Jump to content

ctom

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by ctom

  1. Hi Rui, I have a question: I applied the recommendations you gave me and doing a system check I discover the following: With the tool "Process Explorer" of Sysinternals the following services and processes appear "Listening" to an external URL (fr.a2dfp.net) wininit.exe services.exe svchost (remote call procedure RPC) svchost (schedule) svchost (eventlog) svchost (CDPsvc) svchost (EFS) svchost (W32Time) vmms (virtual machine management) Isass (I attach the images) This URL fr.a2dfp.net appear blocked in the host file of MVPS HOSTS (c:\windows\system32\drivers\etc\hosts), Does this mean that the system is infected? Thank you again. Regards,
  2. Hi Rui, Thank you very much for the recommendations, I will put them into practice. For the moment I dont have more concerns, we can close the topic. Thanks again. Regards,
  3. Hi Rui, There is not infection according to the tool. I remain available to implement any additional recommendations. Thank you again.
  4. Hi Rui, No, since the report has not been repeated, except for the symtoms that tell you about the hard disk. Maybe some application that I have installed has a backdoor and does not detect it. (It is very frustrating not to know what happens) Anyway thank you for your support. Any additional recommendations would appreciate it. Regards,
  5. Hi Rui, AdwCleaner throw no infections. JRT even though I run it as admin I get this message: I ran it also in safe mode (operating system) but it throws the same message, anyway attached the log. The RogueKiller program seems to find something. I want to update the BIOS because I have read that some malware are hiding in this sector to survive formatting the hard drive and to able to infect the system again. I wanted to do it as a preventive measure. Thanks again. AdwCleaner[S0].txt JRT.txt RogueKiller_Log1.txt
  6. Hi Rui, Thanks again Attach the requested files, any infection detected by anti-rootkit The symptoms are similar to this one: Specifically the following: When I block the computer (screensaver), the screen shuts off and reactivates constantly without touching the keyboard or mouse, even though it is set to suspend the monitor in 20 minutes, is suspended in one minute or less, as if the hard disk was constantly activated. My hard disk is continuously working excessively hard as soon as I'm idling from it. For the most part this stops as soon as I interact with it again, like moving the mouse or something. Since the event viewer reported that they had deleted the security logs I decided to reinstall the operating system, but since this new incident I suspect that it may be some persistent malicios code. I uninstall the malwarebytes product and reinstaled it in safe mode (Operating system), but the scan did not throw any infections. I can not update the BIOS because the update is no compatible with windows 10. The initial symptom has not appeared again (remote control), which does not mean that it does not continue there, what else can I do to detect what is happening? Thank you so much. P.D. Sorry for my english, is not my native language. mbar-log-2017-10-16 (18-14-54).txt
  7. Hi Rui thanks, Attach the requested files, any infection detected by malwarebytes. Symptoms: The screen blinking and the mouse pointer moved and pointed to some icons on my desktop, i had no control of their movement (disconnect the internet regain control) In some cases when i try to write on a web page, for example, an email, the keyborad is blocked and does not write anything, (i disconnect the internet and i can rewrite) Other indirectly related events: In my facebook account appeared among my contacts people who did no follow (I change the password). In my twitter account same case (I change the password). On one occasion the security log of the event viewer was deleted, even if it is configured to overwrite, the operating system log when it was deleted, in this case reinstall the operating system. Thanks for you support. Carlos. report.txt Addition.txt FRST.txt
  8. Hi everybody, In last days an intruder connected to my computer, he moved the mouse and I take control of the computer. (like remote control tool). Immediately disconnect the internet but I don't know how does he connects, scan with malwarebytes 3.2.2 but does not throw any infections. Could they help me detect the infection? My configuration: Windows 10 Profesional (updated) Malwarebytes 3.2.2 Windows Defender (updated) Sorry for my English. Thanks, This is FRST log: ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> Secure System (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Corporation) C:\Windows\System32\vmcompute.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe (Sysinternals - www.sysinternals.com) C:\Users\Carlos\Desktop\Administrative Tools\SysinternalsSuite\Tcpview.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe (Colasoft) C:\Program Files\Colasoft Capsa 9 Free Edition\Capsa.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-08-01] (QFX Software Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd) Startup: C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-08-06] ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 200.44.32.12 200.109.78.12 Tcpip\..\Interfaces\{47f83b5f-5075-4c7c-bfbd-e5d9b11f2ea0}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{47f83b5f-5075-4c7c-bfbd-e5d9b11f2ea0}: [DhcpNameServer] 200.44.32.12 200.109.78.12 Tcpip\..\Interfaces\{d618db93-f575-47c0-b94b-ecec0613a142}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{d618db93-f575-47c0-b94b-ecec0613a142}: [DhcpNameServer] 200.44.32.12 200.109.78.12 Internet Explorer: ================== BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 7r0571km.default FF ProfilePath: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default [2017-10-13] FF NetworkProxy: Mozilla\Firefox\Profiles\7r0571km.default -> type", 4 FF Extension: (Flash Block (Plus)) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\jid1-n8wH2cBfc2QaUj@jetpack.xpi [2017-07-25] FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-06] FF Extension: (NoScript) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-10-01] FF Extension: (Tamper Data) - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\7r0571km.