Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Problem with Bytefence.

  1. #1
    Junior Member
    Join Date
    Jun 2017
    Posts
    5

    Default Problem with Bytefence.

    Hello there, I recently downloaded some freeware from CNET and have been experiencing performance issues since then. I've also had a pop up from "Bytefence" telling me to install "anti-virus software".

    Any assistance on getting rid of this nasty little thing would be greatly appreciated.

    Here is the FRST log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
    Ran by User (administrator) on USER-PC (16-06-2017 14:16:25)
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available Profiles: User)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    (Avid Technology, Inc.) C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe
    (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardNetworkScanner.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
    () C:\Program Files\Audient\USBAudioDriver\iD.exe
    () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\ByteFence\rsLggr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1689368 2017-06-15] (BullGuard Ltd.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
    HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe [81920 2017-03-10] (Avid Technology, Inc.)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456320 2017-06-07] (Power Software Ltd)
    HKLM-x32\...\RunOnce: [Rehipokese] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\User\AppData\Roaming\Rehironosut"
    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-06-05] (Spotify Ltd)
    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6949488 2017-06-05] (Spotify Ltd)
    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Run: [GoogleChromeAutoLaunch_EA977365BF5B2185FA52414E130E9AF9] => "C:\Users\User\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\MountPoints2: {51a241c1-08aa-11e7-80a4-74d435d74a2b} - E:\setup.exe
    ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-23] (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-23] (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-23] (BullGuard Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2017-03-14]
    ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\iD.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-03-10]
    ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
    GroupPolicy: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{03728852-DDBB-42B5-B42A-BBD1216E3BB9}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{D1BC7903-255E-4DD6-9D24-E0F716868310}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> about:blank
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-06-16]
    CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-09]
    CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-09]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-09]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-09]
    CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-09]
    CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
    CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-09]
    CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
    CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1551640 2017-06-15] (BullGuard Ltd.)
    R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [672024 2017-06-15] (BullGuard Ltd.)
    R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [185624 2017-06-15] (BullGuard Ltd.)
    R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [505624 2017-06-15] (BullGuard Ltd.)
    R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [5815064 2017-06-15] (BullGuard Ltd.)
    R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [768280 2017-06-12] (BullGuard Ltd.)
    R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BsNet.dll [561432 2017-06-15] (BullGuard Ltd.)
    R2 BsNetworkScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardNetworkScanner.exe [458008 2017-06-15] (BullGuard Ltd.)
    R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [325400 2017-06-15] (BullGuard Ltd.)
    R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [424216 2017-06-15] (BullGuard Ltd.)
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2017-05-29] (Byte Technologies LLC)
    R2 DigiRefresh; C:\Program Files (x86)\Avid\Pro Tools\MMERefresh.exe [81920 2017-03-10] (Avid Technology, Inc.) [File not signed]
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
    R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
    R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-06-14] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 audientusbaudio; C:\Windows\System32\DRIVERS\audientusbaudio_x64.sys [288328 2015-12-08] ()
    R3 audientusbaudioks; C:\Windows\System32\DRIVERS\audientusbaudioks_x64.sys [56904 2015-12-08] ()
    R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [174744 2016-08-31] (BullGuard Ltd.)
    R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [152152 2017-06-12] (BullGuard Ltd.)
    R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [76728 2016-01-13] (BullGuard Ltd.)
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-06-14] (Disc Soft Ltd)
    S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-06-14] (Disc Soft Ltd)
    S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-03-14] (Disc Soft Ltd)
    S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-03-14] (Disc Soft Ltd)
    R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2016-09-07] ()
    R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [325752 2016-07-11] (BullGuard Ltd.)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
    R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-03-31] (BitDefender S.R.L.)
    R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
    R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-16 14:16 - 2017-06-16 14:17 - 00022007 _____ C:\Users\User\Desktop\FRST.txt
    2017-06-16 13:57 - 2017-06-16 13:58 - 05198336 _____ (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
    2017-06-16 13:55 - 2017-06-16 13:59 - 02438656 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
    2017-06-16 13:42 - 2017-06-16 13:42 - 00001187 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
    2017-06-16 13:42 - 2017-06-16 13:42 - 00000000 __HDC C:\ProgramData\{72F2A743-44A4-4035-BE3B-80C2E67B0CEB}
    2017-06-15 22:31 - 2017-06-15 22:31 - 00000000 __HDC C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
    2017-06-15 22:30 - 2017-06-15 22:30 - 00000000 ____D C:\Users\Public\Documents\Kontakt Factory Selection Library
    2017-06-15 22:24 - 2017-06-15 22:24 - 652066816 _____ C:\Users\User\Downloads\Kontakt_Factory_Selection.iso
    2017-06-15 16:57 - 2017-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Native Instruments
    2017-06-15 16:57 - 2016-09-07 14:26 - 00112408 _____ C:\Windows\system32\Drivers\NIWinCDEmu.sys
    2017-06-15 16:51 - 2017-06-15 16:52 - 05621520 _____ (Native Instruments GmbH) C:\Users\User\Downloads\Kontakt_Factory_Selection_Downloader (1).exe
