Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01 Ran by Emanuel (08-12-2018 12:38:07) Running from C:\Users\Emanuel\Desktop Windows 10 Education Version 1809 17763.134 (X64) (2018-10-03 16:21:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3767236452-2168423431-2029781272-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3767236452-2168423431-2029781272-503 - Limited - Disabled) Emanuel (S-1-5-21-3767236452-2168423431-2029781272-1001 - Administrator - Enabled) => C:\Users\Emanuel Invitado (S-1-5-21-3767236452-2168423431-2029781272-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3767236452-2168423431-2029781272-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Kaspersky Security Cloud (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8} AS: Kaspersky Security Cloud (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Security Cloud (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated) AIDA64 Extreme v5.97 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.97 - FinalWire Ltd.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform) CyberLink PhotoDirector 8 (HKLM-x32\...\{80986AB6-3CB0-49db-AB48-1600844D6374}) (Version: 8.0.3812.0 - CyberLink Corp.) CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.3918.0 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.80 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.20 - Janos Mathe) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Intel(R) Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation) Kaspersky Security Cloud (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProplusRetail - es-es) (Version: 16.0.11029.20079 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3767236452-2168423431-2029781272-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation) Microsoft Project Profesional 2016 - es-es (HKLM\...\ProjectProRetail - es-es) (Version: 16.0.11029.20079 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11029.20079 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 63.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 63.0.3 (x64 es-ES)) (Version: 63.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.3.3 - Mozilla) Mozilla Thunderbird 60.3.3 (x64 es-AR) (HKLM\...\Mozilla Thunderbird 60.3.3 (x64 es-AR)) (Version: 60.3.3 - Mozilla) Nero 2018 (HKLM-x32\...\{DB8EF13D-AD5C-4893-BB41-BD010964E730}) (Version: 19.0.10200 - Nero AG) Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 19.0.1003 - Nero AG) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden Opera Stable 56.0.3051.116 (HKU\S-1-5-21-3767236452-2168423431-2029781272-1001\...\Opera 56.0.3051.116) (Version: 56.0.3051.116 - Opera Software) Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0004 - Nero AG) Hidden Python 3.5.2 (32-bit) (HKU\S-1-5-21-3767236452-2168423431-2029781272-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation) Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation) qBittorrent 4.1.2 (HKLM-x32\...\qBittorrent) (Version: 4.1.2 - The qBittorrent project) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.) Simple DNSCrypt x64 (HKLM\...\{5AE8E892-624A-4CEE-99FE-F0B75180D774}) (Version: 0.5.8 - bitbeans) Skype versión 8.30 (HKLM-x32\...\Skype_is1) (Version: 8.30 - Skype Technologies S.A.) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) VIA Administrador de dispositivos de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 19.0.0\x64\ShellEx.dll [2018-12-06] (AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 19.0.0\x64\ShellEx.dll [2018-12-06] (AO Kaspersky Lab) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 19.0.0\x64\ShellEx.dll [2018-12-06] (AO Kaspersky Lab) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation) ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-01] (Intel Corporation) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 19.0.0\x64\ShellEx.dll [2018-12-06] (AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1CDB627B-C37F-42C8-9EDE-E634B18054C8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd) Task: {25637A87-901E-4BFD-B592-4AF1F201DA25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-15] (Google Inc.) Task: {26768F87-32CA-4588-A6A1-44021EA24330} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd) Task: {424957A3-43A9-4612-A836-037EC8FCC034} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-02] (Microsoft Corporation) Task: {4A47F5EE-1EA9-4D8F-B2E8-C2AA41EE1EE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-02] (Microsoft Corporation) Task: {4B03AF6B-A913-4AA6-9BA0-E42E1D523EB6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-12-02] (Microsoft Corporation) Task: {4F7AA56C-9E5C-4F99-B4F4-09AADC17CD58} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-12-02] (Microsoft Corporation) Task: {632102C4-D081-4681-8DBC-C26D7EE939B4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation) Task: {710E66A2-E632-4EF6-A911-0088BBEC901B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-02] (Microsoft Corporation) Task: {7A35A2E3-3CB4-4E28-B98D-832C02003592} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache Task: {84B268A6-0EE1-4F06-9D77-819EA6026EAA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation) Task: {AD4E8AFB-A48C-4E13-BE83-B8D87600CFB4} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync Task: {B3F848FE-D38D-4FB7-AC48-119669AE5466} - System32\Tasks\Opera scheduled Autoupdate 1537192681 => C:\Users\Emanuel\AppData\Local\Programs\Opera\launcher.exe [2018-11-26] (Opera Software) Task: {BD21C377-5B30-4E5A-B6F2-37D2086885E5} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives Task: {C035AA89-CF82-4959-9EA9-610B07FCDEE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-15] (Google Inc.) Task: {C2F89432-5BA2-4041-A2ED-DA0101567DAE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-02] (Microsoft