PDA

View Full Version : Problem with Bytefence.



EwellMan
2017-06-16, 17:56
Hello there, I recently downloaded some freeware from CNET and have been experiencing performance issues since then. I've also had a pop up from "Bytefence" telling me to install "anti-virus software".

Any assistance on getting rid of this nasty little thing would be greatly appreciated.

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by User (administrator) on USER-PC (16-06-2017 14:16:25)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Avid Technology, Inc.) C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardNetworkScanner.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files\Audient\USBAudioDriver\iD.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\ByteFence\rsLggr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1689368 2017-06-15] (BullGuard Ltd.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe [81920 2017-03-10] (Avid Technology, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456320 2017-06-07] (Power Software Ltd)
HKLM-x32\...\RunOnce: [Rehipokese] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\User\AppData\Roaming\Rehironosut"
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-06-05] (Spotify Ltd)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6949488 2017-06-05] (Spotify Ltd)
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [GoogleChromeAutoLaunch_EA977365BF5B2185FA52414E130E9AF9] => "C:\Users\User\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\MountPoints2: {51a241c1-08aa-11e7-80a4-74d435d74a2b} - E:\setup.exe
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-23] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-23] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-23] (BullGuard Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2017-03-14]
ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\iD.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-03-10]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{03728852-DDBB-42B5-B42A-BBD1216E3BB9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D1BC7903-255E-4DD6-9D24-E0F716868310}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> about:blank
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-06-16]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-09]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-09]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-09]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-09]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1551640 2017-06-15] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [672024 2017-06-15] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [185624 2017-06-15] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [505624 2017-06-15] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [5815064 2017-06-15] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [768280 2017-06-12] (BullGuard Ltd.)
R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BsNet.dll [561432 2017-06-15] (BullGuard Ltd.)
R2 BsNetworkScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardNetworkScanner.exe [458008 2017-06-15] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [325400 2017-06-15] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [424216 2017-06-15] (BullGuard Ltd.)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2017-05-29] (Byte Technologies LLC)
R2 DigiRefresh; C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe [81920 2017-03-10] (Avid Technology, Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-06-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 audientusbaudio; C:\Windows\System32\DRIVERS\audientusbaudio_x64.sys [288328 2015-12-08] ()
R3 audientusbaudioks; C:\Windows\System32\DRIVERS\audientusbaudioks_x64.sys [56904 2015-12-08] ()
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [174744 2016-08-31] (BullGuard Ltd.)
R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [152152 2017-06-12] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [76728 2016-01-13] (BullGuard Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-06-14] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-06-14] (Disc Soft Ltd)
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-03-14] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-03-14] (Disc Soft Ltd)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2016-09-07] ()
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [325752 2016-07-11] (BullGuard Ltd.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-03-31] (BitDefender S.R.L.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-16 14:16 - 2017-06-16 14:17 - 00022007 _____ C:\Users\User\Desktop\FRST.txt
2017-06-16 13:57 - 2017-06-16 13:58 - 05198336 _____ (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
2017-06-16 13:55 - 2017-06-16 13:59 - 02438656 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-06-16 13:42 - 2017-06-16 13:42 - 00001187 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2017-06-16 13:42 - 2017-06-16 13:42 - 00000000 __HDC C:\ProgramData\{72F2A743-44A4-4035-BE3B-80C2E67B0CEB}
2017-06-15 22:31 - 2017-06-15 22:31 - 00000000 __HDC C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2017-06-15 22:30 - 2017-06-15 22:30 - 00000000 ____D C:\Users\Public\Documents\Kontakt Factory Selection Library
2017-06-15 22:24 - 2017-06-15 22:24 - 652066816 _____ C:\Users\User\Downloads\Kontakt_Factory_Selection.iso
2017-06-15 16:57 - 2017-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2017-06-15 16:57 - 2016-09-07 14:26 - 00112408 _____ C:\Windows\system32\Drivers\NIWinCDEmu.sys
2017-06-15 16:51 - 2017-06-15 16:52 - 05621520 _____ (Native Instruments GmbH) C:\Users\User\Downloads\Kontakt_Factory_Selection_Downloader (1).exe
2017-06-15 16:40 - 2017-06-15 16:40 - 00000000 ____D C:\Users\User\Downloads\Kontakt_5_568_PC
2017-06-15 16:34 - 2017-06-16 10:35 - 2709453677 _____ C:\Users\User\Downloads\soundiron_olympus_elements_player_edition_1.5.zip
2017-06-15 16:29 - 2017-06-15 16:38 - 524710439 _____ C:\Users\User\Downloads\Kontakt_5_568_PC.zip
2017-06-15 16:23 - 2017-06-15 16:23 - 00001269 _____ C:\Users\Public\Desktop\Massive.lnk
2017-06-15 16:23 - 2017-06-15 16:23 - 00000000 __HDC C:\ProgramData\{C5CAF473-C900-4049-BCE5-A93E0EBA7EF2}
2017-06-15 16:16 - 2017-06-15 16:16 - 00000000 ____D C:\Users\User\AppData\Roaming\PowerISO
2017-06-15 16:15 - 2017-06-15 16:15 - 00000818 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-06-15 16:15 - 2017-06-15 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-06-15 16:15 - 2017-06-15 16:15 - 00000000 ____D C:\Program Files\PowerISO
2017-06-15 16:15 - 2017-06-07 01:36 - 00138296 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2017-06-15 16:14 - 2017-06-15 16:14 - 03991608 _____ (Power Software Ltd) C:\Users\User\Downloads\PowerISO6-x64.exe
2017-06-14 22:15 - 2017-06-14 22:15 - 00003472 _____ C:\Windows\System32\Tasks\ByteFence Scan
2017-06-14 22:15 - 2017-06-14 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2017-06-14 21:33 - 2017-06-14 21:33 - 00000000 ____D C:\ProgramData\ByteFence
2017-06-14 21:14 - 2017-06-14 21:17 - 00000000 ____D C:\Users\User\AppData\Local\chromium
2017-06-14 21:14 - 2017-06-14 21:14 - 00016073 _____ C:\Users\User\AppData\Roaming\REHIRONOSUT
2017-06-14 21:14 - 2017-06-14 21:14 - 00003364 _____ C:\Windows\System32\Tasks\ByteFence
2017-06-14 21:13 - 2017-06-16 14:14 - 00000264 _____ C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job
2017-06-14 21:13 - 2017-06-14 21:14 - 00003200 _____ C:\Windows\System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}
2017-06-14 21:13 - 2017-06-14 21:14 - 00000000 ____D C:\Users\User\AppData\Local\Sanahaf
2017-06-14 21:13 - 2017-06-14 21:13 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-06-14 21:12 - 2017-06-16 14:12 - 00000980 _____ C:\Windows\Tasks\Yahoo! Powered tarol.job
2017-06-14 21:12 - 2017-06-14 21:19 - 00000000 ____D C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}
2017-06-14 21:12 - 2017-06-14 21:12 - 00004008 _____ C:\Windows\System32\Tasks\Yahoo! Powered tarol
2017-06-14 21:12 - 2017-06-14 21:12 - 00001490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2017-06-14 21:12 - 2017-06-14 21:12 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-06-14 21:12 - 2017-06-14 21:12 - 00000000 ____D C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}
2017-06-14 21:11 - 2017-06-16 10:09 - 00000000 ____D C:\Program Files\ByteFence