    2017-06-15 16:40 - 2017-06-15 16:40 - 00000000 ____D C:\Users\User\Downloads\Kontakt_5_568_PC
    2017-06-15 16:34 - 2017-06-16 10:35 - 2709453677 _____ C:\Users\User\Downloads\soundiron_olympus_elements_player_edition_1.5.zip
    2017-06-15 16:29 - 2017-06-15 16:38 - 524710439 _____ C:\Users\User\Downloads\Kontakt_5_568_PC.zip
    2017-06-15 16:23 - 2017-06-15 16:23 - 00001269 _____ C:\Users\Public\Desktop\Massive.lnk
    2017-06-15 16:23 - 2017-06-15 16:23 - 00000000 __HDC C:\ProgramData\{C5CAF473-C900-4049-BCE5-A93E0EBA7EF2}
    2017-06-15 16:16 - 2017-06-15 16:16 - 00000000 ____D C:\Users\User\AppData\Roaming\PowerISO
    2017-06-15 16:15 - 2017-06-15 16:15 - 00000818 _____ C:\Users\Public\Desktop\PowerISO.lnk
    2017-06-15 16:15 - 2017-06-15 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
    2017-06-15 16:15 - 2017-06-15 16:15 - 00000000 ____D C:\Program Files\PowerISO
    2017-06-15 16:15 - 2017-06-07 01:36 - 00138296 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
    2017-06-15 16:14 - 2017-06-15 16:14 - 03991608 _____ (Power Software Ltd) C:\Users\User\Downloads\PowerISO6-x64.exe
    2017-06-14 22:15 - 2017-06-14 22:15 - 00003472 _____ C:\Windows\System32\Tasks\ByteFence Scan
    2017-06-14 22:15 - 2017-06-14 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    2017-06-14 21:33 - 2017-06-14 21:33 - 00000000 ____D C:\ProgramData\ByteFence
    2017-06-14 21:14 - 2017-06-14 21:17 - 00000000 ____D C:\Users\User\AppData\Local\chromium
    2017-06-14 21:14 - 2017-06-14 21:14 - 00016073 _____ C:\Users\User\AppData\Roaming\REHIRONOSUT
    2017-06-14 21:14 - 2017-06-14 21:14 - 00003364 _____ C:\Windows\System32\Tasks\ByteFence
    2017-06-14 21:13 - 2017-06-16 14:14 - 00000264 _____ C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job
    2017-06-14 21:13 - 2017-06-14 21:14 - 00003200 _____ C:\Windows\System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}
    2017-06-14 21:13 - 2017-06-14 21:14 - 00000000 ____D C:\Users\User\AppData\Local\Sanahaf
    2017-06-14 21:13 - 2017-06-14 21:13 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
    2017-06-14 21:12 - 2017-06-16 14:12 - 00000980 _____ C:\Windows\Tasks\Yahoo! Powered tarol.job
    2017-06-14 21:12 - 2017-06-14 21:19 - 00000000 ____D C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}
    2017-06-14 21:12 - 2017-06-14 21:12 - 00004008 _____ C:\Windows\System32\Tasks\Yahoo! Powered tarol
    2017-06-14 21:12 - 2017-06-14 21:12 - 00001490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
    2017-06-14 21:12 - 2017-06-14 21:12 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-06-14 21:12 - 2017-06-14 21:12 - 00000000 ____D C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}
    2017-06-14 21:11 - 2017-06-16 10:09 - 00000000 ____D C:\Program Files\ByteFence
    2017-06-14 21:11 - 2017-06-14 21:11 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2017-06-14 21:11 - 2017-06-14 21:11 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
    2017-06-14 21:11 - 2017-06-14 21:11 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
    2017-06-14 21:08 - 2017-06-14 21:08 - 00694744 _____ (Disc Soft Ltd.) C:\Users\User\Downloads\DTLiteInstaller (1).exe
    2017-06-14 17:57 - 2017-06-14 17:57 - 00001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
    2017-06-14 16:50 - 2017-06-14 16:50 - 00000000 ____D C:\Users\User\Documents\VideoPad Projects
    2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
    2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\Users\User\AppData\Roaming\NCH Software
    2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\ProgramData\NCH Software
    2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
    2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
    2017-06-14 16:40 - 2017-06-14 17:57 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2017-06-14 16:40 - 2017-06-14 16:40 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
    2017-06-14 16:40 - 2017-06-14 16:40 - 00001144 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
    2017-06-14 16:37 - 2017-06-14 16:38 - 05502688 _____ (NCH Software) C:\Users\User\Downloads\vpsetup.exe
    2017-06-14 00:32 - 2017-06-02 09:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-06-14 00:32 - 2017-06-02 09:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2017-06-14 00:32 - 2017-06-02 09:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2017-06-14 00:32 - 2017-06-02 09:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2017-06-14 00:32 - 2017-06-02 09:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2017-06-14 00:32 - 2017-06-02 09:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
    2017-06-14 00:32 - 2017-06-02 09:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-06-14 00:32 - 2017-06-02 09:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2017-06-14 00:32 - 2017-06-02 09:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2017-06-14 00:32 - 2017-06-02 09:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2017-06-14 00:32 - 2017-06-02 09:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2017-06-14 00:32 - 2017-06-02 09:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-06-14 00:32 - 2017-06-02 09:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2017-06-14 00:32 - 2017-06-02 09:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2017-06-14 00:32 - 2017-06-02 09:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2017-06-14 00:32 - 2017-06-02 09:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2017-06-14 00:32 - 2017-06-02 09:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2017-06-14 00:32 - 2017-06-02 09:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2017-06-14 00:32 - 2017-06-02 09:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
    2017-06-14 00:32 - 2017-06-02 09:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2017-06-14 00:32 - 2017-06-02 09:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2017-06-14 00:32 - 2017-06-02 08:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2017-06-14 00:32 - 2017-06-02 08:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2017-06-14 00:32 - 2017-06-02 08:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2017-06-14 00:32 - 2017-06-02 08:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2017-06-14 00:32 - 2017-05-21 05:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-06-14 00:32 - 2017-05-21 05:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-06-14 00:32 - 2017-05-21 05:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-06-14 00:32 - 2017-05-21 05:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-06-14 00:32 - 2017-05-21 05:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-06-14 00:32 - 2017-05-21 04:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-06-14 00:32 - 2017-05-21 04:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-06-14 00:32 - 2017-05-21 04:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-06-14 00:32 - 2017-05-21 04:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-06-14 00:32 - 2017-05-21 04:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-06-14 00:32 - 2017-05-21 04:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-06-14 00:32 - 2017-05-21 04:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-06-14 00:32 - 2017-05-16 19:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-06-14 00:32 - 2017-05-16 18:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-06-14 00:32 - 2017-05-14 21:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-06-14 00:32 - 2017-05-14 21:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-06-14 00:32 - 2017-05-14 21:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-06-14 00:32 - 2017-05-14 21:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-06-14 00:32 - 2017-05-14 21:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-06-14 00:32 - 2017-05-14 21:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-06-14 00:32 - 2017-05-14 21:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-06-14 00:32 - 2017-05-14 21:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-06-14 00:32 - 2017-05-14 21:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-06-14 00:32 - 2017-05-14 21:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-06-14 00:32 - 2017-05-14 21:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-06-14 00:32 - 2017-05-14 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-06-14 00:32 - 2017-05-14 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-06-14 00:32 - 2017-05-14 21:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-06-14 00:32 - 2017-05-14 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-06-14 00:32 - 2017-05-14 21:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-06-14 00:32 - 2017-05-14 21:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-06-14 00:32 - 2017-05-14 20:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-06-14 00:32 - 2017-05-14 20:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-06-14 00:32 - 2017-05-14 20:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-06-14 00:32 - 2017-05-14 20:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-06-14 00:32 - 2017-05-14 20:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-06-14 00:32 - 2017-05-14 20:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-06-14 00:32 - 2017-05-14 20:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-06-14 00:32 - 2017-05-14 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-06-14 00:32 - 2017-05-14 20:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-06-14 00:32 - 2017-05-14 20:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-06-14 00:32 - 2017-05-14 20:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-06-14 00:32 - 2017-05-14 20:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-06-14 00:32 - 2017-05-14 20:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-06-14 00:32 - 2017-05-14 20:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-06-14 00:32 - 2017-05-14 20:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-06-14 00:32 - 2017-05-14 20:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-06-14 00:32 - 2017-05-14 20:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-06-14 00:32 - 2017-05-14 20:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-06-14 00:32 - 2017-05-14 20:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-06-14 00:32 - 2017-05-14 20:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-06-14 00:32 - 2017-05-14 20:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-06-14 00:32 - 2017-05-14 20:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-06-14 00:32 - 2017-05-14 20:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-06-14 00:32 - 2017-05-14 20:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-06-14 00:32 - 2017-05-14 20:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-06-14 00:32 - 2017-05-14 20:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-06-14 00:32 - 2017-05-14 20:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-06-14 00:32 - 2017-05-14 20:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-06-14 00:32 - 2017-05-14 20:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-06-14 00:32 - 2017-05-14 19:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-06-14 00:32 - 2017-05-14 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-06-14 00:32 - 2017-05-14 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-06-14 00:32 - 2017-05-14 19:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-06-14 00:32 - 2017-05-14 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-06-14 00:32 - 2017-05-14 19:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-06-14 00:32 - 2017-05-14 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-06-14 00:32 - 2017-05-14 19:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-06-14 00:32 - 2017-05-14 19:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-06-14 00:32 - 2017-05-14 19:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-06-14 00:32 - 2017-05-14 19:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-06-14 00:32 - 2017-05-14 19:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-06-14 00:32 - 2017-05-14 19:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-06-14 00:32 - 2017-05-14 19:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-06-14 00:32 - 2017-05-14 19:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-06-14 00:32 - 2017-05-14 19:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-06-14 00:32 - 2017-05-14 19:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-06-14 00:32 - 2017-05-14 19:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-06-14 00:32 - 2017-05-14 19:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-06-14 00:32 - 2017-05-14 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-06-14 00:32 - 2017-05-12 19:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-06-14 00:32 - 2017-05-12 19:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-06-14 00:32 - 2017-05-12 19:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-06-14 00:32 - 2017-05-12 19:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-06-14 00:32 - 2017-05-12 19:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-06-14 00:32 - 2017-05-12 19:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-06-14 00:32 - 2017-05-12 19:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-06-14 00:32 - 2017-05-12 19:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 19:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 18:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-06-14 00:32 - 2017-05-12 18:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-06-14 00:32 - 2017-05-12 18:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-06-14 00:32 - 2017-05-12 18:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-06-14 00:32 - 2017-05-12 18:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-06-14 00:32 - 2017-05-12 18:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-06-14 00:32 - 2017-05-12 18:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-06-14 00:32 - 2017-05-12 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-06-14 00:32 - 2017-05-12 18:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-06-14 00:32 - 2017-05-12 18:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-06-14 00:32 - 2017-05-12 18:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-06-14 00:32 - 2017-05-12 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-06-14 00:32 - 2017-05-12 18:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 18:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 18:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 18:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-06-14 00:32 - 2017-05-12 17:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-06-14 00:32 - 2017-05-12 16:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-06-14 00:32 - 2017-05-12 16:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-06-14 00:32 - 2017-05-10 16:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
