• Registrarse
  • Iniciar sesión


  • Resultados 1 al 4 de 4

    Eliminar qtipr.com

    Hola, quisiera eliminar este virus de navegador. Tambien aparece como navsmart.com a veces. Saludos....

    1. #1
      Usuario Avatar de Sputnika
      Registrado
      abr 2017
      Ubicación
      Argentina
      Mensajes
      3

      Eliminar qtipr.com

      Hola, quisiera eliminar este virus de navegador. Tambien aparece como navsmart.com a veces.

      Saludos.

    2. #2
      Usuario Avatar de Sputnika
      Registrado
      abr 2017
      Ubicación
      Argentina
      Mensajes
      3

      Re: Eliminar qtipr.com

      Dejo los registros FRST y Addition

      Primero el FRST

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
      Ran by Mawren (administrator) on ADMINRG-1J5JNRA (14-04-2017 01:28:47)
      Running from C:\Users\Mawren\Desktop
      Loaded Profiles: Mawren (Available Profiles: defaultuser0 & Mawren)
      Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Blizzard Entertainment) C:\Program Files (x86)\Blizzard App\Battle.net.8657\Battle.net.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      () C:\Users\Mawren\Desktop\Cosas PENDRIVE Pc\4.3.0\MSIAfterburnerSetup430.exe
      () C:\Program Files (x86)\MSI Afterburner\Redist\RTSSSetup.exe
      () C:\ProgramData\service.exe
      (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5494\Agent.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

      ==================== Registry (Whitelisted) ====================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-27] (Microsoft Corporation)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor)
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\RunOnce: [UpgradeResultsUI.exe] => C:\Windows\System32\UpgradeResultsUI.exe [33792 2016-07-16] (Microsoft Corporation)
      HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
      HKU\S-1-5-21-1270707468-547640072-2397267816-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-07-22] (Valve Corporation)
      HKU\S-1-5-21-1270707468-547640072-2397267816-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
      HKU\S-1-5-21-1270707468-547640072-2397267816-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
      HKU\S-1-5-21-1270707468-547640072-2397267816-1001\...\RunOnce: [Uninstall 17.3.6381.0405\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mawren\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
      HKU\S-1-5-21-1270707468-547640072-2397267816-1001\...\RunOnce: [Uninstall 17.3.6381.0405] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mawren\AppData\Local\Microsoft\OneDrive\17.3.6381.0405"
      HKU\S-1-5-21-1270707468-547640072-2397267816-1001\...\MountPoints2: {2b3927ff-9281-11e6-9b50-38d547e0b4e0} - "F:\setup.exe"
      HKU\S-1-5-18\...\Run: [] => [X]
      ShellExecuteHooks: No Name - {9AF3A9BE-1EA0-11E7-9DFD-64006A5CFC23} - C:\Users\Mawren\AppData\Roaming\Vikasshody\Cowucladom.dll -> No File

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{df3ec1a1-2c3a-4155-af31-52abe47f8f86}: [DhcpNameServer] 192.168.1.1

      Internet Explorer:
      ==================

      FireFox:
      ========
      FF DefaultProfile: 5dr815hx.default
      FF ProfilePath: C:\Users\Mawren\AppData\Roaming\Mozilla\Firefox\Profiles\5dr815hx.default [2017-04-14]
      FF Extension: (Adblock Plus) - C:\Users\Mawren\AppData\Roaming\Mozilla\Firefox\Profiles\5dr815hx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-14]
      FF Extension: (Disable Prefetch) - C:\Users\Mawren\AppData\Roaming\Mozilla\Firefox\Profiles\5dr815hx.default\features\{29245b05-10be-40ae-86e7-9b8b5150cf60}\[email protected] [2017-04-14]
      FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-24] [not signed]
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-14] (Google Inc.)