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2017-07-25] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2231296 2017-07-24] (Microsoft Corporation) R2 vmms; C:\WINDOWS\system32\vmms.exe [14415360 2017-07-28] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Capsax64Drv; C:\WINDOWS\System32\Drivers\Capsax64Drv.sys [44312 2016-09-01] (Colasoft Co., Ltd.) R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [22016 2017-07-24] (Microsoft Corporation) R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation) S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23552 2017-07-24] (Microsoft Corporation) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-13] (Malwarebytes) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [25088 2017-07-24] (Microsoft Corporation) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2017-07-24] (Microsoft Corporation) U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [84792 2017-10-13] (Sysinternals - www.sysinternals.com) S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-07-24] (Microsoft Corporation) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31232 2017-07-24] (Microsoft Corporation) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [14368 1999-09-14] () [File not signed] R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [104448 2017-07-24] (Microsoft Corporation) S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [31232 2017-07-24] (Microsoft Corporation) R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-07-24] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S3 wfpcapture; C:\WINDOWS\System32\Drivers\wfpcapture.sys [64728 2016-10-21] (Microsoft Corporation) S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-13 18:54 - 2017-10-13 18:55 - 000061852 _____ C:\TDSSKiller.3.1.0.15_13.10.2017_18.54.34_log.txt 2017-10-13 18:19 - 2017-10-13 15:17 - 000001827 _____ C:\Users\Carlos\Desktop\Wireshark.lnk 2017-10-13 15:17 - 2017-10-13 17:13 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\Wireshark 2017-10-13 15:17 - 2017-10-13 15:17 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2017-10-13 15:17 - 2017-10-13 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2017-10-13 15:17 - 2017-10-13 15:17 - 000000000 ____D C:\Program Files (x86)\WinPcap 2017-10-13 15:16 - 2017-10-13 15:17 - 000000000 ____D C:\Program Files\Wireshark 2017-10-13 15:03 - 2017-10-13 15:13 - 057888880 _____ (Wireshark development team) C:\Users\Carlos\Downloads\Wireshark-win64-2.4.2.exe 2017-10-10 22:13 - 2017-10-13 10:23 - 000084792 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS 2017-10-10 20:41 - 2017-10-10 20:48 - 005365960 _____ (COMODO) C:\Users\Carlos\Downloads\cfw_installer_6106_53.exe 2017-10-10 18:43 - 2017-10-10 18:43 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-10-10 18:29 - 2017-09-30 01:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-10-10 18:29 - 2017-09-30 01:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-10-10 18:29 - 2017-09-30 01:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-10-10 18:29 - 2017-09-30 01:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-10-10 18:29 - 2017-09-30 01:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-10-10 18:29 - 2017-09-30 01:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-10-10 18:29 - 2017-09-30 01:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-10-10 18:29 - 2017-09-30 01:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2017-10-10 18:29 - 2017-09-30 01:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-10-10 18:29 - 2017-09-30 01:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2017-10-10 18:29 - 2017-09-30 01:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-10-10 18:29 - 2017-09-30 01:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2017-10-10 18:29 - 2017-09-30 01:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-10-10 18:29 - 2017-09-30 01:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2017-10-10 18:29 - 2017-09-30 01:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-10-10 18:29 - 2017-09-30 01:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2017-10-10 18:29 - 2017-09-30 01:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-10-10 18:29 - 2017-09-30 01:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2017-10-10 18:29 - 2017-09-30 01:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-10-10 18:29 - 2017-09-30 01:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-10-10 18:29 - 2017-09-29 22:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-10-10 18:29 - 2017-09-29 22:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2017-10-10 18:29 - 2017-09-29 22:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2017-10-10 18:29 - 2017-09-29 22:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-10-10 18:29 - 2017-09-29 22:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-10-10 18:29 - 2017-09-29 22:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-10-10 18:29 - 2017-09-29 22:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-10-10 18:29 - 2017-09-29 22:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-10-10 18:29 - 2017-09-29 22:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-10-10 18:29 - 2017-09-29 22:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-10-10 18:29 - 2017-09-29 22:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2017-10-10 18:29 - 2017-09-29 22:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-10-10 18:29 - 2017-09-29 22:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-10-10 18:29 - 2017-09-29 22:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2017-10-10 18:29 - 2017-09-29 22:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2017-10-10 18:29 - 2017-09-29 22:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-10-10 18:29 - 2017-09-29 22:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-10-10 18:29 - 2017-09-29 22:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2017-10-10 18:29 - 2017-09-29 22:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-10-10 18:29 - 2017-09-29 22:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-10-10 18:29 - 2017-09-29 22:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2017-10-10 18:29 - 2017-09-29 22:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-10-10 18:29 - 2017-09-29 22:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-10-10 18:29 - 2017-09-29 22:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-10-10 18:29 - 2017-09-29 22:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-10-10 18:29 - 2017-09-29 22:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2017-10-10 18:29 - 2017-09-29 22:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll 2017-10-10 18:29 - 2017-09-29 22:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-10-10 18:29 - 2017-09-29 22:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-10-10 18:29 - 2017-09-29 22:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2017-10-10 18:29 - 2017-09-29 03:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-10-10 18:29 - 2017-09-29 03:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-10-10 18:29 - 2017-09-29 03:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2017-10-10 18:29 - 2017-09-29 03:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-10-10 18:29 - 2017-09-29 03:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2017-10-10 18:29 - 2017-09-29 03:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-10-10 18:29 - 2017-09-29 03:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-10-10 18:29 - 2017-09-29 03:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-10-10 18:29 - 2017-09-29 03:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll 2017-10-10 18:29 - 2017-09-29 03:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-10-10 18:29 - 2017-09-29 03:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-10-10 18:29 - 2017-09-29 03:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-10-10 18:29 - 2017-09-29 03:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-10-10 18:29 - 2017-09-29 03:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-10-10 18:29 - 2017-09-29 03:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2017-10-10 18:29 - 2017-09-29 03:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-10-10 18:29 - 2017-09-29 03:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2017-10-10 18:29 - 2017-09-29 03:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2017-10-10 18:29 - 2017-09-29 03:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-10-10 18:29 - 2017-09-29 03:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-10-10 18:29 - 2017-09-29 03:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-10-10 18:29 - 2017-09-29 03:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-10-10 18:29 - 2017-09-29 03:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-10-10 18:29 - 2017-09-29 03:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-10-10 18:29 - 2017-09-29 03:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-10-10 18:29 - 2017-09-29 03:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2017-10-10 18:29 - 2017-09-29 03:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-10-10 18:29 - 2017-09-29 03:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-10-10 18:29 - 2017-09-29 03:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2017-10-10 18:29 - 2017-09-29 03:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-10-10 18:29 - 2017-09-29 03:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2017-10-10 18:29 - 2017-09-29 03:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-10-10 18:29 - 2017-09-29 03:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-10-10 18:29 - 2017-09-29 03:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll 2017-10-10 18:29 - 2017-09-29 03:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-10-10 18:29 - 2017-09-29 03:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-10-10 18:29 - 2017-09-29 03:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll 2017-10-10 18:29 - 2017-09-29 03:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-10-10 18:29 - 2017-09-29 03:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2017-10-10 18:29 - 2017-09-29 03:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-10-10 18:29 - 2017-09-29 03:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-10-10 18:29 - 2017-09-29 03:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-10-10 18:29 - 2017-09-29 03:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-10-10 18:29 - 2017-09-29 03:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2017-10-10 18:29 - 2017-09-29 03:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2017-10-10 18:29 - 2017-09-29 03:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2017-10-10 18:29 - 2017-09-29 03:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-10-10 18:29 - 2017-09-29 03:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll 2017-10-10 18:29 - 2017-09-29 03:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-10-10 18:29 - 2017-09-29 03:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2017-10-10 18:29 - 2017-09-29 03:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2017-10-10 18:29 - 2017-09-29 03:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2017-10-10 18:29 - 2017-09-29 03:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-10-10 18:29 - 2017-09-29 03:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2017-10-10 18:29 - 2017-09-29 03:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2017-10-10 18:29 - 2017-09-29 03:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe 2017-10-10 18:29 - 2017-09-29 03:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-10-10 18:29 - 2017-09-29 03:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2017-10-10 18:29 - 2017-09-29 03:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll 2017-10-10 18:29 - 2017-09-29 03:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-10-10 18:29 - 2017-09-29 03:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-10-10 18:29 - 2017-09-29 03:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-10-10 18:29 - 2017-09-29 03:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2017-10-10 18:29 - 2017-09-29 03:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-10-10 18:29 - 2017-09-29 03:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-10-10 18:29 - 2017-09-29 03:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-10-10 18:29 - 2017-09-29 03:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-10-10 18:29 - 2017-09-29 03:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-10-10 18:29 - 2017-09-29 03:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2017-10-10 18:29 - 2017-09-29 03:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2017-10-10 18:29 - 2017-09-29 03:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-10-10 18:29 - 2017-09-29 03:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2017-10-10 18:29 - 2017-09-29 03:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2017-10-10 18:29 - 2017-09-29 03:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2017-10-10 18:29 - 2017-09-29 03:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-10-10 18:29 - 2017-09-29 03:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2017-10-10 18:29 - 2017-09-29 03:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2017-10-10 18:29 - 2017-09-29 03:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe 2017-10-10 18:29 - 2017-09-29 03:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe 2017-10-10 18:29 - 2017-09-29 03:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe 2017-10-10 18:29 - 2017-09-29 01:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-10-10 18:29 - 2017-09-29 01:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls 2017-10-10 18:29 - 2017-09-20 11:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-10-10 18:29 - 2017-09-20 11:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-10-10 18:29 - 2017-09-20 11:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-10-10 18:29 - 2017-09-18 19:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2017-10-10 18:29 - 2017-09-18 18:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2017-10-10 18:29 - 2017-09-18 18:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll 2017-10-10 18:29 - 2017-09-18 18:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2017-10-10 18:28 - 2017-09-30 01:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-10-10 18:28 - 2017-09-30 01:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2017-10-10 18:28 - 2017-09-30 01:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-10-10 18:28 - 2017-09-30 01:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-10-10 18:28 - 2017-09-30 01:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-10-10 18:28 - 2017-09-30 01:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2017-10-10 18:28 - 2017-09-30 01:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-10-10 18:28 - 2017-09-30 01:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-10-10 18:28 - 2017-09-30 01:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-10-10 18:28 - 2017-09-30 01:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-10-10 18:28 - 2017-09-30 01:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-10-10 18:28 - 2017-09-30 01:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-10-10 18:28 - 2017-09-30 01:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2017-10-10 18:28 - 2017-09-30 01:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-10-10 18:28 - 2017-09-30 01:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2017-10-10 18:28 - 2017-09-30 01:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-10-10 18:28 - 2017-09-30 01:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-10-10 18:28 - 2017-09-30 01:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-10-10 18:28 - 2017-09-30 01:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-10-10 18:28 - 2017-09-30 01:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-10-10 18:28 - 2017-09-30 01:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-10-10 18:28 - 2017-09-30 01:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-10-10 18:28 - 2017-09-30 01:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2017-10-10 18:28 - 2017-09-30 01:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-10-10 18:28 - 2017-09-30 01:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2017-10-10 18:28 - 2017-09-30 01:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe 2017-10-10 18:28 - 2017-09-30 01:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-10-10 18:28 - 2017-09-30 01:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-10-10 18:28 - 2017-09-30 01:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-10-10 18:28 - 2017-09-30 01:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-10-10 18:28 - 2017-09-30 01:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-10-10 18:28 - 2017-09-30 01:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll 2017-10-10 18:28 - 2017-09-30 01:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-10-10 18:28 - 2017-09-30 01:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-10-10 18:28 - 2017-09-30 01:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-10-10 18:28 - 2017-09-30 01:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-10-10 18:28 - 2017-09-29 03:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-10-10 18:28 - 2017-09-29 03:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-10-10 18:28 - 2017-09-29 03:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2017-10-10 18:28 - 2017-09-29 03:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-10-10 18:28 - 2017-09-29 03:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2017-10-10 18:28 - 2017-09-29 03:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-10-10 18:28 - 2017-09-29 03:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-10-10 18:28 - 2017-09-29 03:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-10-10 18:28 - 2017-09-29 03:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll 2017-10-10 18:28 - 2017-09-29 03:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-10-10 18:28 - 2017-09-29 03:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-10-10 18:28 - 2017-09-29 03:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2017-10-10 18:28 - 2017-09-29 03:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-10-10 18:28 - 2017-09-29 03:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-10-10 18:28 - 2017-09-29 03:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2017-10-10 18:28 - 2017-09-29 03:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2017-10-10 18:28 - 2017-09-29 03:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-10-10 18:28 - 2017-09-29 03:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2017-10-10 18:28 - 2017-09-29 03:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe 2017-10-10 18:28 - 2017-09-29 03:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-10-10 18:28 - 2017-09-29 03:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-10-10 18:28 - 2017-09-29 03:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-10-10 18:28 - 2017-09-29 03:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2017-10-10 18:28 - 2017-09-29 03:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-10-10 18:28 - 2017-09-29 03:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2017-10-10 18:28 - 2017-09-29 03:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll 2017-10-10 18:28 - 2017-09-29 03:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2017-10-10 18:28 - 2017-09-29 03:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2017-10-10 18:28 - 2017-09-29 03:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-10-10 18:28 - 2017-09-29 03:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-10-10 18:28 - 2017-09-29 03:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-10-10 18:28 - 2017-09-29 03:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-10-10 18:28 - 2017-09-29 03:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-10-10 18:28 - 2017-09-29 03:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll 2017-10-10 18:28 - 2017-09-29 03:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe 2017-10-10 18:28 - 2017-09-29 03:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-10-10 18:28 - 2017-09-29 03:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2017-10-10 18:28 - 2017-09-29 03:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2017-10-10 18:28 - 2017-09-29 03:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-10-10 18:28 - 2017-09-29 03:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-10-10 18:28 - 2017-09-29 03:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2017-10-10 18:28 - 2017-09-29 03:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-10-10 18:28 - 2017-09-29 03:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-10-10 18:28 - 2017-09-29 03:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-10-10 18:28 - 2017-09-29 03:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-10-10 18:28 - 2017-09-29 03:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe 2017-10-10 18:28 - 2017-09-29 03:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2017-10-10 18:28 - 2017-09-29 03:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-10-10 18:28 - 2017-09-29 03:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2017-10-10 18:28 - 2017-09-29 03:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2017-10-10 18:28 - 2017-09-29 03:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-10-10 18:28 - 2017-09-29 03:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll 2017-10-10 18:28 - 2017-09-29 03:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-10-10 18:28 - 2017-09-29 03:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-10-10 18:28 - 2017-09-29 03:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-10-10 18:28 - 2017-09-29 03:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-10-10 18:28 - 2017-09-29 03:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll 2017-10-10 18:28 - 2017-09-29 03:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2017-10-10 18:28 - 2017-09-29 03:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll 2017-10-10 18:28 - 2017-09-29 03:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll 2017-10-10 18:28 - 2017-09-29 03:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2017-10-10 18:28 - 2017-09-29 03:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2017-10-10 18:28 - 2017-09-29 03:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-10-10 18:28 - 2017-09-29 03:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-10-10 18:28 - 2017-09-29 03:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2017-10-10 18:28 - 2017-09-29 03:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2017-10-10 18:28 - 2017-09-29 03:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2017-10-10 18:28 - 2017-09-29 03:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2017-10-10 18:28 - 2017-09-29 03:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe 2017-10-10 18:28 - 2017-09-18 19:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-10-10 18:28 - 2017-09-18 19:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2017-10-10 18:28 - 2017-09-18 19:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-10-10 18:28 - 2017-09-18 19:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2017-10-10 18:28 - 2017-09-18 19:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2017-10-10 18:28 - 2017-09-18 19:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-10-10 18:28 - 2017-09-18 19:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2017-10-10 18:28 - 2017-09-18 18:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2017-10-10 18:28 - 2017-09-18 18:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2017-10-10 18:28 - 2017-09-18 18:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2017-10-10 15:12 - 2017-10-13 17:47 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-10-09 23:37 - 2017-10-13 19:38 - 000000000 ____D C:\FRST 2017-10-08 21:03 - 2017-10-08 21:03 - 000023404 _____ C:\Users\Carlos\Downloads\thedarktower2017720pblurayx264-ytsag-spanish-115368.zip 2017-10-05 13:00 - 2017-10-06 10:30 - 000000000 ____D C:\Program Files\Recuva 2017-10-05 12:59 - 2017-10-05 13:00 - 005562976 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\rcsetup153.exe 2017-10-05 12:49 - 2017-10-05 12:49 - 000167773 _____ C:\Users\Carlos\Downloads\Restoration.zip 2017-09-22 22:22 - 2017-09-22 22:23 - 009809688 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\ccsetup535.exe 2017-09-18 16:17 - 2017-09-18 16:17 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\Macromedia 2017-09-18 15:32 - 2017-09-22 22:24 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-09-18 15:32 - 2017-09-18 15:32 - 000002878 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-09-18 15:32 - 2017-09-18 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-09-18 15:32 - 2017-09-18 15:32 - 000000000 ____D C:\Program Files\CCleaner 2017-09-18 15:22 - 2017-09-18 15:24 - 009826968 _____ (Piriform Ltd) C:\Users\Carlos\Downloads\ccsetup534.