    2017-06-14 00:32 - 2017-05-10 16:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-06-14 00:32 - 2017-05-10 16:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-06-14 00:32 - 2017-05-10 16:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-06-14 00:32 - 2017-05-10 16:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-06-14 00:32 - 2017-05-10 16:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-06-14 00:32 - 2017-05-10 16:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-06-14 00:32 - 2017-05-10 16:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
    2017-06-14 00:32 - 2017-05-10 16:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-06-14 00:32 - 2017-05-10 16:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-06-14 00:32 - 2017-05-10 16:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-06-14 00:32 - 2017-05-10 16:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-06-14 00:32 - 2017-05-10 16:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-06-14 00:32 - 2017-05-10 16:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-06-14 00:32 - 2017-05-10 16:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-06-14 00:32 - 2017-05-10 16:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-06-14 00:32 - 2017-05-10 16:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-06-14 00:32 - 2017-05-10 16:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-06-14 00:32 - 2017-05-10 16:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-06-14 00:32 - 2017-05-10 16:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-06-14 00:32 - 2017-05-10 16:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-06-14 00:32 - 2017-05-10 16:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-06-14 00:32 - 2017-05-10 15:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2017-06-14 00:32 - 2017-05-09 16:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-06-14 00:32 - 2017-05-09 16:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2017-06-14 00:32 - 2017-05-09 16:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-06-14 00:32 - 2017-05-07 16:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-06-14 00:32 - 2017-05-07 16:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2017-06-14 00:32 - 2017-04-27 23:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
    2017-06-14 00:32 - 2017-04-12 14:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
    2017-06-14 00:32 - 2017-03-30 16:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
    2017-06-14 00:32 - 2017-03-30 15:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    2017-06-06 21:12 - 2017-06-06 21:12 - 47432536 _____ C:\Users\User\Desktop\Specimen Yarp Rough Demo.wav
    2017-05-29 15:48 - 2017-05-29 15:48 - 00003635 _____ C:\Users\User\Documents\MRM.txt
    2017-05-26 18:37 - 2017-05-26 18:37 - 00001803 _____ C:\Users\User\Documents\Race.txt
    2017-05-23 15:22 - 2017-05-23 15:22 - 00171192 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
    2017-05-23 15:22 - 2017-05-23 15:22 - 00152640 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
    2017-05-23 15:22 - 2017-05-23 15:22 - 00076568 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
    2017-05-23 15:22 - 2017-05-23 15:22 - 00061720 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
    2017-05-20 22:54 - 2017-05-20 22:58 - 00005788 _____ C:\Users\User\Downloads\recentposts (1)
    2017-05-19 18:39 - 2017-05-20 01:31 - 00002960 _____ C:\Users\User\Documents\Why Is Islam Powerful.txt
    2017-05-19 16:21 - 2017-05-19 18:40 - 00002791 _____ C:\Users\User\Documents\Opium of the people.txt
    2017-05-17 01:43 - 2017-06-01 00:48 - 00000076 _____ C:\Users\User\Documents\IP Address Monitoring.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-06-16 14:16 - 2017-03-10 17:06 - 00000000 ____D C:\ProgramData\BullGuard
    2017-06-16 14:16 - 2017-01-31 19:28 - 00000000 ____D C:\FRST
    2017-06-16 14:11 - 2017-04-04 18:22 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
    2017-06-16 13:41 - 2017-03-14 01:21 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
    2017-06-16 13:40 - 2017-03-14 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
    2017-06-16 13:40 - 2015-02-01 23:07 - 00000000 ____D C:\Users\User\Documents\Ableton
    2017-06-16 12:25 - 2017-03-09 12:57 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-06-16 10:27 - 2017-03-10 18:54 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-06-16 10:07 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-06-16 10:07 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-06-16 09:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-06-15 22:31 - 2017-03-14 15:10 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
    2017-06-15 22:26 - 2017-03-09 12:39 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{35FB64CC-450A-4920-B6BA-C4B5F1E0ABD5}
    2017-06-15 16:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
    2017-06-15 16:47 - 2017-03-09 12:54 - 00000000 ____D C:\ProgramData\Package Cache
    2017-06-15 16:27 - 2016-07-25 05:22 - 00000000 ___HD C:\Users\User\AppData\Local\iBWHlJX8
    2017-06-15 16:26 - 2017-04-26 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
    2017-06-15 16:26 - 2015-11-12 23:26 - 00000000 ____D C:\Users\User\AvidLogFiles
    2017-06-14 23:30 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-06-14 21:12 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2017-06-14 17:54 - 2017-04-09 18:14 - 00000000 ____D C:\Users\User\AppData\Roaming\audacity
    2017-06-14 17:17 - 2015-10-21 16:51 - 00000000 ____D C:\Users\User\Documents\Pro Tools
    2017-06-14 15:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2017-06-14 13:18 - 2017-04-04 18:27 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
    2017-06-14 13:15 - 2009-07-14 05:45 - 00310704 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-06-14 13:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2017-06-14 13:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\migwiz
    2017-06-14 00:43 - 2017-03-09 16:11 - 00000000 ____D C:\Windows\system32\MRT
    2017-06-14 00:40 - 2017-03-09 16:11 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-06-12 14:53 - 2017-03-11 00:16 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
    2017-06-12 12:56 - 2016-01-13 09:07 - 00152152 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\BdNet.sys