      Chrome:
      =======
      CHR Profile: C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default [2017-04-14]
      CHR Extension: (Google Docs) - C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-14]
      CHR Extension: (Google Drive) - C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-14]
      CHR Extension: (YouTube) - C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-14]
      CHR Extension: (Hojas de cálculo de Google) - C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-14]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-14]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-14]
      CHR Extension: (Gmail) - C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-14]
      CHR Extension: (Chrome Media Router) - C:\Users\Mawren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-14]
      CHR Extension: (easychrome) - C:\Users\Mawren\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw [2017-04-14]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-16] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-16] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-03-16] (NVIDIA Corporation)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
      R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [193448 2017-03-02] ()
      R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-04-14] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-04-14] (Disc Soft Ltd)
      S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
      R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f37f8f12da8b10d7\nvlddmkm.sys [14574640 2017-03-17] (NVIDIA Corporation)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-03-16] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-03-16] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-03-16] (NVIDIA Corporation)
      U0 onlwfqo; C:\Windows\System32\drivers\ydjxcb.sys [79064 2017-04-14] (Malwarebytes)
      R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
      S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
      R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
      S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-04-14 02:55 - 2017-04-14 02:55 - 00000000 ____D C:\Users\Mawren\AppData\LocalLow\Failbetter Games
      2017-04-14 02:55 - 2017-04-14 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunless Sea [GOG.com]
      2017-04-14 02:55 - 2017-04-14 01:22 - 00001707 _____ C:\Users\Mawren\Desktop\Sunless Sea.lnk
      2017-04-14 02:54 - 2017-04-14 02:54 - 00000000 ____D C:\GOG Games
      2017-04-14 02:54 - 2017-04-14 00:47 - 00000000 ____D C:\Users\Mawren\Desktop\Juegos
      2017-04-14 02:46 - 2017-04-14 02:46 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\WinRAR
      2017-04-14 02:34 - 2016-07-16 08:43 - 00033882 _____ C:\Windows\Professional.xml
      2017-04-14 02:12 - 2017-04-14 02:12 - 00000000 ____D C:\Users\Mawren\AppData\Local\Disc_Soft_Ltd
      2017-04-14 02:11 - 2017-04-14 02:11 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Steam
      2017-04-14 02:11 - 2017-04-14 02:11 - 00000000 ____D C:\Users\Mawren\AppData\LocalLow\CampoSanto
      2017-04-14 02:09 - 2017-04-14 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firewatch
      2017-04-14 02:09 - 2017-04-14 01:22 - 00001088 _____ C:\Users\Mawren\Desktop\Firewatch.lnk
      2017-04-14 02:07 - 2017-04-14 02:11 - 00000000 ____D C:\Program Files (x86)\Firewatch
      2017-04-14 02:05 - 2017-04-14 02:05 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
      2017-04-14 02:05 - 2017-04-14 02:05 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
      2017-04-14 02:04 - 2017-04-14 02:05 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
      2017-04-14 02:04 - 2017-04-14 02:05 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
      2017-04-14 02:04 - 2017-04-14 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
      2017-04-14 02:04 - 2017-04-14 01:22 - 00001852 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
      2017-04-14 02:04 - 2017-04-14 00:30 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\DAEMON Tools Lite
      2017-04-14 02:00 - 2017-04-14 02:00 - 00694744 _____ (Disc Soft Ltd.) C:\Users\Mawren\Downloads\DTLiteInstaller.exe
      2017-04-14 01:58 - 2017-04-14 02:04 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
      2017-04-14 01:57 - 2017-04-14 01:57 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-04-14 01:57 - 2017-04-14 01:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      2017-04-14 01:57 - 2017-04-14 01:57 - 00000000 ____D C:\Program Files (x86)\WinRAR
      2017-04-14 01:56 - 2017-04-14 01:58 - 13146016 _____ (Disc Soft Ltd) C:\Users\Mawren\Downloads\daemon-tools-5-0-1-multi-win.exe
      2017-04-14 01:56 - 2017-04-14 01:57 - 01843272 _____ C:\Users\Mawren\Downloads\winrar-5-11-es-win.exe
      2017-04-14 01:28 - 2017-04-14 01:29 - 00010244 _____ C:\Users\Mawren\Desktop\FRST.txt
      2017-04-14 01:28 - 2017-04-14 01:28 - 00000000 ____D C:\FRST
      2017-04-14 01:27 - 2017-04-14 01:28 - 02424832 _____ (Farbar) C:\Users\Mawren\Desktop\FRST64.exe
      2017-04-14 01:22 - 2017-04-14 01:22 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\ydjxcb.sys
      2017-04-14 01:16 - 2017-04-14 01:00 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2017-04-14 01:10 - 2017-04-14 01:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2017-04-14 01:10 - 2017-04-14 01:22 - 00001165 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      2017-04-14 01:10 - 2017-04-14 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