2017-06-14 21:11 - 2017-06-14 21:11 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-06-14 21:11 - 2017-06-14 21:11 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2017-06-14 21:11 - 2017-06-14 21:11 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-06-14 21:08 - 2017-06-14 21:08 - 00694744 _____ (Disc Soft Ltd.) C:\Users\User\Downloads\DTLiteInstaller (1).exe
2017-06-14 17:57 - 2017-06-14 17:57 - 00001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2017-06-14 16:50 - 2017-06-14 16:50 - 00000000 ____D C:\Users\User\Documents\VideoPad Projects
2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\Users\User\AppData\Roaming\NCH Software
2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\ProgramData\NCH Software
2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-06-14 16:40 - 2017-06-14 16:40 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2017-06-14 16:40 - 2017-06-14 16:40 - 00001144 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2017-06-14 16:37 - 2017-06-14 16:38 - 05502688 _____ (NCH Software) C:\Users\User\Downloads\vpsetup.exe
2017-06-14 00:32 - 2017-06-02 09:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 00:32 - 2017-06-02 09:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 00:32 - 2017-06-02 09:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 00:32 - 2017-06-02 09:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 00:32 - 2017-06-02 09:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 00:32 - 2017-06-02 09:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-14 00:32 - 2017-06-02 09:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-14 00:32 - 2017-06-02 09:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-14 00:32 - 2017-06-02 09:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-14 00:32 - 2017-06-02 09:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 00:32 - 2017-06-02 09:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 00:32 - 2017-06-02 09:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 00:32 - 2017-06-02 09:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-14 00:32 - 2017-06-02 09:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 00:32 - 2017-06-02 09:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 00:32 - 2017-06-02 09:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-14 00:32 - 2017-06-02 09:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-14 00:32 - 2017-06-02 09:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-14 00:32 - 2017-06-02 09:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-14 00:32 - 2017-06-02 09:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-14 00:32 - 2017-06-02 09:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-14 00:32 - 2017-06-02 08:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 00:32 - 2017-06-02 08:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-14 00:32 - 2017-06-02 08:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-14 00:32 - 2017-06-02 08:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-14 00:32 - 2017-05-21 05:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-14 00:32 - 2017-05-21 05:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-14 00:32 - 2017-05-21 05:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-14 00:32 - 2017-05-21 05:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-14 00:32 - 2017-05-21 05:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-14 00:32 - 2017-05-21 04:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-14 00:32 - 2017-05-21 04:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 00:32 - 2017-05-21 04:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 00:32 - 2017-05-21 04:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-14 00:32 - 2017-05-21 04:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-14 00:32 - 2017-05-21 04:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-14 00:32 - 2017-05-21 04:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-14 00:32 - 2017-05-16 19:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-14 00:32 - 2017-05-16 18:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-14 00:32 - 2017-05-14 21:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-14 00:32 - 2017-05-14 21:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-14 00:32 - 2017-05-14 21:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-14 00:32 - 2017-05-14 21:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-14 00:32 - 2017-05-14 21:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-14 00:32 - 2017-05-14 21:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-14 00:32 - 2017-05-14 21:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 00:32 - 2017-05-14 21:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-14 00:32 - 2017-05-14 21:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 00:32 - 2017-05-14 21:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-14 00:32 - 2017-05-14 21:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-14 00:32 - 2017-05-14 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-14 00:32 - 2017-05-14 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 00:32 - 2017-05-14 21:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-14 00:32 - 2017-05-14 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-14 00:32 - 2017-05-14 21:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-14 00:32 - 2017-05-14 21:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-14 00:32 - 2017-05-14 20:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-14 00:32 - 2017-05-14 20:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 00:32 - 2017-05-14 20:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-14 00:32 - 2017-05-14 20:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-14 00:32 - 2017-05-14 20:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-14 00:32 - 2017-05-14 20:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-14 00:32 - 2017-05-14 20:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-14 00:32 - 2017-05-14 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-14 00:32 - 2017-05-14 20:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-14 00:32 - 2017-05-14 20:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-14 00:32 - 2017-05-14 20:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-14 00:32 - 2017-05-14 20:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-14 00:32 - 2017-05-14 20:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 00:32 - 2017-05-14 20:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-14 00:32 - 2017-05-14 20:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-14 00:32 - 2017-05-14 20:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-14 00:32 - 2017-05-14 20:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-14 00:32 - 2017-05-14 20:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 00:32 - 2017-05-14 20:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-14 00:32 - 2017-05-14 20:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-14 00:32 - 2017-05-14 20:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-14 00:32 - 2017-05-14 20:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-14 00:32 - 2017-05-14 20:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-14 00:32 - 2017-05-14 20:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-14 00:32 - 2017-05-14 20:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 00:32 - 2017-05-14 20:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-14 00:32 - 2017-05-14 20:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 00:32 - 2017-05-14 20:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-14 00:32 - 2017-05-14 20:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-14 00:32 - 2017-05-14 19:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-14 00:32 - 2017-05-14 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-14 00:32 - 2017-05-14 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-14 00:32 - 2017-05-14 19:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 00:32 - 2017-05-14 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-14 00:32 - 2017-05-14 19:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 00:32 - 2017-05-14 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-14 00:32 - 2017-05-14 19:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-14 00:32 - 2017-05-14 19:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-14 00:32 - 2017-05-14 19:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 00:32 - 2017-05-14 19:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-14 00:32 - 2017-05-14 19:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 00:32 - 2017-05-14 19:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-14 00:32 - 2017-05-14 19:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-14 00:32 - 2017-05-14 19:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 00:32 - 2017-05-14 19:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 00:32 - 2017-05-14 19:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 00:32 - 2017-05-14 19:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 00:32 - 2017-05-14 19:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 00:32 - 2017-05-14 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 00:32 - 2017-05-12 19:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-14 00:32 - 2017-05-12 19:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 00:32 - 2017-05-12 19:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-14 00:32 - 2017-05-12 19:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 00:32 - 2017-05-12 19:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-14 00:32 - 2017-05-12 19:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-14 00:32 - 2017-05-12 19:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 00:32 - 2017-05-12 19:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 18:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-14 00:32 - 2017-05-12 18:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-14 00:32 - 2017-05-12 18:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-14 00:32 - 2017-05-12 18:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 00:32 - 2017-05-12 18:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-14 00:32 - 2017-05-12 18:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-14 00:32 - 2017-05-12 18:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-14 00:32 - 2017-05-12 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 00:32 - 2017-05-12 18:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-14 00:32 - 2017-05-12 18:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-14 00:32 - 2017-05-12 18:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-14 00:32 - 2017-05-12 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-14 00:32 - 2017-05-12 18:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 18:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 18:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 18:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-14 00:32 - 2017-05-12 17:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 00:32 - 2017-05-12 16:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 00:32 - 2017-05-12 16:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 00:32 - 2017-05-10 16:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-14 00:32 - 2017-05-10 16:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 00:32 - 2017-05-10 16:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 00:32 - 2017-05-10 16:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-14 00:32 - 2017-05-10 16:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 00:32 - 2017-05-10 16:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 00:32 - 2017-05-10 16:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-14 00:32 - 2017-05-10 16:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-14 00:32 - 2017-05-10 16:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 00:32 - 2017-05-10 16:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 00:32 - 2017-05-10 16:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 00:32 - 2017-05-10 16:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-14 00:32 - 2017-05-10 16:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 00:32 - 2017-05-10 16:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-14 00:32 - 2017-05-10 16:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-14 00:32 - 2017-05-10 16:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 00:32 - 2017-05-10 16:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-14 00:32 - 2017-05-10 16:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 00:32 - 2017-05-10 16:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 00:32 - 2017-05-10 16:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 00:32 - 2017-05-10 16:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 00:32 - 2017-05-10 16:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-14 00:32 - 2017-05-10 15:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 00:32 - 2017-05-09 16:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 00:32 - 2017-05-09 16:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 00:32 - 2017-05-09 16:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-14 00:32 - 2017-05-07 16:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 00:32 - 2017-05-07 16:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-14 00:32 - 2017-04-27 23:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-14 00:32 - 2017-04-12 14:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-14 00:32 - 2017-03-30 16:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-14 00:32 - 2017-03-30 15:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-06 21:12 - 2017-06-06 21:12 - 47432536 _____ C:\Users\User\Desktop\Specimen Yarp Rough Demo.wav
2017-05-29 15:48 - 2017-05-29 15:48 - 00003635 _____ C:\Users\User\Documents\MRM.txt
2017-05-26 18:37 - 2017-05-26 18:37 - 00001803 _____ C:\Users\User\Documents\Race.txt
2017-05-23 15:22 - 2017-05-23 15:22 - 00171192 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2017-05-23 15:22 - 2017-05-23 15:22 - 00152640 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2017-05-23 15:22 - 2017-05-23 15:22 - 00076568 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2017-05-23 15:22 - 2017-05-23 15:22 - 00061720 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2017-05-20 22:54 - 2017-05-20 22:58 - 00005788 _____ C:\Users\User\Downloads\recentposts (1)
2017-05-19 18:39 - 2017-05-20 01:31 - 00002960 _____ C:\Users\User\Documents\Why Is Islam Powerful.txt
2017-05-19 16:21 - 2017-05-19 18:40 - 00002791 _____ C:\Users\User\Documents\Opium of the people.txt
2017-05-17 01:43 - 2017-06-01 00:48 - 00000076 _____ C:\Users\User\Documents\IP Address Monitoring.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-16 14:16 - 2017-03-10 17:06 - 00000000 ____D C:\ProgramData\BullGuard
2017-06-16 14:16 - 2017-01-31 19:28 - 00000000 ____D C:\FRST
2017-06-16 14:11 - 2017-04-04 18:22 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2017-06-16 13:41 - 2017-03-14 01:21 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2017-06-16 13:40 - 2017-03-14 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-06-16 13:40 - 2015-02-01 23:07 - 00000000 ____D C:\Users\User\Documents\Ableton
2017-06-16 12:25 - 2017-03-09 12:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-16 10:27 - 2017-03-10 18:54 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-16 10:07 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-16 10:07 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-16 09:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-15 22:31 - 2017-03-14 15:10 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2017-06-15 22:26 - 2017-03-09 12:39 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{35FB64CC-450A-4920-B6BA-C4B5F1E0ABD5}
2017-06-15 16:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-06-15 16:47 - 2017-03-09 12:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-15 16:27 - 2016-07-25 05:22 - 00000000 ___HD C:\Users\User\AppData\Local\iBWHlJX8
2017-06-15 16:26 - 2017-04-26 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2017-06-15 16:26 - 2015-11-12 23:26 - 00000000 ____D C:\Users\User\AvidLogFiles
2017-06-14 23:30 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-14 21:12 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-06-14 17:54 - 2017-04-09 18:14 - 00000000 ____D C:\Users\User\AppData\Roaming\audacity
2017-06-14 17:17 - 2015-10-21 16:51 - 00000000 ____D C:\Users\User\Documents\Pro Tools
2017-06-14 15:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-06-14 13:18 - 2017-04-04 18:27 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2017-06-14 13:15 - 2009-07-14 05:45 - 00310704 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 13:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-14 13:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-14 00:43 - 2017-03-09 16:11 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 00:40 - 2017-03-09 16:11 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-12 14:53 - 2017-03-11 00:16 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-06-12 12:56 - 2016-01-13 09:07 - 00152152 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\BdNet.sys