    ==================== Files in the root of some directories =======

    2014-01-08 16:00 - 2014-01-08 16:00 - 2387968 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
    2014-01-08 16:00 - 2014-01-08 16:00 - 1732608 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
    2017-06-14 21:14 - 2017-06-14 21:14 - 0016073 _____ () C:\Users\User\AppData\Roaming\REHIRONOSUT

    Files to move or delete:
    ====================
    C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job


    Some files in TEMP:
    ====================
    2017-03-10 09:24 - 2017-03-10 09:24 - 1006272 _____ () C:\Users\User\AppData\Local\Temp\AppInstaller.exe
    2017-06-14 21:10 - 2017-06-14 21:10 - 25660760 _____ (Disc Soft Ltd) C:\Users\User\AppData\Local\Temp\DTLite1051-0232.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-06-12 14:07

    ==================== End of FRST.txt ============================

    And the Addition.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
    Ran by User (16-06-2017 14:17:22)
    Running from C:\Users\User\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2017-03-08 16:58:46)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    3AACC6B7BD424F058228 (S-1-5-21-4088020178-4125591875-2159771896-1003 - Limited - Enabled)
    Administrator (S-1-5-21-4088020178-4125591875-2159771896-500 - Administrator - Disabled)
    Guest (S-1-5-21-4088020178-4125591875-2159771896-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4088020178-4125591875-2159771896-1002 - Limited - Enabled)
    User (S-1-5-21-4088020178-4125591875-2159771896-1000 - Administrator - Enabled) => C:\Users\User

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: BullGuard Antivirus (Enabled - Up to date) {13E9CAA5-762A-794E-2DA9-245D5622A105}
    AS: BullGuard Antispyware (Enabled - Up to date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: BullGuard Firewall (Enabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
    Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
    Audient USB Audio Driver v3.2.0 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 3.2.0 - Audient)
    Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.2 - Avid Technology, Inc.)
    Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.2 - Avid Technology, Inc.)
    Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.2 - Avid Technology, Inc.)
    BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
    ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.10.0.3 - Byte Technologies LLC) <==== ATTENTION
    CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 4.00 - NCH Software)
    Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
    License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
    License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    MusicLab RealEight (32-bit) (x32 Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
    MusicLab RealEight (64-bit) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
    MusicLab RealEight (HKLM-x32\...\{550309f3-2bc9-43a7-8091-faaf92edb69f}) (Version: 1.0.0.7183 - MusicLab, Inc.)
    MusicLab RealEight Sound Bank (x32 Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
    Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
    Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
    Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
    Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
    Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.5.13 - Native Instruments)
    Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.0.4 - Native Instruments)
    Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
    Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
    Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
    NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
    NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
    NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
    OpenOffice 4.1.3 (HKLM-x32\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
    Patch Avid Pro Tools 10.3.4 To Audioz (HKLM-x32\...\Patch Avid Pro Tools 10.3.4 To Audioz) (Version: - )
    PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
    SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
    Spotify (HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\Spotify) (Version: 1.0.56.451.gb2f539fc - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Tabletop Simulator (HKLM\...\Steam App 286160) (Version: - Berserk Games)
    The Darkness II (HKLM\...\Steam App 67370) (Version: - Digital Extremes)
    TP-LINK Archer T2U_T2UH Driver (HKLM-x32\...\{F2496892-5295-4208-AB93-21F1AFD07C97}) (Version: 1.3.1 - TP-LINK)
    TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 5.03 - NCH Software)
    Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
    Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
    Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
    Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
    WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
    Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
    Yahoo! Powered (HKLM-x32\...\{1110F9D0-4190-2850-F010-58D020908B50}) (Version: - ) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\...\ChromeHTML: -> <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9}\InprocServer32 -> no filepath