      2017-04-14 01:10 - 2017-04-14 01:10 - 00000000 ____D C:\ProgramData\Malwarebytes
      2017-04-14 01:10 - 2017-04-14 01:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
      2017-04-14 01:10 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
      2017-04-14 01:10 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
      2017-04-14 01:10 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2017-04-14 01:07 - 2017-04-14 01:10 - 22851472 _____ (Malwarebytes ) C:\Users\Mawren\Downloads\mbam-setup-2-2-1-1043.exe
      2017-04-14 00:59 - 2017-04-14 01:22 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-04-14 00:59 - 2017-04-14 01:22 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-04-14 00:57 - 2017-04-14 01:06 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-04-14 00:57 - 2017-04-14 01:06 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-04-14 00:56 - 2017-04-14 00:57 - 01129376 _____ (Google Inc.) C:\Users\Mawren\Downloads\ChromeSetup.exe
      2017-04-14 00:36 - 2017-04-14 01:22 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-04-14 00:36 - 2017-04-14 01:22 - 00001210 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      2017-04-14 00:36 - 2017-04-14 01:17 - 00000000 ____D C:\Users\Mawren\AppData\LocalLow\Mozilla
      2017-04-14 00:36 - 2017-04-14 00:41 - 00000000 ____D C:\Users\Mawren\AppData\Local\Mozilla
      2017-04-14 00:36 - 2017-04-14 00:36 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Mozilla
      2017-04-14 00:36 - 2017-04-14 00:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-04-14 00:36 - 2017-04-14 00:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-04-14 00:19 - 2017-04-14 00:19 - 00245536 _____ C:\Users\Mawren\Downloads\Firefox Setup Stub 52.0.2.exe
      2017-04-14 00:10 - 2017-04-14 01:22 - 00000901 _____ C:\Users\Public\Desktop\CCleaner.lnk
      2017-04-14 00:10 - 2017-04-14 00:10 - 00002872 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
      2017-04-14 00:10 - 2017-04-14 00:10 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
      2017-04-14 00:10 - 2017-04-14 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      2017-04-14 00:10 - 2017-04-14 00:10 - 00000000 ____D C:\Program Files\CCleaner
      2017-04-14 00:08 - 2017-04-14 00:10 - 09274608 _____ (Piriform Ltd) C:\Users\Mawren\Downloads\ccsetup528.exe
      2017-04-14 00:08 - 2017-04-14 00:08 - 01620992 ____N C:\ProgramData\service.exe
      2017-04-14 00:07 - 2017-04-14 00:11 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
      2017-04-14 00:04 - 2017-04-14 01:22 - 00000000 __SHD C:\Users\Mawren\AppData\Local\svchost
      2017-04-14 00:04 - 2017-04-14 00:04 - 00003658 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
      2017-04-14 00:04 - 2017-04-14 00:04 - 00000000 __SHD C:\Users\Mawren\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw
      2017-04-14 00:04 - 2017-04-11 23:04 - 01028096 ____N C:\ProgramData\igfxDH.dll
      2017-04-14 00:03 - 2017-04-14 00:11 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
      2017-04-14 00:02 - 2017-04-14 01:22 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Vikasshody
      2017-04-14 00:02 - 2017-04-14 01:22 - 00000000 ____D C:\Program Files (x86)\Tukerent Nodifier
      2017-04-14 00:02 - 2017-04-14 01:22 - 00000000 ____D C:\Program Files (x86)\Cojisp
      2017-04-14 00:02 - 2017-04-14 00:02 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Microleaves
      2017-04-14 00:02 - 2017-04-14 00:02 - 00000000 ____D C:\Users\Mawren\AppData\Local\Rojather
      2017-04-14 00:02 - 2017-04-14 00:02 - 00000000 ____D C:\Users\Mawren\AppData\Local\AdvinstAnalytics
      2017-04-14 00:00 - 2017-04-14 00:02 - 00000000 ____D C:\Users\Mawren\AppData\Local\MSfree Inc
      2017-04-14 00:00 - 2017-04-14 00:00 - 00000000 ____D C:\Users\Mawren\Desktop\KMSAC1.4.2
      2017-04-13 23:55 - 2017-04-13 23:55 - 03758642 _____ C:\Users\Mawren\Downloads\KMSAC1.4.2 - MegaTutosPC.rar
      2017-04-13 23:41 - 2017-04-14 01:22 - 00000000 ____D C:\Program Files (x86)\Windows Loader
      2017-04-13 23:40 - 2017-04-13 23:40 - 00000000 ____D C:\Users\Mawren\AppData\LocalLow\Temp
      2017-04-13 23:37 - 2017-04-13 23:35 - 02887680 _____ C:\Users\Mawren\Desktop\KMSPico 10.2.1.iso
      2017-04-13 23:35 - 2017-04-14 01:22 - 00000876 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Child of Light.lnk
      2017-04-13 23:35 - 2017-04-14 01:22 - 00000858 _____ C:\Users\Public\Desktop\Child of Light.lnk
      2017-04-13 23:34 - 2017-04-13 23:39 - 00000000 ____D C:\Program Files (x86)\Child of Light
      2017-04-13 23:34 - 2017-04-13 23:35 - 02887680 _____ C:\Users\Mawren\Downloads\KMSPico 10.2.1.iso
      2017-04-13 23:31 - 2017-04-14 01:08 - 00000000 ____D C:\Users\Mawren\Desktop\Cosas PENDRIVE Pc
      2017-04-13 23:29 - 2017-04-13 23:31 - 00000000 ____D C:\Users\Mawren\Desktop\Child.of.Light-RELOADED
      2017-04-13 20:02 - 2017-04-14 01:08 - 00000000 ____D C:\Program Files (x86)\Overwatch
      2017-04-13 20:02 - 2017-04-13 20:02 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
      2017-04-13 19:49 - 2017-04-14 03:06 - 00000000 ____D C:\Users\Mawren\AppData\Local\Battle.net
      2017-04-13 19:49 - 2017-04-13 19:49 - 00000000 ____D C:\Users\Mawren\AppData\Local\Blizzard Entertainment
      2017-04-13 19:48 - 2017-04-14 01:22 - 00000986 _____ C:\Users\Public\Desktop\Aplicación de Blizzard.lnk
      2017-04-13 19:48 - 2017-04-13 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplicación de Blizzard
      2017-04-13 19:45 - 2017-03-16 19:56 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
