-10-13 18:55 - 000061852 _____ C:\TDSSKiller.3.1.0.15_13.10.2017_18.54.34_log.txt
2017-10-13 18:19 - 2017-10-13 15:17 - 000001827 _____ C:\Users\Carlos\Desktop\Wireshark.lnk
2017-10-13 15:17 - 2017-10-13 17:13 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\Wireshark
2017-10-13 15:17 - 2017-10-13 15:17 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-10-13 15:17 - 2017-10-13 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-10-13 15:17 - 2017-10-13 15:17 - 000000000 ____D C:\Program Files (x86)\WinPcap
2017-10-13 15:16 - 2017-10-13 15:17 - 000000000 ____D C:\Program Files\Wireshark
2017-10-13 15:03 - 2017-10-13 15:13 - 057888880 _____ (Wireshark development team) C:\Users\Carlos\Downloads\Wireshark-win64-2.4.2.exe
2017-10-10 22:13 - 2017-10-13 10:23 - 000084792 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-10-10 20:41 - 2017-10-10 20:48 - 005365960 _____ (COMODO) C:\Users\Carlos\Downloads\cfw_installer_6106_53.exe
2017-10-10 18:43 - 2017-10-10 18:43 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-10 18:29 - 2017-09-30 01:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-10 18:29 - 2017-09-30 01:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-10 18:29 - 2017-09-30 01:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-10 18:29 - 2017-09-30 01:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-10 18:29 - 2017-09-30 01:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-10 18:29 - 2017-09-30 01:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-10 18:29 - 2017-09-30 01:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-10 18:29 - 2017-09-30 01:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-10 18:29 - 2017-09-30 01:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-10 18:29 - 2017-09-30 01:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-10 18:29 - 2017-09-30 01:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-10 18:29 - 2017-09-30 01:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-10 18:29 - 2017-09-30 01:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-10 18:29 - 2017-09-30 01:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-10 18:29 - 2017-09-30 01:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-10 18:29 - 2017-09-30 01:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-10 18:29 - 2017-09-30 01:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-10 18:29 - 2017-09-30 01:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-10 18:29 - 2017-09-30 01:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-10 18:29 - 2017-09-30 01:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-10 18:29 - 2017-09-29 22:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-10 18:29 - 2017-09-29 22:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-10 18:29 - 2017-09-29 22:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 18:29 - 2017-09-29 22:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 18:29 - 2017-09-29 22:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-10 18:29 - 2017-09-29 22:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-10 18:29 - 2017-09-29 22:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-10 18:29 - 2017-09-29 22:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-10 18:29 - 2017-09-29 22:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-10 18:29 - 2017-09-29 22:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-10 18:29 - 2017-09-29 22:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-10 18:29 - 2017-09-29 22:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-10 18:29 - 2017-09-29 22:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-10 18:29 - 2017-09-29 22:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-10 18:29 - 2017-09-29 22:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-10 18:29 - 2017-09-29 22:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-10 18:29 - 2017-09-29 22:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-10 18:29 - 2017-09-29 22:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-10 18:29 - 2017-09-29 22:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-10 18:29 - 2017-09-29 22:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-10 18:29 - 2017-09-29 22:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 18:29 - 2017-09-29 22:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-10 18:29 - 2017-09-29 03:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-10 18:29 - 2017-09-29 03:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-10 18:29 - 2017-09-29 03:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 18:29 - 2017-09-29 03:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-10 18:29 - 2017-09-29 03:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-10 18:29 - 2017-09-29 03:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-10 18:29 - 2017-09-29 03:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-10 18:29 - 2017-09-29 03:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-10 18:29 - 2017-09-29 03:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-10 18:29 - 2017-09-29 03:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 18:29 - 2017-09-29 03:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-10 18:29 - 2017-09-29 03:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-10 18:29 - 2017-09-29 03:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-10 18:29 - 2017-09-29 03:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-10 18:29 - 2017-09-29 03:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-10 18:29 - 2017-09-29 03:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 18:29 - 2017-09-29 03:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-10 18:29 - 2017-09-29 03:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-10 18:29 - 2017-09-29 03:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-10 18:29 - 2017-09-29 03:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-10 18:29 - 2017-09-29 03:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-10 18:29 - 2017-09-29 03:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-10 18:29 - 2017-09-29 03:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-10 18:29 - 2017-09-29 03:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-10 18:29 - 2017-09-29 03:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-10 18:29 - 2017-09-29 03:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-10 18:29 - 2017-09-29 03:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-10 18:29 - 2017-09-29 03:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-10 18:29 - 2017-09-29 03:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-10 18:29 - 2017-09-29 03:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-10 18:29 - 2017-09-29 03:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-10 18:29 - 2017-09-29 03:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-10 18:29 - 2017-09-29 03:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-10 18:29 - 2017-09-29 03:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-10 18:29 - 2017-09-29 03:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-10 18:29 - 2017-09-29 03:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-10 18:29 - 2017-09-29 03:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-10 18:29 - 2017-09-29 03:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-10 18:29 - 2017-09-29 03:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-10 18:29 - 2017-09-29 03:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-10 18:29 - 2017-09-29 03:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-10 18:29 - 2017-09-29 03:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-10 18:29 - 2017-09-29 03:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-10 18:29 - 2017-09-29 03:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-10 18:29 - 2017-09-29 03:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-10 18:29 - 2017-09-29 03:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-10 18:29 - 2017-09-29 03:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-10 18:29 - 2017-09-29 03:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-10 18:29 - 2017-09-29 03:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-10 18:29 - 2017-09-29 03:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-10 18:29 - 2017-09-29 03:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-10 18:29 - 2017-09-29 03:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-10 18:29 - 2017-09-29 03:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-10 18:29 - 2017-09-29 03:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-10 18:29 - 2017-09-29 03:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 18:29 - 2017-09-29 03:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-10 18:29 - 2017-09-29 03:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-10 18:29 - 2017-09-29 03:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-10 18:29 - 2017-09-29 03:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 18:29 - 2017-09-29 03:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-10 18:29 - 2017-09-29 03:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-10 18:29 - 2017-09-29 03:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-10-10 18:29 - 2017-09-29 03:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-10 18:29 - 2017-09-29 03:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-10 18:29 - 2017-09-29 01:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-10 18:29 - 2017-09-29 01:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-10 18:29 - 2017-09-20 11:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 18:29 - 2017-09-20 11:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-10 18:29 - 2017-09-20 11:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-10 18:29 - 2017-09-18 19:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-10 18:29 - 2017-09-18 18:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-10 18:29 - 2017-09-18 18:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-10 18:29 - 2017-09-18 18:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-10 18:28 - 2017-09-30 01:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-10 18:28 - 2017-09-30 01:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 18:28 - 2017-09-30 01:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-10 18:28 - 2017-09-30 01:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 18:28 - 2017-09-30 01:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-10 18:28 - 2017-09-30 01:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-10 18:28 - 2017-09-30 01:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-10 18:28 - 2017-09-30 01:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-10 18:28 - 2017-09-30 01:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-10 18:28 - 2017-09-30 01:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-10 18:28 - 2017-09-30 01:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-10 18:28 - 