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2B706FCF-EECC-43DB-B04D-448367923EFF} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
    Task: {32C2AA08-FFF0-4136-B1E6-78B1F3A7128D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {35BDBD22-FF1A-4EBF-A893-03428688331C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
    Task: {5F38844E-9FD7-477E-95F0-19C0CEF022C8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
    Task: {6CADB191-B175-4F8B-A736-7B219A95AC9F} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2017-05-23] (BullGuard Ltd.)
    Task: {6DE98112-627C-4EB8-B9A6-D0F3AA061913} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
    Task: {81E12E1A-A757-4CE5-BCFA-D444FB7B93BD} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
    Task: {8933D887-CB08-446C-95C5-39259BAEBE19} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
    Task: {89A55B17-921A-499D-B3FF-2814E8575EA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-09] (Google Inc.)
    Task: {8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
    Task: {B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} - System32\Tasks\Yahoo! Powered tarol => Wscript.exe "C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d433034332d3144323035413031393645457d5c73656c6f666f" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d4330 (the data entry has 80 more characters).
    Task: {BDC8459B-A4AE-49C7-9A07-2C6FE2D01CB6} - System32\Tasks\NCH Software\DebutSevenDays => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2017-03-11] (NCH Software)
    Task: {C2990F18-121E-4147-9C68-174DC6123266} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
    Task: {DE3FD4F3-EB78-43D8-B4EF-8A854019DD10} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
    Task: {F22E6C16-55E3-445C-A7C1-EF8ED4A5B8CD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
    Task: {F6C73EAD-BE70-4F20-8649-9489614E99DB} - System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE [2017-06-14] ()
    Task: {FC1F96F2-20AF-4EB1-9DB8-D8E13BBC7982} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Yahoo! Powered tarol.job => Wscript.exe C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt <==== ATTENTION
    Task: C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\User\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

    ==================== Loaded Modules (Whitelisted) ==============

    2017-03-09 12:57 - 2017-02-09 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-05-23 15:22 - 2017-05-23 15:22 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
    2017-05-23 15:22 - 2017-05-23 15:22 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
    2017-05-23 15:22 - 2017-05-23 15:22 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
    2017-05-23 15:22 - 2017-05-23 15:22 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
    2016-05-25 13:38 - 2016-05-25 13:38 - 00129304 _____ () C:\Program Files\ByteFence\x64\lz4_x64.dll
    2017-03-09 13:00 - 2017-02-23 19:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-03-09 13:00 - 2017-02-23 19:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
    2017-06-14 21:33 - 2017-06-14 21:33 - 00304456 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2017-06-14 21:33 - 2017-06-14 21:33 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    2017-03-14 00:55 - 2016-07-08 12:04 - 06779392 _____ () C:\Program Files\Audient\USBAudioDriver\iD.exe
    2017-03-10 16:47 - 2014-08-08 16:00 - 00844800 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
    2017-05-16 00:44 - 2017-05-09 10:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
    2017-05-16 00:44 - 2017-05-09 10:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
    2017-03-07 19:18 - 2017-03-07 19:18 - 00582936 _____ () C:\Program Files\ByteFence\rsLggr.exe
    2017-03-09 13:00 - 2017-02-23 19:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2017-03-09 13:00 - 2017-02-23 19:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-03-09 13:00 - 2017-02-23 19:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
    2017-04-04 18:27 - 2017-06-05 21:08 - 67117168 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll
    2017-03-14 00:55 - 2015-12-08 16:20 - 00228352 _____ () C:\Program Files\Audient\USBAudioDriver\audientusbaudioapi.dll
    2017-03-10 16:47 - 2014-08-08 16:02 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
    2017-03-10 16:47 - 2014-05-13 18:59 - 00195072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
    2017-03-10 16:47 - 2014-05-27 11:54 - 00194560 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
    2017-03-10 16:47 - 2014-04-17 10:52 - 01206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
    2017-03-27 21:58 - 2016-10-08 16:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2017-03-27 21:58 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2017-03-09 13:00 - 2017-02-23 19:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
    2017-03-09 13:00 - 2017-02-23 15:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
    2017-03-09 13:00 - 2017-02-23 15:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
    2017-03-09 13:00 - 2017-02-23 15:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
    2017-03-09 13:00 - 2017-02-23 15:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
    2017-03-09 13:00 - 2017-02-23 15:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
    2017-03-09 13:00 - 2017-02-23 15:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
    2017-04-04 18:27 - 2017-06-05 21:08 - 02253424 _____ () C:\Users\User\AppData\Roaming\Spotify\libglesv2.dll
    2017-04-04 18:27 - 2017-06-05 21:08 - 00086640 _____ () C:\Users\User\AppData\Roaming\Spotify\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\User\AppData\Local\iBWHlJX8:hGJpPNmbjjWHPuDd38U [2356]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2128]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2234]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2208]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:9LnhNkWZ3aNuA1WxSVvJWgC [2296]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2017-06-16 10:27 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{19AB83BE-F3EB-4F9A-8040-73646C8806C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{743D9F54-7C0C-46E7-A0F6-66684B8FF253}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{9E4A24C8-8418-4D9C-B21E-97EAFFCA310E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{95CFD7A2-9884-4A55-94ED-C821E06063A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{D765943C-4AA3-4563-B63E-6F03DE792CC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{317D88C5-5817-40BB-9A26-76E6BB82DD41}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{C9137725-F1FA-4FF9-B8C6-CC4A6F496F2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3DF6E425-E5DE-41F9-BF79-F4E9B29AFFB8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{6036C7FD-8B5A-427C-9520-30AB79A2BF6E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [TCP Query User{699C5D0F-85FA-46C6-A53C-EFB26EB54CBC}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
    FirewallRules: [UDP Query User{56215C67-6208-407C-85C8-3956813951B0}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe
    FirewallRules: [{4A8CA582-F1E4-430E-A335-41A2F0EF8CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkness II\DarknessII.exe
    FirewallRules: [{5962AC92-4064-4FF2-90B7-24882B538FDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkness II\DarknessII.exe
    FirewallRules: [{94A8A751-4610-4F10-9E49-A636680C3BF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
    FirewallRules: [{71B2C506-56A8-46A3-AF42-C701469CA0AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
    FirewallRules: [{7C8A074A-FC11-4FD2-87FB-9FB3040712B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
    FirewallRules: [{C16109FC-8080-4A3A-A291-EA156FDCE95A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
    FirewallRules: [TCP Query User{A4327B94-761E-412B-8329-EBF16F8C7278}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{7EAD699E-AD7F-4F08-B126-90576DF92CA4}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{C27CE04B-1C5D-4A45-BB84-9F51ACB2B6A0}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{20A66BE6-6015-49F2-B062-DEFCBDA98161}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{6ABE9F3F-ACAE-4B2D-A8AB-A84A1C80909B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{6F1FB56D-AC48-4399-8DB8-7B7767E727FC}] => (Allow) C:\Users\User\AppData\Local\Chromium\Application\chrome.exe