      2017-04-13 19:45 - 2017-01-25 21:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
      2017-04-13 19:45 - 2017-01-25 21:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
      2017-04-13 19:45 - 2017-01-25 21:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
      2017-04-13 19:45 - 2017-01-25 21:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
      2017-04-13 19:44 - 2017-04-13 19:44 - 00000000 ____D C:\Windows\LastGood
      2017-04-13 19:44 - 2017-04-13 19:44 - 00000000 ____D C:\Program Files (x86)\VulkanRT
      2017-04-13 19:35 - 2017-04-13 23:45 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\NVIDIA
      2017-04-13 19:30 - 2017-04-14 02:11 - 00000000 ____D C:\Program Files (x86)\Steam
      2017-04-13 19:30 - 2017-04-14 01:22 - 00001026 _____ C:\Users\Public\Desktop\Steam.lnk
      2017-04-13 19:30 - 2017-04-13 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
      2017-04-13 19:26 - 2017-04-14 00:59 - 00000000 ____D C:\Users\Mawren\AppData\Local\Google
      2017-04-13 19:26 - 2017-04-14 00:59 - 00000000 ____D C:\Program Files (x86)\Google
      2017-04-13 19:25 - 2017-04-13 19:32 - 18266707 _____ (NVIDIA Corporation) C:\Users\Mawren\Downloads\381.65-desktop-win10-64bit-international-whql.exe.da1i3qf.partial
      2017-04-13 19:24 - 2017-04-13 19:24 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Macromedia
      2017-04-13 19:23 - 2017-04-13 20:02 - 00000000 ____D C:\Program Files (x86)\Blizzard App
      2017-04-13 19:22 - 2017-04-13 20:02 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Battle.net
      2017-04-13 19:20 - 2017-04-14 00:27 - 00000000 ____D C:\Users\Mawren\AppData\Local\CrashDumps
      2017-04-13 19:17 - 2017-04-13 19:35 - 00000000 ____D C:\Users\Mawren\AppData\Local\NVIDIA Corporation
      2017-04-13 19:17 - 2017-04-13 19:18 - 00000000 ____D C:\Users\Mawren\AppData\Local\NVIDIA
      2017-04-13 19:17 - 2017-04-13 19:17 - 00000000 ____D C:\Users\Mawren\AppData\Local\CEF
      2017-04-13 19:14 - 2017-04-13 19:45 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-04-13 19:14 - 2017-04-13 19:45 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-04-13 19:14 - 2017-04-13 19:45 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-04-13 19:14 - 2017-04-13 19:45 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-04-13 19:14 - 2017-04-13 19:45 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-04-13 19:14 - 2017-04-13 19:45 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-04-13 19:14 - 2017-04-13 19:45 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
      2017-04-13 19:14 - 2017-04-13 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
      2017-04-13 19:14 - 2017-04-13 19:22 - 00000000 ____D C:\ProgramData\Battle.net
      2017-04-13 19:14 - 2017-04-13 19:14 - 00000000 ____D C:\Users\Mawren\AppData\Local\Comms
      2017-04-13 19:14 - 2017-03-16 22:01 - 01882168 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
      2017-04-13 19:14 - 2017-03-16 22:01 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
      2017-04-13 19:14 - 2017-03-16 22:01 - 01470520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
      2017-04-13 19:14 - 2017-03-16 22:01 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
      2017-04-13 19:14 - 2017-03-16 22:01 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
      2017-04-13 19:14 - 2010-05-26 15:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
      2017-04-13 19:14 - 2010-05-26 15:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
      2017-04-13 19:14 - 2010-05-26 15:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
      2017-04-13 19:14 - 2010-05-26 15:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
      2017-04-13 19:14 - 2010-05-26 15:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
      2017-04-13 19:14 - 2010-05-26 15:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
      2017-04-13 19:13 - 2017-04-13 19:46 - 00000000 ____D C:\ProgramData\NVIDIA
      2017-04-13 19:13 - 2017-04-13 19:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
      2017-04-13 19:13 - 2017-03-16 22:01 - 00512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
      2017-04-13 19:13 - 2017-03-16 22:01 - 00418752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
      2017-04-13 19:13 - 2017-03-16 22:01 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
      2017-04-13 19:13 - 2017-03-16 22:01 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
      2017-04-13 19:13 - 2017-03-16 20:16 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
      2017-04-13 19:13 - 2017-03-16 20:16 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
      2017-04-13 19:13 - 2017-03-16 20:16 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
      2017-04-13 19:13 - 2017-03-16 20:16 - 00549944 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
      2017-04-13 19:13 - 2017-03-16 20:16 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
      2017-04-13 19:13 - 2017-03-16 20:16 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
      2017-04-13 19:13 - 2017-03-16 20:16 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
      2017-04-13 19:13 - 2017-03-16 06:39 - 07813427 _____ C:\Windows\system32\nvcoproc.bin
      2017-04-13 19:12 - 2017-04-13 19:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
      2017-04-13 19:12 - 2017-04-13 19:12 - 00000000 ____D C:\ProgramData\Package Cache