2017-09-30 01:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-10 18:28 - 2017-09-30 01:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-10 18:28 - 2017-09-30 01:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-10 18:28 - 2017-09-30 01:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-10 18:28 - 2017-09-30 01:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-10-10 18:28 - 2017-09-30 01:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-10 18:28 - 2017-09-30 01:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-10 18:28 - 2017-09-30 01:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-10 18:28 - 2017-09-30 01:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-10 18:28 - 2017-09-30 01:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-10 18:28 - 2017-09-30 01:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-10 18:28 - 2017-09-30 01:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-10 18:28 - 2017-09-30 01:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-10 18:28 - 2017-09-30 01:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 18:28 - 2017-09-30 01:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-10 18:28 - 2017-09-30 01:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-10 18:28 - 2017-09-30 01:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-10 18:28 - 2017-09-30 01:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-10 18:28 - 2017-09-30 01:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-10 18:28 - 2017-09-30 01:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-10 18:28 - 2017-09-30 01:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-10 18:28 - 2017-09-29 03:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-10 18:28 - 2017-09-29 03:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-10 18:28 - 2017-09-29 03:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 18:28 - 2017-09-29 03:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-10 18:28 - 2017-09-29 03:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-10 18:28 - 2017-09-29 03:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-10 18:28 - 2017-09-29 03:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-10 18:28 - 2017-09-29 03:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-10 18:28 - 2017-09-29 03:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-10 18:28 - 2017-09-29 03:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-10 18:28 - 2017-09-29 03:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 18:28 - 2017-09-29 03:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 18:28 - 2017-09-29 03:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-10 18:28 - 2017-09-29 03:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-10 18:28 - 2017-09-29 03:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-10 18:28 - 2017-09-29 03:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-10 18:28 - 2017-09-29 03:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-10 18:28 - 2017-09-29 03:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-10 18:28 - 2017-09-29 03:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-10 18:28 - 2017-09-29 03:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-10 18:28 - 2017-09-29 03:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-10 18:28 - 2017-09-29 03:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-10 18:28 - 2017-09-29 03:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-10 18:28 - 2017-09-29 03:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-10 18:28 - 2017-09-29 03:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-10 18:28 - 2017-09-29 03:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-10 18:28 - 2017-09-29 03:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-10 18:28 - 2017-09-29 03:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-10 18:28 - 2017-09-29 03:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-10 18:28 - 2017-09-29 03:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-10 18:28 - 2017-09-29 03:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-10 18:28 - 2017-09-29 03:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 18:28 - 2017-09-29 03:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-10 18:28 - 2017-09-29 03:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-10 18:28 - 2017-09-29 03:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 18:28 - 2017-09-29 03:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-10 18:28 - 2017-09-29 03:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-10 18:28 - 2017-09-29 03:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 18:28 - 2017-09-29 03:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-10 18:28 - 2017-09-29 03:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-10 18:28 - 2017-09-29 03:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-10 18:28 - 2017-09-29 03:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-10 18:28 - 2017-09-29 03:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-10 18:28 - 2017-09-29 03:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-10 18:28 - 2017-09-29 03:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-10 18:28 - 2017-09-29 03:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-10 18:28 - 2017-09-29 03:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-10 18:28 - 2017-09-29 03:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-10 18:28 - 2017-09-29 03:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-10 