    ==================== Restore Points =========================

    12-05-2017 01:20:30 Windows Update
    16-05-2017 13:31:01 Windows Update
    19-05-2017 13:52:39 Windows Update
    23-05-2017 13:06:44 Windows Update
    24-05-2017 01:19:27 Windows Update
    30-05-2017 11:19:59 Windows Update
    04-06-2017 05:25:00 Windows Update
    09-06-2017 15:04:03 Windows Update
    14-06-2017 00:29:52 Windows Update
    14-06-2017 00:39:37 Windows Update
    14-06-2017 21:12:25 Device Driver Package Install: Disc Soft Ltd Storage controllers
    14-06-2017 21:13:46 Device Driver Package Install: Disc Soft Ltd Universal Serial Bus controllers
    15-06-2017 16:25:45 Configured Waves Complete V9r15
    15-06-2017 16:45:12 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
    15-06-2017 16:45:56 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
    15-06-2017 16:57:56 Device Driver Package Install: Native Instruments GmbH Storage controllers
    16-06-2017 13:07:10 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
    16-06-2017 13:07:47 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
    16-06-2017 13:38:54 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
    16-06-2017 13:39:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/16/2017 10:04:42 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\wlc.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.8.2_Win32_Release\WavesQtLibs_4.8.2_Win32_Release.MANIFEST" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
    Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/16/2017 10:04:39 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\GTR 3.5.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
    Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/16/2017 10:04:39 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Element App.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
    Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/16/2017 10:03:52 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (06/16/2017 09:59:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (06/15/2017 09:46:33 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\wlc.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.8.2_Win32_Release\WavesQtLibs_4.8.2_Win32_Release.MANIFEST" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
    Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/15/2017 09:46:32 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\GTR 3.5.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
    Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/15/2017 09:46:32 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\Element App.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
    Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/15/2017 09:45:49 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (06/15/2017 09:39:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    System errors:
    =============
    Error: (06/15/2017 08:17:40 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 08:17:40 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 07:09:49 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 07:09:49 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 04:27:41 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 04:27:41 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 04:18:43 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 04:18:43 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 04:14:02 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.

    Error: (06/15/2017 04:14:02 PM) (Source: NetBT) (EventID: 4307) (User: )
    Description: Initialization failed because the transport refused to open initial addresses.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
    Percentage of memory in use: 53%
    Total physical RAM: 8053.92 MB
    Available physical RAM: 3777.14 MB
    Total Virtual: 16106.02 MB
    Available Virtual: 10692.2 MB

    ==================== Drives ================================

    Drive c: (OSDisk) (Fixed) (Total:931.02 GB) (Free:211.81 GB) NTFS
    Drive d: (KNEE_2013_DVD) (CDROM) (Total:1.65 GB) (Free:0 GB) UDF
    Drive e: (KINGSTON) (Removable) (Total:14.54 GB) (Free:12.75 GB) FAT32
    Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1520.98 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF4817BF)
    Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 14.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)

    ========================================================
    Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 09A39BF8)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    And the Malwarebytes log:

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-06-16 14:36:16
    -----------------------------
    14:36:16.259 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:36:16.259 Number of processors: 4 586 0x3C03
    14:36:16.260 ComputerName: USER-PC UserName: User
    14:36:17.206 Initialize success
    14:36:17.311 VM: initialized successfully
    14:36:17.311 VM: Intel CPU supported
    14:36:21.871 VM: supported disk I/O ataport.SYS
    15:48:10.384 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:48:10.387 Disk 0 Vendor: TOSHIBA_DT01ACA100 MS2OA750 Size: 953869MB BusType: 11
    15:48:10.569 VM: Disk 0 MBR read successfully
    15:48:10.571 Disk 0 MBR scan
    15:48:10.572 Disk 0 Windows 7 default MBR code
    15:48:10.574 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 499 MB offset 2048
    15:48:10.582 Disk 0 default boot code
    15:48:10.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953368 MB offset 1024000
    15:48:10.595 Disk 0 scanning C:\Windows\system32\drivers
    15:48:19.612 Service scanning
    15:48:21.871 Service BdNet C:\Windows\system32\DRIVERS\BdNet.sys **LOCKED** 5
    15:48:42.554 Modules scanning
    15:48:42.559 Disk 0 trace - called modules:
    15:48:42.584 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    15:48:42.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bdf060]
    15:48:42.588 3 CLASSPNP.SYS[fffff8800193443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007929060]
    15:48:42.590 Disk 0 statistics 103698/0/18 @ 6.31 MB/s
    15:48:42.593 Scan finished successfully
    15:53:01.710 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
    15:53:01.762 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,223