      2017-04-13 19:12 - 2017-03-16 22:01 - 40190400 _____ C:\Windows\system32\nvcompiler.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 34991672 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 28254264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 11122728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 04078008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 03597456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 03169848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 02716096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 01052096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00991288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00910784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00605120 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00573632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00447984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
      2017-04-13 19:12 - 2017-03-16 22:01 - 00158264 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00126008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00059448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
      2017-04-13 19:12 - 2017-03-16 22:01 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
      2017-04-13 19:12 - 2017-03-16 22:01 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
      2017-04-13 19:12 - 2017-03-16 22:01 - 00043636 _____ C:\Windows\system32\nvinfo.pb
      2017-04-13 19:12 - 2017-03-16 22:01 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
      2017-04-13 19:12 - 2017-03-16 22:01 - 00000669 _____ C:\Windows\system32\nv-vk64.json
      2017-04-13 19:11 - 2017-04-13 19:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
      2017-04-13 19:05 - 2017-04-13 19:05 - 00000000 ____H C:\ProgramData\DP45977C.lfl
      2017-04-13 19:05 - 2017-04-13 19:05 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
      2017-04-13 19:05 - 2017-04-13 19:05 - 00000000 ____D C:\Windows\system32\DAX2
      2017-04-13 19:05 - 2017-04-13 19:05 - 00000000 ____D C:\Program Files\Realtek
      2017-04-13 19:00 - 2017-04-13 19:24 - 00000000 ____D C:\Users\Mawren\AppData\Local\MicrosoftEdge
      2017-04-13 19:00 - 2017-04-13 19:00 - 00003292 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
      2017-04-13 19:00 - 2017-04-13 19:00 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Skype
      2017-04-13 18:59 - 2017-04-14 01:22 - 00002364 _____ C:\Users\Mawren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2017-04-13 18:59 - 2017-04-13 19:47 - 01375100 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-04-13 18:59 - 2017-04-13 19:00 - 00000000 ___RD C:\Users\Mawren\OneDrive
      2017-04-13 18:59 - 2017-04-13 18:59 - 00000000 ____D C:\Users\Mawren\AppData\Local\NetworkTiles
      2017-04-13 18:59 - 2017-04-13 18:59 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
      2017-04-13 18:57 - 2017-04-13 20:23 - 00000000 ____D C:\Users\Mawren\AppData\Local\Packages
      2017-04-13 18:57 - 2017-04-13 18:57 - 00000000 __RHD C:\Users\Public\AccountPictures
      2017-04-13 18:57 - 2017-04-13 18:57 - 00000000 ____D C:\Users\Mawren\AppData\Roaming\Adobe
      2017-04-13 18:57 - 2017-04-13 18:57 - 00000000 ____D C:\Users\Mawren\AppData\Local\VirtualStore
      2017-04-13 18:57 - 2017-04-13 18:57 - 00000000 ____D C:\Users\Mawren\AppData\Local\TileDataLayer
      2017-04-13 18:57 - 2017-04-13 18:57 - 00000000 ____D C:\Users\Mawren\AppData\Local\Publishers
      2017-04-13 18:57 - 2017-04-13 18:57 - 00000000 ____D C:\Users\Mawren\AppData\Local\ConnectedDevicesPlatform
      2017-04-13 18:56 - 2017-04-13 19:01 - 00000000 ____D C:\Users\Mawren
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000020 ___SH C:\Users\Mawren\ntuser.ini
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000000 _SHDL C:\Users\Mawren\My Documents
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000000 _SHDL C:\Users\Mawren\Documents\My Videos
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000000 _SHDL C:\Users\Mawren\Documents\My Pictures
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000000 _SHDL C:\Users\Mawren\Documents\My Music
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
      2017-04-13 18:56 - 2017-04-13 18:56 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
      2017-04-13 18:55 - 2016-07-16 08:41 - 02716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2017-04-14 02:27 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\system32\WinBioDatabase
      2017-04-14 01:55 - 2016-10-14 23:38 - 00000000 ____D C:\Windows\system32\SleepStudy
      2017-04-14 01:43 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
      2017-04-14 01:22 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\Web
      2017-04-14 00:27 - 2016-07-16 08:45 - 00000000 ____D C:\Windows\INF
      2017-04-14 00:27 - 2016-07-15 23:30 - 00000000 ____D C:\Windows\Panther
      2017-04-14 00:10 - 2016-07-16 08:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
      2017-04-13 23:28 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\LiveKernelReports
      2017-04-13 23:13 - 2016-07-16 08:36 - 00000000 ____D C:\Windows\CbsTemp
      2017-04-13 20:23 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\AppReadiness
      2017-04-13 19:47 - 2016-08-05 16:29 - 00406020 _____ C:\Windows\system32\perfh019.dat
      2017-04-13 19:47 - 2016-08-05 16:29 - 00064286 _____ C:\Windows\system32\perfc019.dat
      2017-04-13 19:13 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\Help
      2017-04-13 18:56 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\system32\spool
      2017-04-13 18:56 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\system32\FxsTmp