Corporation) Task: {CB3C670B-FDA8-4C3F-9521-09846194A831} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-15] () Task: {F1D0CF5C-6253-4AE8-9D56-014223A9012F} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2017-08-10] (Nero AG) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-07-07 12:53 - 2012-08-31 15:03 - 000288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL 2018-07-07 12:53 - 2012-08-31 15:02 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2018-07-07 12:53 - 2012-08-31 15:03 - 003034112 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100su.dll 2018-07-07 12:53 - 2012-08-31 15:02 - 001038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1100GC.dll 2018-07-09 18:23 - 2018-07-09 18:23 - 006314648 _____ () C:\Program Files\bitbeans\Simple DNSCrypt x64\dnscrypt-proxy\dnscrypt-proxy.exe 2018-11-16 17:32 - 2018-12-07 07:05 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-11-16 17:32 - 2018-12-07 07:05 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-09-15 04:28 - 2018-09-15 04:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll 2018-11-04 06:27 - 2018-12-02 09:22 - 008984664 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\3082\GrooveIntlResource.dll 2018-09-15 04:28 - 2018-09-15 04:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-09-15 04:28 - 2018-09-15 04:28 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2016-11-01 23:05 - 2016-11-01 23:05 - 000401896 _____ () C:\WINDOWS\system32\igfxTray.exe 2018-09-15 04:28 - 2018-09-15 04:28 - 001740288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-09-15 13:43 - 2018-09-15 13:43 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2018-12-04 17:42 - 2018-12-04 17:43 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\ChakraBridge.dll 2018-12-04 17:42 - 2018-12-04 17:44 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 2018-11-05 23:48 - 2018-11-05 23:49 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll 2018-11-05 23:48 - 2018-11-05 23:48 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-11-05 23:48 - 2018-11-05 23:48 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll 2018-12-07 01:49 - 2018-12-07 01:49 - 004220928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe 2018-12-07 01:48 - 2018-12-07 01:48 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-11-16 10:19 - 2018-11-16 10:23 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2018-11-16 10:19 - 2018-11-16 10:23 - 066031104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2018-11-16 10:19 - 2018-11-16 10:22 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2018-06-14 14:56 - 2018-06-14 15:03 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-11-16 10:19 - 2018-11-16 10:23 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-11-16 10:19 - 2018-11-16 10:23 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-08-16 15:04 - 2018-08-16 15:05 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_core320.dll 2018-08-16 15:04 - 2018-08-16 15:05 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll 2018-06-14 14:56 - 2018-06-14 15:03 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-11-16 10:19 - 2018-11-16 10:23 - 014097920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-11-16 10:19 - 2018-11-16 10:22 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2018-11-16 10:19 - 2018-11-16 10:19 - 002863616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-08-30 20:51 - 2018-08-30 20:53 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-08-11 14:31 - 2018-08-11 14:31 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-11-16 10:19 - 2018-11-16 10:23 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\SKU.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 10:46 - 2018-11-18 12:17 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3767236452-2168423431-2029781272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emanuel\Desktop\OTRA CARPETA\SASSOFERRATO_-_Virgen_rezando_(National_Gallery,_Londres,_1640-50).jpg DNS Servers: 186.12.238.16 - 186.12.238.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "YouCam Service6" HKLM\...\StartupApproved\Run32: => "HPUsageTrackingLEDM" HKU\S-1-5-21-3767236452-2168423431-2029781272-1001\...\StartupApproved\Run: => "Skype for Desktop" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe FirewallRules: [{F8E05F4A-E55E-4C9E-862F-297BC27C41E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{87DD56C4-D982-483F-B146-6B3952504767}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{C9C81D69-9D37-4B1B-AC7B-4EE4BF572E82}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{D4B36D16-75C5-4FB2-A0C6-24C39D3BE47F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{F81D1BEA-745D-403C-A2C8-934CAD3C0A77}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{443AA5B4-6915-47CC-841D-CA82E044785B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 27-11-2018 10:23:21 Punto de control programado 06-12-2018 13:47:53 Punto de control programado ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/07/2018 12:12:45 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (12/07/2018 10:38:30 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x000003e8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000A42517EE50.72). HR = 0x80070005, Acceso denegado. . Error: (12/07/2018 10:38:30 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x000009a4,(null),0,REG_BINARY,000000E99967D650.72). HR = 0x80070005, Acceso denegado. . Operación: Evento BackupShutdown Contexto: Contexto de ejecución: Writer Id. de clase del escritor: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Nombre del escritor: MSSearch Service Writer Id. de instancia del escritor: {29e6e6bf-d8e0-4105-aa45-b3a3be1e89ad} Error: (12/07/2018 10:38:30 