==================== Files in the root of some directories =======

2014-01-08 16:00 - 2014-01-08 16:00 - 2387968 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2014-01-08 16:00 - 2014-01-08 16:00 - 1732608 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2017-06-14 21:14 - 2017-06-14 21:14 - 0016073 _____ () C:\Users\User\AppData\Roaming\REHIRONOSUT

Files to move or delete:
====================
C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job


Some files in TEMP:
====================
2017-03-10 09:24 - 2017-03-10 09:24 - 1006272 _____ () C:\Users\User\AppData\Local\Temp\AppInstaller.exe
2017-06-14 21:10 - 2017-06-14 21:10 - 25660760 _____ (Disc Soft Ltd) C:\Users\User\AppData\Local\Temp\DTLite1051-0232.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-12 14:07

==================== End of FRST.txt ============================

And the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by User (16-06-2017 14:17:22)
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-03-08 16:58:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

3AACC6B7BD424F058228 (S-1-5-21-4088020178-4125591875-2159771896-1003 - Limited - Enabled)
Administrator (S-1-5-21-4088020178-4125591875-2159771896-500 - Administrator - Disabled)
Guest (S-1-5-21-4088020178-4125591875-2159771896-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4088020178-4125591875-2159771896-1002 - Limited - Enabled)
User (S-1-5-21-4088020178-4125591875-2159771896-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {13E9CAA5-762A-794E-2DA9-245D5622A105}
AS: BullGuard Antispyware (Enabled - Up to date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Enabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Audient USB Audio Driver v3.2.0 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 3.2.0 - Audient)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.2 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.2 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.2 - Avid Technology, Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.10.0.3 - Byte Technologies LLC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 4.00 - NCH Software)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MusicLab RealEight (32-bit) (x32 Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
MusicLab RealEight (64-bit) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
MusicLab RealEight (HKLM-x32\...\{550309f3-2bc9-43a7-8091-faaf92edb69f}) (Version: 1.0.0.7183 - MusicLab, Inc.)
MusicLab RealEight Sound Bank (x32 Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.5.13 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.0.4 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
Patch Avid Pro Tools 10.3.4 To Audioz (HKLM-x32\...\Patch Avid Pro Tools 10.3.4 To Audioz) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Spotify) (Version: 1.0.56.451.gb2f539fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version: - Berserk Games)
The Darkness II (HKLM\...\Steam App 67370) (Version: - Digital Extremes)
TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.03 - NCH Software)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Yahoo! Powered (HKLM-x32\...\{1110F9D0-4190-2850-F010-58D020908B50}) (Version: - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9}\InprocServer32 -> no filepath