      ==================== Files in the root of some directories =======

      2017-04-13 19:05 - 2017-04-13 19:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
      2017-04-14 00:04 - 2017-04-11 23:04 - 1028096 ____N () C:\ProgramData\igfxDH.dll
      2017-04-14 00:08 - 2017-04-14 00:08 - 1620992 ____N () C:\ProgramData\service.exe

      Files to move or delete:
      ====================
      C:\ProgramData\igfxDH.dll
      C:\ProgramData\service.exe


      Some files in TEMP:
      ====================
      2017-04-14 00:06 - 2017-04-14 00:13 - 28016640 _____ () C:\Users\Mawren\AppData\Local\Temp\Browser_V6.0.1471.913_f_4730_(Build1702151518).exe
      2017-04-13 23:41 - 2017-04-13 23:41 - 0061440 _____ (The Gentee Group) C:\Users\Mawren\AppData\Local\Temp\genteert.dll
      2017-04-13 19:13 - 2017-03-16 19:56 - 0867968 _____ (NVIDIA Corporation) C:\Users\Mawren\AppData\Local\Temp\nvSCPAPI64.dll
      2017-04-13 19:43 - 2017-03-16 19:56 - 0352704 _____ (NVIDIA Corporation) C:\Users\Mawren\AppData\Local\Temp\nvStInst.exe

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2016-10-14 23:38

      ==================== End of FRST.txt ============================

    3. #3
      Usuario Avatar de Sputnika
      Registrado
      abr 2017
      Ubicación
      Argentina
      Mensajes
      3

      Re: Eliminar qtipr.com

      Addition

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
      Ran by Mawren (14-04-2017 01:29:16)
      Running from C:\Users\Mawren\Desktop
      Windows 10 Home Version 1607 (X64) (2017-04-13 21:56:06)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrator (S-1-5-21-1270707468-547640072-2397267816-500 - Administrator - Disabled)
      DefaultAccount (S-1-5-21-1270707468-547640072-2397267816-503 - Limited - Disabled)
      defaultuser0 (S-1-5-21-1270707468-547640072-2397267816-1000 - Limited - Disabled) => C:\Users\defaultuser0
      Guest (S-1-5-21-1270707468-547640072-2397267816-501 - Limited - Disabled)
      Mawren (S-1-5-21-1270707468-547640072-2397267816-1001 - Administrator - Enabled) => C:\Users\Mawren

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
      Aplicación de Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
      CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
      Child of Light (HKLM-x32\...\Q2hpbGRvZkxpZ2h0_is1) (Version: 1 - )
      DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
      Firewatch (HKLM-x32\...\Firewatch_is1) (Version: - )
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
      Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
      Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
      Microsoft OneDrive (HKU\S-1-5-21-1270707468-547640072-2397267816-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
      Mozilla Firefox 52.0.2 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 es-ES)) (Version: 52.0.2 - Mozilla)
      Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
      NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
      NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
      NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
      NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
      NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
      NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
      NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
      NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
      NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
      SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
      SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.1.0.2 - GOG.com)
      Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
      WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {0073D8C1-25E6-4272-8C4C-70FBDFB822B5} - \osTip -> No File <==== ATTENTION
      Task: {03D3039A-F4C8-434E-A98B-36017CA36D73} - \Tukerent Nodifier -> No File <==== ATTENTION
      Task: {30EC8BF4-651E-4219-B90C-26CA75753F1F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-03-16] (NVIDIA Corporation)
      Task: {35CAE455-6F53-4564-961E-8EC7C4C1349B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
      Task: {3E03DC5B-C2FB-4E1E-B5F8-67284107D307} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-14] (Google Inc.)
      Task: {582ED9EB-5C2C-43CE-95B9-C2BE97BD22EC} - \PPI Update -> No File <==== ATTENTION
      Task: {64BBAAC4-D26A-42B3-A42C-34DB6AA7EE91} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-16] (NVIDIA Corporation)
      Task: {6E427881-7745-4ACD-B2A5-DE58E8F5B214} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-03-16] (NVIDIA Corporation)
      Task: {74F42EBF-3C1E-4B48-9D31-C61D728C17E3} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-16] (NVIDIA Corporation)
      Task: {74FB2D19-72A3-483F-A090-B2FB13D05490} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-16] (NVIDIA Corporation)
      Task: {825A760A-6A72-49C1-B32D-DE921D7F98D5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-16] (NVIDIA Corporation)
      Task: {834F86E1-FBDB-4D99-9F17-52D7E4734C91} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-16] (NVIDIA Corporation)
      Task: {C616609C-BD49-4689-BD2D-D7EC771113CB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\Explorer.exe /NOUACCHECK
      Task: {ECCAF8EC-1A42-48D2-88C7-C584BE70AE0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-14] (Google Inc.)
      Task: {F243A0DA-F0D2-4AA4-98B8-7771617095A1} - \Shawale -> No File <==== ATTENTION

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts =============================

      (The entries could be listed to be restored or removed.)