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x0000021c,(null),0,REG_BINARY,00000041C35FD740.72). HR = 0x80070005, Acceso denegado. . Operación: Evento BackupShutdown Contexto: Contexto de ejecución: Writer Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220} Nombre del escritor: System Writer Id. de instancia del escritor: {c3ed16c7-a7d9-4d1f-b26e-3cb1bed9d5d6} Error: (12/07/2018 10:38:30 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x00000298,(null),0,REG_BINARY,000000347237DA10.72). HR = 0x80070005, Acceso denegado. . Operación: Evento BackupShutdown Contexto: Contexto de ejecución: Writer Id. de clase del escritor: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Nombre del escritor: WMI Writer Id. de instancia del escritor: {ceb0d9c5-ebce-406a-ad7f-b69cc092a3f9} Error: (12/07/2018 10:38:30 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x00000254,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000A42547E3A0.72). HR = 0x80070005, Acceso denegado. . Operación: Evento BackupShutdown Contexto: Contexto de ejecución: Writer Id. de clase del escritor: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nombre del escritor: Registry Writer Id. de instancia del escritor: {bca40c13-a57f-416c-bcfe-06670061b4be} Error: (12/07/2018 10:38:30 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x00000298,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000A4253FE3C0.72). HR = 0x80070005, Acceso denegado. . Operación: Evento BackupShutdown Contexto: Contexto de ejecución: Writer Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nombre del escritor: Shadow Copy Optimization Writer Id. de instancia del escritor: {03d14ce2-8c69-4754-9bd3-ccd72a7ceca2} Error: (12/07/2018 10:38:30 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x0000021c,(null),0,REG_BINARY,00000041C35FD750.72). HR = 0x80070005, Acceso denegado. . Operación: Evento BackupShutdown Contexto: Contexto de ejecución: Writer Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220} Nombre del escritor: System Writer Id. de instancia del escritor: {c3ed16c7-a7d9-4d1f-b26e-3cb1bed9d5d6} System errors: ============= Error: (12/08/2018 10:25:05 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TKOQ9ER) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-TKOQ9ER\Emanuel con SID (S-1-5-21-3767236452-2168423431-2029781272-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 10:25:05 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TKOQ9ER) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-TKOQ9ER\Emanuel con SID (S-1-5-21-3767236452-2168423431-2029781272-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 09:51:59 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TKOQ9ER) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-TKOQ9ER\Emanuel con SID (S-1-5-21-3767236452-2168423431-2029781272-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 09:51:59 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TKOQ9ER) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-TKOQ9ER\Emanuel con SID (S-1-5-21-3767236452-2168423431-2029781272-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 09:13:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TKOQ9ER) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-TKOQ9ER\Emanuel con SID (S-1-5-21-3767236452-2168423431-2029781272-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 09:13:47 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TKOQ9ER) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-TKOQ9ER\Emanuel con SID (S-1-5-21-3767236452-2168423431-2029781272-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 08:40:09 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TKOQ9ER) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-TKOQ9ER\Emanuel con SID (S-1-5-21-3767236452-2168423431-2029781272-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 08:40:09 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TKOQ9ER) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario DESKTOP-TKOQ9ER\Emanuel con SID (S-1-5-21-3767236452-2168423431-2029781272-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. CodeIntegrity: =================================== Date: 2018-12-08 12:38:03.530 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eagleGet.removed because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-08 12:38:03.528 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eagleGet.removed because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-08 11:28:35.707 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_26515679\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-12-08 09:26:49.451 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_26515679\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-12-08 09:26:44.562 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_26515679\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-12-08 06:54:17.769 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_26515679\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-12-08 05:09:21.477 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eagleGet.removed because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-12-08 05:09:21.475 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eagleGet.removed because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4460S CPU @ 2.90GHz Percentage of memory in use: 24% Total physical RAM: 12154.04 MB Available physical RAM: 9153 MB Total Virtual: 12922.04 MB Available Virtual: 10107.14 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.91 GB) (Free:749.05 GB) NTFS \\?\Volume{f2edf3e1-f331-4cb6-b1b4-a1b29755c5d1}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS \\?\Volume{99856be5-d9a5-430a-ad0b-51663515665e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================