18:28 - 2017-09-29 03:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-10 18:28 - 2017-09-18 19:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-10 18:28 - 2017-09-18 19:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-10 18:28 - 2017-09-18 19:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-10 18:28 - 2017-09-18 19:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-10 18:28 - 2017-09-18 19:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-10 18:28 - 2017-09-18 19:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-10 18:28 - 2017-09-18 19:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-10 18:28 - 2017-09-18 18:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-10 18:28 - 2017-09-18 18:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-10 18:28 - 2017-09-18 18:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-10 15:12 - 2017-10-13 17:47 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-09 23:37 - 2017-10-13 19:38 - 000000000 ____D C:\FRST
2017-10-08 21:03 - 2017-10-08 21:03 - 000023404 _____ C:\Users\Carlos\Downloads\thedarktower2017720pblurayx264-ytsag-spanish-115368.zip
2017-10-05 13:00 - 2017-10-06 10:30 - 000000000 ____D C:\Program Files\Recuva
2017-10-05 12:59 - 2017-10-05 13:00 - 005562976 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\rcsetup153.exe
2017-10-05 12:49 - 2017-10-05 12:49 - 000167773 _____ C:\Users\Carlos\Downloads\Restoration.zip
2017-09-22 22:22 - 2017-09-22 22:23 - 009809688 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\ccsetup535.exe
2017-09-18 16:17 - 2017-09-18 16:17 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\Macromedia
2017-09-18 15:32 - 2017-09-22 22:24 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-18 15:32 - 2017-09-18 15:32 - 000002878 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-18 15:32 - 2017-09-18 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-18 15:32 - 2017-09-18 15:32 - 000000000 ____D C:\Program Files\CCleaner
2017-09-18 15:22 - 2017-09-18 15:24 - 009826968 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\ccsetup534.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-13 19:39 - 2016-11-09 20:01 - 000000000 ____D C:\Temporal
2017-10-13 19:33 - 2016-11-15 20:00 - 000000000 ____D C:\Users\Carlos\Desktop\Desktop Work
2017-10-13 17:56 - 2017-07-21 22:11 - 000000000 ____D C:\Program Files\Colasoft Capsa 9 Free Edition
2017-10-13 17:47 - 2017-07-21 21:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-13 17:47 - 2017-07-21 16:08 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-10-13 15:16 - 2017-07-21 22:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-13 15:06 - 2016-11-15 20:02 - 000000000 ___RD C:\Users\Carlos\Desktop\Administrative Tools
2017-10-13 10:33 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 10:30 - 2017-07-21 21:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-12 17:54 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-10-11 19:01 - 2017-07-21 16:18 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-11 19:01 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-11 18:53 - 2017-07-21 16:17 - 000000000 ____D C:\WINDOWS\INF
2017-10-10 21:41 - 2017-07-22 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-10-10 19:55 - 2017-08-14 12:44 - 000001183 _____ C:\Users\Carlos\Desktop\Microsoft Message Analyzer.lnk
2017-10-10 19:21 - 2016-11-14 20:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-10 19:19 - 2017-07-21 21:42 - 003749892 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-10 19:19 - 2017-07-21 16:23 - 001832350 _____ C:\WINDOWS\system32\perfh00A.dat
2017-10-10 19:19 - 2017-07-21 16:23 - 000467016 _____ C:\WINDOWS\system32\perfc00A.dat
2017-10-10 19:16 - 2017-07-21 21:28 - 000421752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-10 19:12 - 2017-07-21 16:19 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-10 19:12 - 2017-07-21 16:19 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-10 18:45 - 2017-07-21 22:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-10 18:43 - 2017-07-21 22:25 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-10 18:43 - 2017-07-21 16:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-10 18:39 - 2017-07-21 16:18 - 000000167 _____ C:\WINDOWS\win.ini
2017-10-09 23:05 - 2017-02-21 17:48 - 000000000 ___RD C:\Users\Carlos\Desktop\Journal
2017-10-08 22:38 - 2017-07-22 00:32 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\vlc
2017-10-08 20:51 - 2017-07-21 21:56 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-07 00:56 - 2017-07-21 21:35 - 000000000 ____D C:\Users\Carlos
2017-10-05 12:06 - 2017-08-26 14:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-05 12:06 - 2017-07-21 23:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-05 08:58 - 2017-07-21 22:11 - 000001166 _____ C:\Users\Carlos\Desktop\Colasoft Capsa 9 Free.lnk
2017-09-29 22:10 - 2016-07-16 08:58 - 000395312 __RSH C:\bootmgr
2017-09-22 12:07 - 2017-07-27 11:29 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4132324553-1498383444-2591444562-1001
2017-09-22 12:07 - 2017-07-21 21:44 - 000002411 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-22 12:07 - 2016-11-14 20:33 - 000000000 ___RD C:\Users\Carlos\OneDrive
2017-09-21 09:34 - 2017-09-07 07:02 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-21 09:34 - 2017-09-07 07:02 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-14 09:41 - 2016-11-15 21:40 - 000001510 _____ C:\Users\Carlos\Desktop\Tcpview.lnk