      ShortcutWithArgument: C:\Users\Mawren\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->
      ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->
      ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->

      ==================== Loaded Modules (Whitelisted) ==============

      2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
      2017-04-13 18:59 - 2017-04-13 18:59 - 00959168 _____ () C:\Users\Mawren\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
      2017-04-14 00:04 - 2017-04-11 23:04 - 01028096 ____N () C:\ProgramData\igfxDH.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
      2017-04-13 19:14 - 2017-03-16 22:01 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
      2017-04-13 19:14 - 2017-03-16 22:01 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
      2017-04-13 20:05 - 2017-04-13 20:09 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      2017-04-13 20:05 - 2017-04-13 20:09 - 00189952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
      2017-04-13 20:05 - 2017-04-13 20:13 - 42507264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkyWrap.dll
      2017-04-13 20:05 - 2017-04-13 20:09 - 02334184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\skypert.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
      2016-10-27 15:50 - 2016-10-27 15:50 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
      2017-04-14 00:02 - 2017-04-14 00:02 - 00311808 _____ () C:\Program Files (x86)\Tukerent Nodifier\local64spl.dll
      2017-04-14 00:03 - 2016-10-25 10:02 - 39410672 _____ () C:\Users\Mawren\Desktop\Cosas PENDRIVE Pc\4.3.0\MSIAfterburnerSetup430.exe
      2016-10-20 19:56 - 2016-10-20 19:56 - 22362816 _____ () C:\Program Files (x86)\MSI Afterburner\Redist\RTSSSetup.exe
      2017-04-14 00:08 - 2017-04-14 00:08 - 01620992 ____N () C:\ProgramData\service.exe
      2017-04-13 19:13 - 2017-03-16 20:16 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
      2017-04-13 19:43 - 2017-04-13 19:47 - 55758824 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.8657\libcef.dll
      2017-04-13 19:47 - 2017-04-13 19:47 - 00540336 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.8657\ortp.dll
      2017-04-13 19:47 - 2017-04-13 19:47 - 00133632 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.8657\libEGL.dll
      2017-04-13 19:47 - 2017-04-13 19:47 - 03384832 _____ () C:\Program Files (x86)\Blizzard App\Battle.net.8657\libGLESv2.dll
      2017-04-14 00:03 - 2017-04-14 00:03 - 00009728 _____ () C:\Users\Mawren\AppData\Local\Temp\nsy3D43.tmp\nsDialogs.dll
      2017-04-14 00:03 - 2017-04-14 00:03 - 00011264 _____ () C:\Users\Mawren\AppData\Local\Temp\nsy3D43.tmp\System.dll
      2017-04-14 00:03 - 2017-04-14 00:03 - 00007680 _____ () C:\Users\Mawren\AppData\Local\Temp\nsy3D43.tmp\StartMenu.dll
      2017-04-14 00:07 - 2017-04-14 00:07 - 00009728 _____ () C:\Users\Mawren\AppData\Local\Temp\nsp2E9E.tmp\nsDialogs.dll
      2017-04-14 00:07 - 2017-04-14 00:07 - 00011264 _____ () C:\Users\Mawren\AppData\Local\Temp\nsp2E9E.tmp\System.dll
      2017-04-14 00:07 - 2017-04-14 00:07 - 00007680 _____ () C:\Users\Mawren\AppData\Local\Temp\nsp2E9E.tmp\StartMenu.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2016-07-16 08:47 - 2016-07-16 08:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-1270707468-547640072-2397267816-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mawren\Desktop\4UZKUvd.jpg
      DNS Servers: 192.168.1.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\Run32: => "WindowsDefender"
      HKU\S-1-5-21-1270707468-547640072-2397267816-1001\...\StartupApproved\Run: => "{E50B10B8-1C30-F9CA-2E90-A7FF084DE206}"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
      FirewallRules: [{1992B3C9-773D-4640-A93D-5E13FA529D91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
      FirewallRules: [{54A7C2A3-F5B3-4E6F-90E4-AF1FDFE9ECF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
      FirewallRules: [{B4BA34DA-C972-4B3B-BD4E-7D139023AA0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
      FirewallRules: [{988854DA-C7CB-418D-A141-DBDAFD88C631}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{BD3137C5-1F83-4C64-981C-FBB4B29A8589}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
      FirewallRules: [{8B8148D0-59A6-49DA-9E10-000BD17263F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{C7DDFF23-327D-4291-A77F-050BA656E987}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{0A7081D2-515F-45E2-B32B-C67D41F3F67D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{0E8B9081-32D5-4F3B-AE5D-318A12EC7CF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      FirewallRules: [{2BC9CD60-5750-4575-BA5D-0AA16362AB50}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      14-04-2017 03:01:47 Windows Update