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2B706FCF-EECC-43DB-B04D-448367923EFF} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
Task: {32C2AA08-FFF0-4136-B1E6-78B1F3A7128D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {35BDBD22-FF1A-4EBF-A893-03428688331C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {5F38844E-9FD7-477E-95F0-19C0CEF022C8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {6CADB191-B175-4F8B-A736-7B219A95AC9F} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2017-05-23] (BullGuard Ltd.)
Task: {6DE98112-627C-4EB8-B9A6-D0F3AA061913} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {81E12E1A-A757-4CE5-BCFA-D444FB7B93BD} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {8933D887-CB08-446C-95C5-39259BAEBE19} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
Task: {89A55B17-921A-499D-B3FF-2814E8575EA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
Task: {8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
Task: {B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} - System32\Tasks\Yahoo! Powered tarol => Wscript.exe "C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d433034332d3144323035413031393645457d5c73656c6f666f" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d4330 (the data entry has 80 more characters).
Task: {BDC8459B-A4AE-49C7-9A07-2C6FE2D01CB6} - System32\Tasks\NCH Software\DebutSevenDays => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2017-03-11] (NCH Software)
Task: {C2990F18-121E-4147-9C68-174DC6123266} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {DE3FD4F3-EB78-43D8-B4EF-8A854019DD10} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {F22E6C16-55E3-445C-A7C1-EF8ED4A5B8CD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {F6C73EAD-BE70-4F20-8649-9489614E99DB} - System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE [2017-06-14] ()
Task: {FC1F96F2-20AF-4EB1-9DB8-D8E13BBC7982} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Yahoo! Powered tarol.job => Wscript.exe C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt <==== ATTENTION
Task: C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\User\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-03-09 12:57 - 2017-02-09 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-05-23 15:22 - 2017-05-23 15:22 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2017-05-23 15:22 - 2017-05-23 15:22 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2017-05-23 15:22 - 2017-05-23 15:22 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2017-05-23 15:22 - 2017-05-23 15:22 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2016-05-25 13:38 - 2016-05-25 13:38 - 00129304 _____ () C:\Program Files\ByteFence\x64\lz4_x64.dll
2017-03-09 13:00 - 2017-02-23 19:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-09 13:00 - 2017-02-23 19:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-06-14 21:33 - 2017-06-14 21:33 - 00304456 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2017-06-14 21:33 - 2017-06-14 21:33 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2017-03-14 00:55 - 2016-07-08 12:04 - 06779392 _____ () C:\Program Files\Audient\USBAudioDriver\iD.exe
2017-03-10 16:47 - 2014-08-08 16:00 - 00844800 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2017-05-16 00:44 - 2017-05-09 10:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-16 00:44 - 2017-05-09 10:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-03-07 19:18 - 2017-03-07 19:18 - 00582936 _____ () C:\Program Files\ByteFence\rsLggr.exe
2017-03-09 13:00 - 2017-02-23 19:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-03-09 13:00 - 2017-02-23 19:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-09 13:00 - 2017-02-23 19:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-04-04 18:27 - 2017-06-05 21:08 - 67117168 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll
2017-03-14 00:55 - 2015-12-08 16:20 - 00228352 _____ () C:\Program Files\Audient\USBAudioDriver\audientusbaudioapi.dll
2017-03-10 16:47 - 2014-08-08 16:02 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2017-03-10 16:47 - 2014-05-13 18:59 - 00195072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2017-03-10 16:47 - 2014-05-27 11:54 - 00194560 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2017-03-10 16:47 - 2014-04-17 10:52 - 01206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-03-27 21:58 - 2016-10-08 16:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-03-27 21:58 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-03-09 13:00 - 2017-02-23 19:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-03-09 13:00 - 2017-02-23 15:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-03-09 13:00 - 2017-02-23 15:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-03-09 13:00 - 2017-02-23 15:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-03-09 13:00 - 2017-02-23 15:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-03-09 13:00 - 2017-02-23 15:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-03-09 13:00 - 2017-02-23 15:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-04-04 18:27 - 2017-06-05 21:08 - 02253424 _____ () C:\Users\User\AppData\Roaming\Spotify\libglesv2.dll
2017-04-04 18:27 - 2017-06-05 21:08 - 00086640 _____ () C:\Users\User\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\User\AppData\Local\iBWHlJX8:hGJpPNmbjjWHPuDd38U [2356]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2128]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2234]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2208]
AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:9LnhNkWZ3aNuA1WxSVvJWgC [2296]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-06-16 10:27 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{19AB83BE-F3EB-4F9A-8040-73646C8806C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{743D9F54-7C0C-46E7-A0F6-66684B8FF253}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9E4A24C8-8418-4D9C-B21E-97EAFFCA310E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{95CFD7A2-9884-4A55-94ED-C821E06063A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D765943C-4AA3-4563-B63E-6F03DE792CC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{317D88C5-5817-40BB-9A26-76E6BB82DD41}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C9137725-F1FA-4FF9-B8C6-CC4A6F496F2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3DF6E425-E5DE-41F9-BF79-F4E9B29AFFB8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6036C7FD-8B5A-427C-9520-30AB79A2BF6E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{699C5D0F-85FA-46C6-A53C-EFB26EB54CBC}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{56215C67-6208-407C-85C8-3956813951B0}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [{4A8CA582-F1E4-430E-A335-41A2F0EF8CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkness II\DarknessII.exe
FirewallRules: [{5962AC92-4064-4FF2-90B7-24882B538FDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkness II\DarknessII.exe
FirewallRules: [{94A8A751-4610-4F10-9E49-A636680C3BF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{71B2C506-56A8-46A3-AF42-C701469CA0AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{7C8A074A-FC11-4FD2-87FB-9FB3040712B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C16109FC-8080-4A3A-A291-EA156FDCE95A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{A4327B94-761E-412B-8329-EBF16F8C7278}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7EAD699E-AD7F-4F08-B126-90576DF92CA4}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C27CE04B-1C5D-4A45-BB84-9F51ACB2B6A0}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{20A66BE6-6015-49F2-B062-DEFCBDA98161}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6ABE9F3F-ACAE-4B2D-A8AB-A84A1C80909B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6F1FB56D-AC48-4399-8DB8-7B7767E727FC}] => (Allow) C:\Users\User\AppData\Local\Chromium\Application\chrome.exe

==================== Restore Points =========================

12-05-2017 01:20:30 Windows Update
16-05-2017 13:31:01 Windows Update
19-05-2017 13:52:39 Windows Update
23-05-2017 13:06:44 Windows Update
24-05-2017 01:19:27 Windows Update
30-05-2017 11:19:59 Windows Update
04-06-2017 05:25:00 Windows Update
09-06-2017 15:04:03 Windows Update
14-06-2017 00:29:52 Windows Update
14-06-2017 00:39:37 Windows Update
14-06-2017 21:12:25 Device Driver Package Install: Disc Soft Ltd Storage controllers
14-06-2017 21:13:46 Device Driver Package Install: Disc Soft Ltd Universal Serial Bus controllers
15-06-2017 16:25:45 Configured Waves Complete V9r15
15-06-2017 16:45:12 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
15-06-2017 16:45:56 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
15-06-2017 16:57:56 Device Driver Package Install: Native Instruments GmbH Storage controllers
16-06-2017 13:07:10 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
16-06-2017 13:07:47 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
16-06-2017 13:38:54 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
16-06-2017 13:39:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2017 10:04:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\wlc.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.8.2_Win32_Release\WavesQtLibs_4.8.2_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2017 10:04:39 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\GTR 3.5.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2017 10:04:39 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Element App.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2017 10:03:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/16/2017 09:59:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/15/2017 09:46:33 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\wlc.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.8.2_Win32_Release\WavesQtLibs_4.8.2_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/15/2017 09:46:32 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\GTR 3.5.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/15/2017 09:46:32 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Element App.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/15/2017 09:45:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/15/2017 09:39:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (06/15/2017 08:17:40 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 08:17:40 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 07:09:49 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 07:09:49 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 04:27:41 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 04:27:41 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 04:18:43 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 04:18:43 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 04:14:02 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.