==================== Files in the root of some directories =======

2017-07-22 13:29 - 2017-10-13 14:49 - 000007671 _____ () C:\Users\Carlos\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-11 22:49

==================== End of FRST.txt ============================

And this is addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Carlos (13-10-2017 19:39:55)
Running from D:\Users\Carlos\Documents\CaseWork\Abiertos\11. Antivirus y Seguridad\Aplicaciones
Windows 10 Pro Version 1703 170317-1834 (X64) (2017-07-22 01:41:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-4132324553-1498383444-2591444562-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4132324553-1498383444-2591444562-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4132324553-1498383444-2591444562-1000 - Limited - Disabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-4132324553-1498383444-2591444562-501 - Limited - Disabled)
Carlos (S-1-5-21-4132324553-1498383444-2591444562-1001 - Administrator - Enabled) => C:\Users\Carlos

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Centro de Mouse y Teclado de Microsoft (HKLM\...\{E5665840-466D-4B22-A5E5-00C73BFDAC03}) (Version: 2.8.106.0 - Microsoft Corporation) Hidden
Centro de Mouse y Teclado de Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation)
Colasoft Capsa 9 Free (HKLM\...\6764EB45-A821-4F9B-B33C-545964A732E3_is1) (Version: 9.2.0.9267 - Colasoft)
Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ghost Recon (HKLM-x32\...\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Message Analyzer (HKLM\...\{93AA1795-974B-4F77-A498-D070EE66A764}) (Version: 4.0.8112.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 56.0 (x64 es-ES)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
OpenOffice 4.1.3 (HKLM-x32\...\{EF451311-C2EC-4245-911F-4847C2294A82}) (Version: 4.13.9783 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Radmin Viewer 3.5 (HKLM-x32\...\{199127DC-7BDB-41AB-825B-4229A86F8F0D}) (Version: 3.50.0000 - Famatech)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Visio 2013 (KB2817443) 32-Bit Edition (HKLM-x32\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.4.2 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.2 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3241ED0A-7522-4FDF-BDB9-B34B6180EBC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {5F6F58E3-6E2A-41CD-84AA-312E4075620C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {64C1E460-D5EB-4D08-924C-9F554AAE9AB1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6A130D8C-D0C3-4613-A487-F5BE4E9AF91C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {7CD3FC88-F5D7-49AD-8D1F-CF9761C67294} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)
Task: {B18C70F0-7F99-4F66-AE2C-59DA8CCCA544} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {CE39A31F-B86D-45E5-B068-E28A0FA8D3B1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2016-08-15] (Microsoft)
Task: {F41F53E9-F4FA-49F8-94A0-AF197D37E6B1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {FA0D53AC-6C77-4038-AC30-E302EAC343B3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-07-21 21:56 - 2017-10-08 20:51 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-20 01:14 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-22 18:04 - 2017-08-22 18:21 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 18:04 - 2017-08-22 18:21 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 18:04 - 2017-08-22 18:32 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 18:04 - 2017-08-22 18:21 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-07-21 22:11 - 2017-02-08 02:40 - 215886104 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\cstre.dll
2017-07-21 22:11 - 2017-02-08 02:40 - 000444184 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSPLC.dll
2017-07-21 22:11 - 2016-08-07 18:54 - 000069632 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\tsharkdecode.dll
2017-07-21 22:11 - 2016-08-07 19:03 - 000106496 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\zlibwapi.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000572416 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgcrypt-20.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 001019430 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgnutls-28.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000447977 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgmp-10.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000184907 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libhogweed-2-4.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000095232 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgpg-error6-0.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000182365 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libnettle-4-6.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000247415 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libp11-kit-0.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000032585 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libffi-6.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000080653 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libtasn1-6.dll
2017-07-21 22:11 - 2017-01-05 23:34 - 000090195 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\zlib1.dll
2017-07-21 22:11 - 2017-02-08 02:40 - 000119064 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSBAE.dll
2017-07-21 22:11 - 2017-02-08 02:40 - 000044824 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSCrypto.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-07-21 16:19 - 2017-07-21 16:17 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\Carlos\Imagenes\WallPapers\Wallpaper 1920x1080.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{62F7AFF4-E0E5-46DD-A98D-7D6D8D09B5CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{54DF448F-4469-4B05-8EA4-373D46309B1E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [TCP Query User{BD3C9C8C-140F-4794-8138-609AEECB948F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3288AD6B-CDEB-4D6C-AA2A-2B2F1E36EF54}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5CAEF407-E503-4C1A-B467-4D42A60BEDF1}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Block) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe
FirewallRules: [UDP Query User{81A05DC5-950A-43E1-AFA4-69B2AB5F7C0A}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Block) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe
FirewallRules: [{898E8724-E18D-4E79-910B-D3267D7FE41D}] => (Block) LPort=445
FirewallRules: [{2094D883-8186-4FC4-99A7-3A79350D49A4}] => (Block) LPort=135
FirewallRules: [{7550A20F-E117-4195-A8DC-BDF28FA3EBDE}] => (Block) LPort=139