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (04/14/2017 12:44:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: The program DTLite.exe version 10.5.1.230 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

      Process ID: 1560

      Start Time: 01d2b4d16636ed03

      Termination Time: 3

      Application Path: C:\Program Files\DAEMON Tools Lite\DTLite.exe

      Report Id: aa3b656a-20c4-11e7-9b51-38d547e0b4e0

      Faulting package full name:

      Faulting package-relative application ID:

      Error: (04/14/2017 12:26:41 AM) (Source: ESENT) (EventID: 454) (User: )
      Description: taskhostw (4600) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

      Error: (04/14/2017 12:26:41 AM) (Source: ESENT) (EventID: 490) (User: )
      Description: taskhostw (4600) WebCacheLocal: An attempt to open the file "C:\Users\Mawren\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

      Error: (04/14/2017 12:11:49 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Activation context generation failed for "C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe".
      Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
      Please use sxstrace.exe for detailed diagnosis.

      Error: (04/14/2017 12:11:28 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Activation context generation failed for "C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe".
      Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
      Please use sxstrace.exe for detailed diagnosis.

      Error: (04/14/2017 1230 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Activation context generation failed for "C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe".
      Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
      Please use sxstrace.exe for detailed diagnosis.

      Error: (04/14/2017 12:09:58 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Activation context generation failed for "C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe".
      Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
      Please use sxstrace.exe for detailed diagnosis.

      Error: (04/14/2017 12:09:53 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Activation context generation failed for "C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe".
      Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
      Please use sxstrace.exe for detailed diagnosis.

      Error: (04/14/2017 12:09:50 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Activation context generation failed for "C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe".
      Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
      Please use sxstrace.exe for detailed diagnosis.

      Error: (04/14/2017 12:09:49 AM) (Source: SideBySide) (EventID: 33) (User: )
      Description: Activation context generation failed for "C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe".
      Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
      Please use sxstrace.exe for detailed diagnosis.


      System errors:
      =============
      Error: (04/14/2017 12:09:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: The UC浏览器基础服务 service terminated unexpectedly. It has done this 1 time(s).

      Error: (04/14/2017 12:08:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
      Description: The GoogleChromeUpService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

      Error: (04/13/2017 08:25:33 PM) (Source: DCOM) (EventID: 10010) (User: ADMINRG-1J5JNRA)
      Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

      Error: (04/13/2017 07:14:12 PM) (Source: DCOM) (EventID: 10016) (User: ADMINRG-1J5JNRA)
      Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
      {C2F03A33-21F5-47FA-B4BB-156362A2F239}
      and APPID
      {316CDED5-E4AE-4B15-9113-7055D84DCC97}
      to the user ADMINRG-1J5JNRA\Mawren SID (S-1-5-21-1270707468-547640072-2397267816-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

      Error: (04/13/2017 07:00:52 PM) (Source: DCOM) (EventID: 10016) (User: ADMINRG-1J5JNRA)
      Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
      {9E175B6D-F52A-11D8-B9A5-505054503030}
      and APPID
      {9E175B9C-F52A-11D8-B9A5-505054503030}
      to the user ADMINRG-1J5JNRA\Mawren SID (S-1-5-21-1270707468-547640072-2397267816-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.

      Error: (04/13/2017 06:58:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
      {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
      and APPID
      {F72671A9-012C-4725-9D2F-2A4D32D65169}
      to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

      Error: (04/13/2017 06:57:46 PM) (Source: DCOM) (EventID: 10016) (User: ADMINRG-1J5JNRA)
      Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
      {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
      and APPID
      {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
      to the user ADMINRG-1J5JNRA\Mawren SID (S-1-5-21-1270707468-547640072-2397267816-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

      Error: (04/13/2017 06:56:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
      and APPID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

      Error: (04/13/2017 06:56:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
      and APPID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

      Error: (04/13/2017 06:56:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
      Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
      {D63B10C5-BB46-4990-A94F-E40B9D520160}
      and APPID
      {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
      to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


      CodeIntegrity:
      ===================================
      Date: 2017-04-13 19:29:28.053
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

      Date: 2017-04-13 19:20:44.264
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

      Date: 2017-04-13 19:17:27.677
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
      Percentage of memory in use: 31%
      Total physical RAM: 8135.39 MB
      Available physical RAM: 5587.38 MB
      Total Virtual: 10055.39 MB
      Available Virtual: 7014.97 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:930.96 GB) (Free:883.33 GB) NTFS
      Drive f: (Child of Light) (CDROM) (Total:2.52 GB) (Free:0 GB) CDFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

      Partition: GPT.

      ==================== End of Addition.txt ============================

    4. #4
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      23.319

      Re: Eliminar qtipr.com

      Hola Sputnika



      Realiza los siguientes pasos sin cambiar el orden indicado:

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C1].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      Pega los reportes de Malwarebytes, AdwCleaner y JRT y comentas como va el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.