Error: (06/15/2017 04:14:02 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 53%
Total physical RAM: 8053.92 MB
Available physical RAM: 3777.14 MB
Total Virtual: 16106.02 MB
Available Virtual: 10692.2 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:931.02 GB) (Free:211.81 GB) NTFS
Drive d: (KNEE_2013_DVD) (CDROM) (Total:1.65 GB) (Free:0 GB) UDF
Drive e: (KINGSTON) (Removable) (Total:14.54 GB) (Free:12.75 GB) FAT32
Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1520.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF4817BF)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 09A39BF8)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

And the Malwarebytes log:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-06-16 14:36:16
-----------------------------
14:36:16.259 OS Version: Windows x64 6.1.7601 Service Pack 1
14:36:16.259 Number of processors: 4 586 0x3C03
14:36:16.260 ComputerName: USER-PC UserName: User
14:36:17.206 Initialize success
14:36:17.311 VM: initialized successfully
14:36:17.311 VM: Intel CPU supported
14:36:21.871 VM: supported disk I/O ataport.SYS
15:48:10.384 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:48:10.387 Disk 0 Vendor: TOSHIBA_DT01ACA100 MS2OA750 Size: 953869MB BusType: 11
15:48:10.569 VM: Disk 0 MBR read successfully
15:48:10.571 Disk 0 MBR scan
15:48:10.572 Disk 0 Windows 7 default MBR code
15:48:10.574 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 499 MB offset 2048
15:48:10.582 Disk 0 default boot code
15:48:10.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953368 MB offset 1024000
15:48:10.595 Disk 0 scanning C:\Windows\system32\drivers
15:48:19.612 Service scanning
15:48:21.871 Service BdNet C:\Windows\system32\DRIVERS\BdNet.sys **LOCKED** 5
15:48:42.554 Modules scanning
15:48:42.559 Disk 0 trace - called modules:
15:48:42.584 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:48:42.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bdf060]
15:48:42.588 3 CLASSPNP.SYS[fffff8800193443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007929060]
15:48:42.590 Disk 0 statistics 103698/0/18 @ 6.31 MB/s
15:48:42.593 Scan finished successfully
15:53:01.710 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
15:53:01.762 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Juliet
2017-06-16, 19:39
Hi and welcome

These 2 items were listed in your add/remove programs list
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.10.0.3 - Byte Technologies LLC) <==== ATTENTION
Yahoo! Powered (HKLM-x32\...\{1110F9D0-4190-2850-F010-58D020908B50}) (Version: - ) <==== ATTENTION

If you can find both and remove/uninstall that will help. If you have any problems just continue with the Fix below

********************

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Or use this method Press the windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

http://i.imgur.com/15wKX7o.jpg


start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\ByteFence\rsLggr.exe
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\Program Files\ByteFence\ByteFenceService.exe
C:\Program Files\ByteFence
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2017-05-29] (Byte Technologies LLC)
C:\Program Files\ByteFence\ByteFenceService.exe
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-06-14] ()
C:\ProgramData\ByteFence
C:\Windows\System32\Tasks\ByteFence
C:\Program Files\ByteFence
C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job
2017-03-10 09:24 - 2017-03-10 09:24 - 1006272 _____ () C:\Users\User\AppData\Local\Temp\AppInstaller.exe
2017-06-14 21:10 - 2017-06-14 21:10 - 25660760 _____ (Disc Soft Ltd) C:\Users\User\AppData\Local\Temp\DTLite1051-0232.exe
Task: {2B706FCF-EECC-43DB-B04D-448367923EFF} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
Task: {8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
Task: {B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} - System32\Tasks\Yahoo! Powered tarol => Wscript.exe "C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d433034332d3144323035413031393645457d5c73656c6f666f" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d4330 (the data entry has 80 more characters).
Task: {F6C73EAD-BE70-4F20-8649-9489614E99DB} - System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE [2017-06-14] ()
Task: C:\Windows\Tasks\Yahoo! Powered tarol.job => Wscript.exe C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt <==== ATTENTION
Task: C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE
C:\Program Files\ByteFence\x64\lz4_x64.dll
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2017-06-14 21:33 - 2017-06-14 21:33 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\Program Files\ByteFence\rsLggr.exe
AlternateDataStreams: C:\Users\User\AppData\Local\iBWHlJX8:hGJpPNmbjjWHPuDd38U [2356]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2128]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2234]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2208]
AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:9LnhNkWZ3aNuA1WxSVvJWgC [2296]
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
http://i24.photobucket.com/albums/c30/ken545/MBAM3_zpsw0f8rn9n.jpg



Install the progam and select update.
Once updated, click the Settings tab, in the left panel choose Protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Start Scan.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/h3qKPnn.png Malwarebytes AdwCleaner

Please download Malwarebytes AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S0].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C0].txt) will open. Copy the contents of the log and paste in your next reply.

[i]-- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S0].txt.