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-13 19:39 - 2016-11-09 20:01 - 000000000 ____D C:\Temporal 2017-10-13 19:33 - 2016-11-15 20:00 - 000000000 ____D C:\Users\Carlos\Desktop\Desktop Work 2017-10-13 17:56 - 2017-07-21 22:11 - 000000000 ____D C:\Program Files\Colasoft Capsa 9 Free Edition 2017-10-13 17:47 - 2017-07-21 21:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-10-13 17:47 - 2017-07-21 16:08 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2017-10-13 15:16 - 2017-07-21 22:11 - 000000000 ____D C:\ProgramData\Package Cache 2017-10-13 15:06 - 2016-11-15 20:02 - 000000000 ___RD C:\Users\Carlos\Desktop\Administrative Tools 2017-10-13 10:33 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\rescache 2017-10-13 10:30 - 2017-07-21 21:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-10-12 17:54 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2017-10-11 19:01 - 2017-07-21 16:18 - 000000000 ___HD C:\Program Files\WindowsApps 2017-10-11 19:01 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-10-11 18:53 - 2017-07-21 16:17 - 000000000 ____D C:\WINDOWS\INF 2017-10-10 21:41 - 2017-07-22 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2017-10-10 19:55 - 2017-08-14 12:44 - 000001183 _____ C:\Users\Carlos\Desktop\Microsoft Message Analyzer.lnk 2017-10-10 19:21 - 2016-11-14 20:31 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-10-10 19:19 - 2017-07-21 21:42 - 003749892 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-10-10 19:19 - 2017-07-21 16:23 - 001832350 _____ C:\WINDOWS\system32\perfh00A.dat 2017-10-10 19:19 - 2017-07-21 16:23 - 000467016 _____ C:\WINDOWS\system32\perfc00A.dat 2017-10-10 19:16 - 2017-07-21 21:28 - 000421752 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\Provisioning 2017-10-10 19:13 - 2017-07-21 16:18 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2017-10-10 19:12 - 2017-07-21 16:19 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2017-10-10 19:12 - 2017-07-21 16:19 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2017-10-10 18:45 - 2017-07-21 22:25 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-10-10 18:43 - 2017-07-21 22:25 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-10-10 18:43 - 2017-07-21 16:11 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-10-10 18:39 - 2017-07-21 16:18 - 000000167 _____ C:\WINDOWS\win.ini 2017-10-09 23:05 - 2017-02-21 17:48 - 000000000 ___RD C:\Users\Carlos\Desktop\Journal 2017-10-08 22:38 - 2017-07-22 00:32 - 000000000 ____D C:\Users\Carlos\AppData\Roaming\vlc 2017-10-08 20:51 - 2017-07-21 21:56 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-10-07 00:56 - 2017-07-21 21:35 - 000000000 ____D C:\Users\Carlos 2017-10-05 12:06 - 2017-08-26 14:19 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-10-05 12:06 - 2017-07-21 23:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-05 08:58 - 2017-07-21 22:11 - 000001166 _____ C:\Users\Carlos\Desktop\Colasoft Capsa 9 Free.lnk 2017-09-29 22:10 - 2016-07-16 08:58 - 000395312 __RSH C:\bootmgr 2017-09-22 12:07 - 2017-07-27 11:29 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4132324553-1498383444-2591444562-1001 2017-09-22 12:07 - 2017-07-21 21:44 - 000002411 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-09-22 12:07 - 2016-11-14 20:33 - 000000000 ___RD C:\Users\Carlos\OneDrive 2017-09-21 09:34 - 2017-09-07 07:02 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-09-21 09:34 - 2017-09-07 07:02 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-09-14 09:41 - 2016-11-15 21:40 - 000001510 _____ C:\Users\Carlos\Desktop\Tcpview.lnk ==================== Files in the root of some directories ======= 2017-07-22 13:29 - 2017-10-13 14:49 - 000007671 _____ () C:\Users\Carlos\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-11 22:49 ==================== End of FRST.txt ============================ And this is addition log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017 Ran by Carlos (13-10-2017 19:39:55) Running from D:\Users\Carlos\Documents\CaseWork\Abiertos\11. Antivirus y Seguridad\Aplicaciones Windows 10 Pro Version 1703 170317-1834 (X64) (2017-07-22 01:41:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-4132324553-1498383444-2591444562-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4132324553-1498383444-2591444562-503 - Limited - Disabled) defaultuser0 (S-1-5-21-4132324553-1498383444-2591444562-1000 - Limited - Disabled) => C:\Users\defaultuser0 Invitado (S-1-5-21-4132324553-1498383444-2591444562-501 - Limited - Disabled) Carlos (S-1-5-21-4132324553-1498383444-2591444562-1001 - Administrator - Enabled) => C:\Users\Carlos ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform) Centro de Mouse y Teclado de Microsoft (HKLM\...\{E5665840-466D-4B22-A5E5-00C73BFDAC03}) (Version: 2.8.106.0 - Microsoft Corporation) Hidden Centro de Mouse y Teclado de Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation) Colasoft Capsa 9 Free (HKLM\...\6764EB45-A821-4F9B-B33C-545964A732E3_is1) (Version: 9.2.0.9267 - Colasoft) Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation) Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Ghost Recon (HKLM-x32\...\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}) (Version: - ) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft Message Analyzer (HKLM\...\{93AA1795-974B-4F77-A498-D070EE66A764}) (Version: 4.0.8112.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 56.