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2017 09:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0xb34
Hora de inicio de la aplicación con errores: 0x01d34231e35538e8
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: 72be0c80-52f1-45bd-bea6-b89ad2c586a8
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (10/10/2017 09:40:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-C3QABMH)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (10/10/2017 09:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x2610
Hora de inicio de la aplicación con errores: 0x01d34231e10dc83a
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: 2ab0e12f-2ef5-4425-82e6-35a7306e9907
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (10/10/2017 09:40:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x774
Hora de inicio de la aplicación con errores: 0x01d34231debe444d
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: b99b0a39-cea5-49b7-a5f5-674e681aa43f
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (10/10/2017 09:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc000041d
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x129c
Hora de inicio de la aplicación con errores: 0x01d34231db563c79
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: ec5f06fa-bea2-4049-8f70-fe3799ebf147
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (10/10/2017 09:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x129c
Hora de inicio de la aplicación con errores: 0x01d34231db563c79
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: 4028fbd2-50b5-452b-8e6e-860953b83530
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (10/10/2017 09:39:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc
Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000000983d
Identificador del proceso con errores: 0x25b8
Hora de inicio de la aplicación con errores: 0x01d34231d80c0264
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll
Identificador del informe: 52b60199-10b0-47a0-b3d8-8af156207f8f
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (10/10/2017 07:53:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio ".NETFramework" en el archivo DLL "C:\WINDOWS\system32\mscoree.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (10/10/2017 07:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SystemSettings.exe, versión: 10.0.15063.502, marca de tiempo: 0x7c8bd05a
Nombre del módulo con errores: MusUpdateHandlers.dll, versión: 10.0.15063.674, marca de tiempo: 0x19e82d6b
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000002da9f
Identificador del proceso con errores: 0x1438
Hora de inicio de la aplicación con errores: 0x01d3422012ea793e
Ruta de acceso de la aplicación con errores: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\MusUpdateHandlers.dll
Identificador del informe: 191a19fa-6adb-4b33-a99f-d3ed4b60fb8d
Nombre completo del paquete con errores: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: microsoft.windows.immersivecontrolpanel

Error: (10/10/2017 06:44:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

System errors:
=============
Error: (10/13/2017 05:55:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.

Error: (10/13/2017 05:55:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.

Error: (10/13/2017 05:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.

Error: (10/13/2017 05:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
Solicitud no compatible.

Error: (10/13/2017 05:35:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
Solicitud no compatible.

Error: (10/13/2017 05:32:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CldFlt no pudo iniciarse debido al siguiente error:
Solicitud no compatible.

Error: (10/13/2017 05:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.

Error: (10/13/2017 05:16:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.

CodeIntegrity:
===================================
Date: 2017-10-13 18:54:40.027
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-13 18:22:01.621
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements.

Date: 2017-10-13 18:20:50.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements.

Date: 2017-10-13 17:55:53.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-13 17:54:42.182
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-13 17:43:02.331
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-13 17:36:39.808
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-13 17:21:55.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-13 17:16:13.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-13 15:15:43.331
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8100.43 MB
Available physical RAM: 4989.56 MB
Total Virtual: 9380.43 MB
Available Virtual: 5861.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.12 GB) (Free:61.23 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:400.39 GB) (Free:120.39 GB) NTFS
Drive f: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E6F6F789)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=97.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=400.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Android8888 · October 15, 2017

Hello ctom and :welcome:

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

Okay, I need you to run a new scan with Malwarebytes.

Open Malwarebytes;
On the left pane select Settings;
Select the Protection tab;
Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please attach the new log in your next reply.

Please delete the current FRST64 executable and delete also the folder C:\FRST and both logs (FRST.txt and Addition.txt).
Now download a new version of FRST (64-bit) from here, perform a new scan and attach the new set of logs (FRST.txt and Addition.txt) in your next reply.

After you execute the above instructions please tell me exactly what issues or symptoms are you still experiencing in the computer.

Thank you

Rui

ctom · October 16, 2017

Hi Rui thanks,

Attach the requested files, any infection detected by malwarebytes.

Symptoms:

The screen blinking and the mouse pointer moved and pointed to some icons on my desktop, i had no control of their movement (disconnect the internet regain control)
In some cases when i try to write on a web page, for example, an email, the keyborad is blocked and does not write anything, (i disconnect the internet and i can rewrite)

Other indirectly related events:

In my facebook account appeared among my contacts people who did no follow (I change the password).
In my twitter account same case (I change the password).