please post
Fixlog.txt
Malwarebytes Anti-Malware
AdwCleaner.txt

EwellMan
2017-06-17, 15:06
Hello there, here is the fixlog firstly:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by User (17-06-2017 12:16:46) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\ByteFence\rsLggr.exe
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\Program Files\ByteFence\ByteFenceService.exe
C:\Program Files\ByteFence
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2017-05-29] (Byte Technologies LLC)
C:\Program Files\ByteFence\ByteFenceService.exe
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-06-14] ()
C:\ProgramData\ByteFence
C:\Windows\System32\Tasks\ByteFence
C:\Program Files\ByteFence
C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job
2017-03-10 09:24 - 2017-03-10 09:24 - 1006272 _____ () C:\Users\User\AppData\Local\Temp\AppInstaller.exe
2017-06-14 21:10 - 2017-06-14 21:10 - 25660760 _____ (Disc Soft Ltd) C:\Users\User\AppData\Local\Temp\DTLite1051-0232.exe
Task: {2B706FCF-EECC-43DB-B04D-448367923EFF} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
Task: {8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
Task: {B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} - System32\Tasks\Yahoo! Powered tarol => Wscript.exe "C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d433034332d3144323035413031393645457d5c73656c6f666f" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d4330 (the data entry has 80 more characters).
Task: {F6C73EAD-BE70-4F20-8649-9489614E99DB} - System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE [2017-06-14] ()
Task: C:\Windows\Tasks\Yahoo! Powered tarol.job => Wscript.exe C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt <==== ATTENTION
Task: C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE
C:\Program Files\ByteFence\x64\lz4_x64.dll
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2017-06-14 21:33 - 2017-06-14 21:33 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\Program Files\ByteFence\rsLggr.exe
AlternateDataStreams: C:\Users\User\AppData\Local\iBWHlJX8:hGJpPNmbjjWHPuDd38U [2356]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2128]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2234]
AlternateDataStreams: C:\Users\User\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2208]
AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:9LnhNkWZ3aNuA1WxSVvJWgC [2296]
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\ByteFence\rsLggr.exe => moved successfully
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe => moved successfully
C:\Program Files\ByteFence\ByteFenceService.exe => moved successfully
C:\Program Files\ByteFence => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\wlpg => key removed successfully
HKLM\Software\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\antiphishing@bullguard => value removed successfully
HKLM\System\CurrentControlSet\Services\ByteFenceService => key removed successfully
ByteFenceService => service removed successfully
"C:\Program Files\ByteFence\ByteFenceService.exe" => not found.
HKLM\System\CurrentControlSet\Services\rtop => key removed successfully
rtop => service removed successfully
C:\ProgramData\ByteFence => moved successfully
C:\Windows\System32\Tasks\ByteFence => moved successfully
"C:\Program Files\ByteFence" => not found.
C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => moved successfully
C:\Users\User\AppData\Local\Temp\AppInstaller.exe => moved successfully
C:\Users\User\AppData\Local\Temp\DTLite1051-0232.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B706FCF-EECC-43DB-B04D-448367923EFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B706FCF-EECC-43DB-B04D-448367923EFF} => key removed successfully
C:\Windows\System32\Tasks\ByteFence => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} => key removed successfully
C:\Windows\System32\Tasks\ByteFence Scan => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} => key removed successfully
C:\Windows\System32\Tasks\Yahoo! Powered tarol => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered tarol => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6C73EAD-BE70-4F20-8649-9489614E99DB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6C73EAD-BE70-4F20-8649-9489614E99DB} => key removed successfully
C:\Windows\System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => key removed successfully
C:\Windows\Tasks\Yahoo! Powered tarol.job => moved successfully
C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => not found.
"C:\Program Files\ByteFence\x64\lz4_x64.dll" => not found.
"C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => not found.
"C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => not found.
"C:\Program Files\ByteFence\rsLggr.exe" => not found.
C:\Users\User\AppData\Local\iBWHlJX8 => ":hGJpPNmbjjWHPuDd38U" ADS removed successfully.
C:\Users\User\AppData\Local\Temp => ":b7qXxbqTbYWneAuCuejvU" ADS removed successfully.
C:\Users\User\AppData\Local\Temp => ":EyajXVarKQMW3gvXYTKRojrWv" ADS removed successfully.
C:\Users\User\AppData\Local\Temp => ":XxRF4J8zmz2AxOZoq6TYF" ADS removed successfully.
C:\Users\User\AppData\Local\Temporary Internet Files => ":9LnhNkWZ3aNuA1WxSVvJWgC" ADS removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63091679 B
Java, Flash, Steam htmlcache => 81369552 B
Windows/system/drivers => 540346 B
Edge => 0 B
Chrome => 828487842 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 80976 B
User => 3552162093 B

RecycleBin => 4294428321 B
EmptyTemp: => 8.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:20:22 ====

With Malwarebytes I accidentally hit quarantine. I tried scanning again and it came up with no threats. This is the log I saved from the first scan before I hit quarantine:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/17/17
Scan Time: 12:28 PM
Log File: Logfile.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2169
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User-PC\User

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327458
Threats Detected: 39
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 9
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1110F9D0-4190-2850-F010-58D020908B50}, No Action By User, [91], [302717],1.0.2169
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, No Action By User, [639], [388725],1.0.2169
PUP.Optional.ProductSetup, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\PRODUCTSETUP, No Action By User, [14971], [242047],1.0.2169
PUP.Optional.ByteFence, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\ByteFence, No Action By User, [639], [388728],1.0.2169
PUP.Optional.InstallCore, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\csastats, No Action By User, [3], [260986],1.0.2169
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, No Action By User, [639], [389039],1.0.2169
PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, No Action By User, [639], [388723],1.0.2169
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, No Action By User, [639], [389038],1.0.2169
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, No Action By User, [639], [389038],1.0.2169

Registry Value: 3
PUP.Optional.NotChromeRun, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_EA977365BF5B2185FA52414E130E9AF9, No Action By User, [1400], [241243],1.0.2169
PUP.Optional.ProductSetup, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [14971], [242047],1.0.2169
Adware.DealPly.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|REHIPOKESE, No Action By User, [2849], [367966],1.0.2169

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.ByteFence, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ByteFence Anti-Malware, No Action By User, [639], [388719],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}, No Action By User, [91], [302717],1.0.2169

File: 24
PUP.Optional.ByteFence, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk, No Action By User, [639], [388719],1.0.2169
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, No Action By User, [91], [254335],1.0.2169
PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\chromium-min.jpg, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\control panel-min-min.JPG, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\down.png, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\ff menu.JPG, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\ff search engine-min.png, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\hp-min ff.png, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\hp-min ie.png, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\search engine.gif, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\setup pages.gif, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\sp-min.png, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\start-min.jpg, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\up.png, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\cotadala.dat, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\fonito.dat, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\install.log, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\necenod.exe, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\romarilet.dat, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\Sqlite3.dll, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\tonesa, No Action By User, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\uninst.exe, No Action By User, [91], [302717],1.0.2169
Adware.DealPly.Generic, C:\USERS\USER\APPDATA\ROAMING\REHIRONOSUT, No Action By User, [2849], [367966],1.0.2169

Physical Sector: 0
(No malicious items detected)


(end)