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 56.0 (x64 es-ES)) (Version: 56.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla) OpenOffice 4.1.3 (HKLM-x32\...\{EF451311-C2EC-4245-911F-4847C2294A82}) (Version: 4.13.9783 - Apache Software Foundation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation) Radmin Viewer 3.5 (HKLM-x32\...\{199127DC-7BDB-41AB-825B-4229A86F8F0D}) (Version: 3.50.0000 - Famatech) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Service Pack 1 for Microsoft Visio 2013 (KB2817443) 32-Bit Edition (HKLM-x32\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wireshark 2.4.2 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.2 - The Wireshark developer community, hxxps://www.wireshark.org) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3241ED0A-7522-4FDF-BDB9-B34B6180EBC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {5F6F58E3-6E2A-41CD-84AA-312E4075620C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation) Task: {64C1E460-D5EB-4D08-924C-9F554AAE9AB1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {6A130D8C-D0C3-4613-A487-F5BE4E9AF91C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {7CD3FC88-F5D7-49AD-8D1F-CF9761C67294} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation) Task: {B18C70F0-7F99-4F66-AE2C-59DA8CCCA544} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd) Task: {CE39A31F-B86D-45E5-B068-E28A0FA8D3B1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2016-08-15] (Microsoft) Task: {F41F53E9-F4FA-49F8-94A0-AF197D37E6B1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation) Task: {FA0D53AC-6C77-4038-AC30-E302EAC343B3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-07-21 21:56 - 2017-10-08 20:51 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 16:59 - 2017-03-20 01:14 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-22 18:04 - 2017-08-22 18:21 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-22 18:04 - 2017-08-22 18:21 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-22 18:04 - 2017-08-22 18:32 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-22 18:04 - 2017-08-22 18:21 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll 2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-07-21 22:11 - 2017-02-08 02:40 - 215886104 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\cstre.dll 2017-07-21 22:11 - 2017-02-08 02:40 - 000444184 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSPLC.dll 2017-07-21 22:11 - 2016-08-07 18:54 - 000069632 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\tsharkdecode.dll 2017-07-21 22:11 - 2016-08-07 19:03 - 000106496 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\zlibwapi.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000572416 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgcrypt-20.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 001019430 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgnutls-28.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000447977 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgmp-10.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000184907 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libhogweed-2-4.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000095232 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libgpg-error6-0.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000182365 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libnettle-4-6.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000247415 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libp11-kit-0.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000032585 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libffi-6.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000080653 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\libtasn1-6.dll 2017-07-21 22:11 - 2017-01-05 23:34 - 000090195 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\zlib1.dll 2017-07-21 22:11 - 2017-02-08 02:40 - 000119064 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSBAE.dll 2017-07-21 22:11 - 2017-02-08 02:40 - 000044824 _____ () C:\Program Files\Colasoft Capsa 9 Free Edition\CSCrypto.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-07-21 16:19 - 2017-07-21 16:17 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4132324553-1498383444-2591444562-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\Carlos\Imagenes\WallPapers\Wallpaper 1920x1080.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{62F7AFF4-E0E5-46DD-A98D-7D6D8D09B5CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{54DF448F-4469-4B05-8EA4-373D46309B1E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [TCP Query User{BD3C9C8C-140F-4794-8138-609AEECB948F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{3288AD6B-CDEB-4D6C-AA2A-2B2F1E36EF54}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{5CAEF407-E503-4C1A-B467-4D42A60BEDF1}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Block) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe FirewallRules: [UDP Query User{81A05DC5-950A-43E1-AFA4-69B2AB5F7C0A}C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe] => (Block) C:\program files (x86)\red storm entertainment\ghost recon\ghostrecon.exe FirewallRules: [{898E8724-E18D-4E79-910B-D3267D7FE41D}] => (Block) LPort=445 FirewallRules: [{2094D883-8186-4FC4-99A7-3A79350D49A4}] => (Block) LPort=135 FirewallRules: [{7550A20F-E117-4195-A8DC-BDF28FA3EBDE}] => (Block) LPort=139 ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/10/2017 09:40:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce Código de excepción: 0xc0000005 Desplazamiento de errores: 0x000000000000983d Identificador del proceso con errores: 0xb34 Hora de inicio de la aplicación con errores: 0x01d34231e35538e8 Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll Identificador del informe: 72be0c80-52f1-45bd-bea6-b89ad2c586a8 Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: CortanaUI Error: (10/10/2017 09:40:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-C3QABMH) Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información. Error: (10/10/2017 