On one occasion the security log of the event viewer was deleted, even if it is configured to overwrite, the operating system log when it was deleted, in this case reinstall the operating system.

Thanks for you support.

Carlos.

report.txt

Addition.txt

FRST.txt

Android8888 · October 16, 2017

Hello Carlos and thank you for the logs.

Sorry about the delay in responding.

In case you need to restore your system to a previous state it is always better an infected restore point than none so the first thing to do is enable System Restore and create a new restore point:
Enable and Create a System Restore Point

Next,

Please download Malwarebytes Anti-Rootkit and extract it to your desktop (MBAR will be launched shortly after the extraction)
Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next
Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while)
Credits: Aura
Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required)
After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
Please attach that log in your next reply for my review.

How is the computer behavior? Same symptoms?

Rui

ctom · October 17, 2017

Hi Rui, Thanks again

Attach the requested files, any infection detected by anti-rootkit

The symptoms are similar to this one:

Specifically the following:

When I block the computer (screensaver), the screen shuts off and reactivates constantly without touching the keyboard or mouse, even though it is set to suspend the monitor in 20 minutes, is suspended in one minute or less, as if the hard disk was constantly activated.
My hard disk is continuously working excessively hard as soon as I'm idling from it. For the most part this stops as soon as I interact with it again, like moving the mouse or something.

Since the event viewer reported that they had deleted the security logs I decided to reinstall the operating system, but since this new incident I suspect that it may be some persistent malicios code.

I uninstall the malwarebytes product and reinstaled it in safe mode (Operating system), but the scan did not throw any infections.

I can not update the BIOS because the update is no compatible with windows 10.

The initial symptom has not appeared again (remote control), which does not mean that it does not continue there, what else can I do to detect what is happening?

Thank you so much.

P.D. Sorry for my english, is not my native language.

mbar-log-2017-10-16 (18-14-54).txt

Android8888 · October 17, 2017

Hello Carlos.

I'm wondering why do you need to update the BIOS of your computer. It’s a myth that BIOS updates somehow make your computer faster or run better. If you specifically need to install new hardware that is not recognized by your motherboard, then it’s probably worth taking the risk to install it. If not, then you should simply stick with your current BIOS because the new BIOS won’t make any difference and could actually cause more problems.

Okay, please continue with the following instructions and perform the steps below:

Please download AdwCleaner and move it to your Desktop
Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please attach that log in your next reply.

Next,

Download Junkware Removal Tool (JRT) and move it to your Desktop
Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Press on any key to launch the scan and let it complete

Credits: Bleeping Computer and Aura
Once the scan is complete, a log will open. Please attach the log in your next reply.

Next,

Download the right version of RogueKiller for your Windows version (32 or 64-bit);
Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner);
Wait for the scan to complete;
On completion, the results will be displayed. Note: Do NOT remove anything it finds. The entries are not all bad;
Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner);
This will open the report in Notepad. Please attach the log in your next reply;

Please attach the AdwCleaner clean log, the JRT log and the RogueKiller scan log for my review.

Thank you.

Rui

ctom · October 18, 2017

Hi Rui,

AdwCleaner throw no infections.

JRT even though I run it as admin I get this message:

I ran it also in safe mode (operating system) but it throws the same message, anyway attached the log.

The RogueKiller program seems to find something.

I want to update the BIOS because I have read that some malware are hiding in this sector to survive formatting the hard drive and to able to infect the system again. I wanted to do it as a preventive measure.

Thanks again.

AdwCleaner[S0].txt

JRT.txt

RogueKiller_Log1.txt

Android8888 · October 18, 2017

Hi Carlos,

What RogueKiller found is safe. At this point I don't think your computer is infected.

Do the initial symptoms (remote control) remain?

ctom · October 18, 2017

Hi Rui,

No, since the report has not been repeated, except for the symtoms that tell you about the hard disk.

Maybe some application that I have installed has a backdoor and does not detect it. (It is very frustrating not to know what happens)

Anyway thank you for your support.

Any additional recommendations would appreciate it.

Regards,

Android8888 · October 19, 2017

Hello Carlos,

Okay, let's try one last scan using the Sophos Virus Removal Tool and then I will give you some recommendations for how to protect your computer in order to prevent future malware infections.