Juliet
2017-06-17, 23:25
Do you have the results of the Malwarebytes AdwCleaner scan?


~~~~~~~~~~~~~~~~~

Zemana AntiMalware Free

Please download it from here (https://www.zemana.com/Download/AntiMalware/Setup/Free/Zemana.AntiMalware.Setup.exe):


Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.


You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.

When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
without changing any options, press Scan


When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.

Zemana AntiMalware will now start to remove all the malicious programs from your computer.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

open Zemana AntiMalware again and locate the latest report
please paste the contents into your reply


When the process is complete, you can close Zemana AntiMalware


How is your computer now?

EwellMan
2017-06-18, 21:41
Hello again, I can't seem to locate the log for the malwarebytes scan as it didn't automatically pop up upon restart the way the FRST scan did.

Performance is still a bit sluggish, maybe a little better. Bytefence seems to have disappeared though so that's something positive!

Here's the Zemana log anyhow:

Zemana AntiMalware 2.74.2.49 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/6/18
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 127F85E7645DBFA846B718
Scan Type : System Scan
Duration : 39m 44s
Scanned Objects : 189381
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

PluginAlliance_KeyGen.exe
Status : Scanned
Object : %userprofile%\desktop\desktop\work\accusonus drumatom v1.5.0 win macosx incl.patched and keygen-r2r [deepstatus]\accusonus.drumatom.v1.5.0.incl.patched.and.keygen-r2r [deepstatus]\r2r-2046\r2r\pluginalliance_keygen.exe
MD5 : 46135C60B9CA1760BAD11B5A2CB54506
Publisher : -
Size : 943202
Version : -
Detection : PUA:Win32/SoftCrack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\desktop\desktop\work\accusonus drumatom v1.5.0 win macosx incl.patched and keygen-r2r [deepstatus]\accusonus.drumatom.v1.5.0.incl.patched.and.keygen-r2r [deepstatus]\r2r-2046\r2r\pluginalliance_keygen.exe

shotcut.exe
Status : Scanned
Object : %userprofile%\downloads\shotcut.exe
MD5 : 3589847A3663B982956ECD07CE7AFF51
Publisher : CHIP Digital GmbH
Size : 1496584
Version : 2.1.4.4
Detection : PUA:Win32/CHIP.AdsDownloader!Ep
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\shotcut.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 2
Reported as safe : 0
Failed : 0

Juliet
2017-06-19, 02:41
With Malwarebytes I accidentally hit quarantine. I tried scanning again and it came up with no threats. This is the log I saved from the first scan before I hit quarantine:
If you allowed it to quarantine what it found, good.

We can run another scan if you wish, update it first.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
~~~~~~~~~~~~~~~~~

Bytefence seems to have disappeared though so that's something positive!
Good deal.

*******************

Download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download/) and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click 1. Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply

===============

EwellMan
2017-06-24, 16:38
Hello, sorry for the delay in replies.

Here is the Malwarebytes report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/17/17
Scan Time: 12:28 PM
Log File: Malwarebytes Log.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2169
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User-PC\User

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327458
Threats Detected: 39
Threats Quarantined: 39
Time Elapsed: 6 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 9
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1110F9D0-4190-2850-F010-58D020908B50}, Quarantined, [91], [302717],1.0.2169
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, Quarantined, [639], [388725],1.0.2169
PUP.Optional.ProductSetup, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\PRODUCTSETUP, Quarantined, [14971], [242047],1.0.2169
PUP.Optional.ByteFence, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\ByteFence, Quarantined, [639], [388728],1.0.2169
PUP.Optional.InstallCore, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\csastats, Quarantined, [3], [260986],1.0.2169
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, Quarantined, [639], [389039],1.0.2169
PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, Quarantined, [639], [388723],1.0.2169
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Quarantined, [639], [389038],1.0.2169
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Quarantined, [639], [389038],1.0.2169

Registry Value: 3
PUP.Optional.NotChromeRun, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_EA977365BF5B2185FA52414E130E9AF9, Quarantined, [1400], [241243],1.0.2169
PUP.Optional.ProductSetup, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [14971], [242047],1.0.2169
Adware.DealPly.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|REHIPOKESE, Quarantined, [2849], [367966],1.0.2169

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.ByteFence, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ByteFence Anti-Malware, Quarantined, [639], [388719],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}, Quarantined, [91], [302717],1.0.2169

File: 24
PUP.Optional.ByteFence, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk, Quarantined, [639], [388719],1.0.2169
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Quarantined, [91], [254335],1.0.2169
PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\chromium-min.jpg, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\control panel-min-min.JPG, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\down.png, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\ff menu.JPG, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\ff search engine-min.png, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\hp-min ff.png, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\hp-min ie.png, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\search engine.gif, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\setup pages.gif, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\sp-min.png, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\start-min.jpg, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\up.png, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\cotadala.dat, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\fonito.dat, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\install.log, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\necenod.exe, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\romarilet.dat, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\Sqlite3.dll, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\tonesa, Quarantined, [91], [302717],1.0.2169
PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\uninst.exe, Quarantined, [91], [302717],1.0.2169
Adware.DealPly.Generic, C:\USERS\USER\APPDATA\ROAMING\REHIRONOSUT, Quarantined, [2849], [367966],1.0.2169

Physical Sector: 0
(No malicious items detected)


(end)

And the Emsisoft:

Emsisoft Emergency Kit - Version 2017.4
Last update: 24/06/2017 14:15:50
User account: User-PC\User
Computer name: USER-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 24/06/2017 14:31:25

Scanned 73680
Found 0

Scan end: 24/06/2017 14:37:47
Scan time: 0:06:22

Juliet
2017-06-25, 00:19
Good, everything looks to be quarantined now, how is your computer?

EwellMan
2017-07-04, 00:59
Hello again, Bytefence has definitely disappeared, my computer is still a bit sluggish, particularly when streaming videos but not as bad as it was before.

It could just be my computer getting old of course.

Juliet
2017-07-04, 14:19
DelFix


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**************************


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

Juliet
2017-07-08, 16:20
Glad we could help. :)http://i.imgur.com/SakDYGv.gif

Since this issue appears resolved ... this Topic is closed.