09:40:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce Código de excepción: 0xc0000005 Desplazamiento de errores: 0x000000000000983d Identificador del proceso con errores: 0x2610 Hora de inicio de la aplicación con errores: 0x01d34231e10dc83a Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll Identificador del informe: 2ab0e12f-2ef5-4425-82e6-35a7306e9907 Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: CortanaUI Error: (10/10/2017 09:40:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce Código de excepción: 0xc0000005 Desplazamiento de errores: 0x000000000000983d Identificador del proceso con errores: 0x774 Hora de inicio de la aplicación con errores: 0x01d34231debe444d Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll Identificador del informe: b99b0a39-cea5-49b7-a5f5-674e681aa43f Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: CortanaUI Error: (10/10/2017 09:40:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce Código de excepción: 0xc000041d Desplazamiento de errores: 0x000000000000983d Identificador del proceso con errores: 0x129c Hora de inicio de la aplicación con errores: 0x01d34231db563c79 Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll Identificador del informe: ec5f06fa-bea2-4049-8f70-fe3799ebf147 Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: CortanaUI Error: (10/10/2017 09:40:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce Código de excepción: 0xc0000005 Desplazamiento de errores: 0x000000000000983d Identificador del proceso con errores: 0x129c Hora de inicio de la aplicación con errores: 0x01d34231db563c79 Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll Identificador del informe: 4028fbd2-50b5-452b-8e6e-860953b83530 Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: CortanaUI Error: (10/10/2017 09:39:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.15063.332, marca de tiempo: 0x591fdafc Nombre del módulo con errores: EdgeManager.dll, versión: 11.0.15063.0, marca de tiempo: 0x58a670ce Código de excepción: 0xc0000005 Desplazamiento de errores: 0x000000000000983d Identificador del proceso con errores: 0x25b8 Hora de inicio de la aplicación con errores: 0x01d34231d80c0264 Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\EdgeManager.dll Identificador del informe: 52b60199-10b0-47a0-b3d8-8af156207f8f Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: CortanaUI Error: (10/10/2017 07:53:03 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Error del procedimiento de apertura para el servicio ".NETFramework" en el archivo DLL "C:\WINDOWS\system32\mscoree.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error. Error: (10/10/2017 07:34:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SystemSettings.exe, versión: 10.0.15063.502, marca de tiempo: 0x7c8bd05a Nombre del módulo con errores: MusUpdateHandlers.dll, versión: 10.0.15063.674, marca de tiempo: 0x19e82d6b Código de excepción: 0xc0000005 Desplazamiento de errores: 0x000000000002da9f Identificador del proceso con errores: 0x1438 Hora de inicio de la aplicación con errores: 0x01d3422012ea793e Ruta de acceso de la aplicación con errores: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe Ruta de acceso del módulo con errores: C:\Windows\System32\MusUpdateHandlers.dll Identificador del informe: 191a19fa-6adb-4b33-a99f-d3ed4b60fb8d Nombre completo del paquete con errores: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Identificador de aplicación relativa del paquete con errores: microsoft.windows.immersivecontrolpanel Error: (10/10/2017 06:44:56 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error. System errors: ============= Error: (10/13/2017 05:55:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. Error: (10/13/2017 05:55:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. Error: (10/13/2017 05:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. Error: (10/13/2017 05:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. Error: (10/13/2017 05:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CldFlt no pudo iniciarse debido al siguiente error: Solicitud no compatible. Error: (10/13/2017 05:35:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CldFlt no pudo iniciarse debido al siguiente error: Solicitud no compatible. Error: (10/13/2017 05:32:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CldFlt no pudo iniciarse debido al siguiente error: Solicitud no compatible. Error: (10/13/2017 05:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. Error: (10/13/2017 05:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. Error: (10/13/2017 05:16:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio CsNdisLWF NDIS Protocol Driver no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. CodeIntegrity: =================================== Date: 2017-10-13 18:54:40.027 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-13 18:22:01.621 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements. Date: 2017-10-13 18:20:50.968 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll that did not meet the Store signing level requirements. Date: 2017-10-13 17:55:53.652 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-13 17:54:42.182 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-13 17:43:02.331 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-13 17:36:39.808 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-13 17:21:55.156 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-13 17:16:13.418 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-13 15:15:43.331 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\EMET 5.5\EMET_CE64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 38% Total physical RAM: 8100.43 MB Available physical RAM: 4989.56 MB Total Virtual: 9380.43 MB Available Virtual: 5861.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.12 GB) (Free:61.23 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:400.39 GB) (Free:120.39 GB) NTFS Drive f: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E6F6F789) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=97.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=400.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.