Now, this is a very thorough scan and may take several hours to complete but it is worth it.

The tool scans the following areas of your computer:

Memory, including system memory on 32-bit (x86) versions of Windows
The Windows registry
All local hard drives, fixed and removable
Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

Right-click the icon and select Run as administrator.
Click Yes to accept any security warnings that may appear.
Click the Next button.
Select 'I accept the terms in the license agreement', then click Next twice.
Click the Install button and wait until the installation is complete.
Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
Click Yes to accept any security warnings that may appear.
After it updates and a "Start Scanning" button appears in the lower right:
- Disconnect from the Internet or physically unplug your Internet cable connection.
- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
- Temporarily disable your anti-virus and real-time anti-spyware protection.

Click the "Start Scanning" button in the lower right to start the scan.
After starting the scan, do not use the computer until the scan has completed.
When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
If any threats are found click Details, then View Log file (bottom left-hand corner).
Copy and paste its contents in your next reply and note any errors encountered.
Close the Notepad document, close the Threat Details screen, then click Start cleanup.
Click Exit to close the program.
If no threats were found, please confirm that result.

Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

Please let me know the final result of this scan.

If threats are found, please post the contents of the log in your next reply.

Thank you,

Rui

ctom · October 19, 2017

Hi Rui,

There is not infection according to the tool.

I remain available to implement any additional recommendations.

Thank you again.

Android8888 · October 20, 2017

Hi Carlos,

Thank you for your feedback. Your computer appears to be clean and malware free.

Since there are no signs of infection anymore in your logs, I suggest you check for outdated programs. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer.

To do that you can download, install and run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

After doing that you can now remove the tools we used in this clean-up by running DelFix.

Follow the instructions below to download and execute DelFix.

Download DelFix and move the executable to your Desktop;
Right-click on DelFix.exe and select Run as Administrator;
Check the following options :
- Activate UAC (This option will activate the User Account Control feature).
- Remove disinfection tools (this option will remove the tools used in the cleaning process).
- Create registry backup (this option will create a backup from the Windows Registry).
- Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
- Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
Once the options mentioned above are checked, click on Run;
After DelFix is done running, a log will open. I do not need to see the log file, so close it and delete it.

You can also delete other logs or tools which DelFix is not able to remove.

If all is well with the computer, below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your AntiVirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain check-boxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free.

Are there any issues or concerns to deal with or can we close the topic?

Rui

ctom · October 21, 2017

Hi Rui,

Thank you very much for the recommendations, I will put them into practice.

For the moment I dont have more concerns, we can close the topic.

Thanks again.

Regards,

Android8888 · October 21, 2017

You're most welcome Carlos!

Come back whenever you need.

Kindly Regards,

Rui

ctom · November 2, 2017

Hi Rui,

I have a question:

I applied the recommendations you gave me and doing a system check I discover the following:

With the tool "Process Explorer" of Sysinternals the following services and processes appear "Listening" to an external URL (fr.a2dfp.net)

wininit.exe
services.exe
svchost (remote call procedure RPC)
svchost (schedule)
svchost (eventlog)
svchost (CDPsvc)
svchost (EFS)
svchost (W32Time)
vmms (virtual machine management)
Isass

(I attach the images)

This URL fr.a2dfp.net appear blocked in the host file of MVPS HOSTS (c:\windows\system32\drivers\etc\hosts), Does this mean that the system is infected?

Thank you again.

Regards,

Android8888 · November 2, 2017

Hello Carlos.

4 hours ago, ctom said:

This URL fr.a2dfp.net appear blocked in the host file of MVPS HOSTS (c:\windows\system32\drivers\etc\hosts), Does this mean that the system is infected?

No. This URL appears to be legit. It belongs to Google Cloud.

VirusTotal
URLVoid

Also see here

However, some legit URL's contains tracking cookies to track and monitor users activity on the Internet or even some advertisements and this could be the reason to be listed in MVPS HOSTS file. But that doesn't mean that the URL is considered malicious by itself.

ctom · November 3, 2017

Thank you Rui.

Android8888 · November 3, 2017

You're welcome!

AdvancedSetup · December 2, 2017

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Intruder takes control of my computer

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information