    Default

    Hi and welcome

    These 2 items were listed in your add/remove programs list
    ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.10.0.3 - Byte Technologies LLC) <==== ATTENTION
    Yahoo! Powered (HKLM-x32\...\{1110F9D0-4190-2850-F010-58D020908B50}) (Version: - ) <==== ATTENTION

    If you can find both and remove/uninstall that will help. If you have any problems just continue with the Fix below

    ********************

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Or use this method Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.

    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files\ByteFence\rsLggr.exe
    C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    C:\Program Files\ByteFence\ByteFenceService.exe
    C:\Program Files\ByteFence
    GroupPolicy: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2017-05-29] (Byte Technologies LLC)
    C:\Program Files\ByteFence\ByteFenceService.exe
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-06-14] ()
    C:\ProgramData\ByteFence
    C:\Windows\System32\Tasks\ByteFence
    C:\Program Files\ByteFence
    C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job
    2017-03-10 09:24 - 2017-03-10 09:24 - 1006272 _____ () C:\Users\User\AppData\Local\Temp\AppInstaller.exe
    2017-06-14 21:10 - 2017-06-14 21:10 - 25660760 _____ (Disc Soft Ltd) C:\Users\User\AppData\Local\Temp\DTLite1051-0232.exe
    Task: {2B706FCF-EECC-43DB-B04D-448367923EFF} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
    Task: {8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
    Task: {B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} - System32\Tasks\Yahoo! Powered tarol => Wscript.exe "C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d433034332d3144323035413031393645457d5c73656c6f666f" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d4330 (the data entry has 80 more characters).
    Task: {F6C73EAD-BE70-4F20-8649-9489614E99DB} - System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE [2017-06-14] ()
    Task: C:\Windows\Tasks\Yahoo! Powered tarol.job => Wscript.exe C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt <==== ATTENTION
    Task: C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE
    C:\Program Files\ByteFence\x64\lz4_x64.dll
    C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2017-06-14 21:33 - 2017-06-14 21:33 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    C:\Program Files\ByteFence\rsLggr.exe
    AlternateDataStreams: C:\Users\User\AppData\Local\iBWHlJX8:hGJpPNmbjjWHPuDd38U [2356]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2128]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2234]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2208]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:9LnhNkWZ3aNuA1WxSVvJWgC [2296]
    CMD: ipconfig /flushdns
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here

    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"



    Install the progam and select update.
    Once updated, click the Settings tab, in the left panel choose Protection and tick Scan for rootkits.
    Click the Scan tab, choose Threat Scan is checked and click Start Scan.
    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Malwarebytes AdwCleaner
    • Please download Malwarebytes AdwCleaner and save the file to your Desktop
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click [img=http://i.imgur.com/MqHawIb.png] Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S0].txt.


    please post
    Fixlog.txt
    Malwarebytes Anti-Malware
    AdwCleaner.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Jun 2017
    Posts
    5

    Default

    Hello there, here is the fixlog firstly:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
    Ran by User (17-06-2017 12:16:46) Run:1
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available Profiles: User)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files\ByteFence\rsLggr.exe
    C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    C:\Program Files\ByteFence\ByteFenceService.exe
    C:\Program Files\ByteFence
    GroupPolicy: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4088020178-4125591875-2159771896-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0DyEtAyD0DyByE0AtB0B0F0BtB0FtN0D0Tzu0StCzyzytCtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyDzztC0D0CtGtCyDtC0AtGtC0BtCyDtGtByEtAtDtGzytDtCzytD0CtD0B0FyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyD0FzztDyC0C0AtG0FtB0D0FtGyE0D0DtBtGzyzyzzzytG0F0DtA0A0AtAzzyBzy0C0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAtCtDtA%26cr%3D1058123717%26a%3Dwbf_ir_17_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2017-05-29] (Byte Technologies LLC)
    C:\Program Files\ByteFence\ByteFenceService.exe
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-06-14] ()
    C:\ProgramData\ByteFence
    C:\Windows\System32\Tasks\ByteFence
    C:\Program Files\ByteFence
    C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job
    2017-03-10 09:24 - 2017-03-10 09:24 - 1006272 _____ () C:\Users\User\AppData\Local\Temp\AppInstaller.exe
    2017-06-14 21:10 - 2017-06-14 21:10 - 25660760 _____ (Disc Soft Ltd) C:\Users\User\AppData\Local\Temp\DTLite1051-0232.exe
    Task: {2B706FCF-EECC-43DB-B04D-448367923EFF} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
    Task: {8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-05-29] (Byte Technologies LLC) <==== ATTENTION
    Task: {B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} - System32\Tasks\Yahoo! Powered tarol => Wscript.exe "C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d433034332d3144323035413031393645457d5c73656c6f666f" "433a5c50726f6772616d446174615c7b43434337303941342d343638352d383336322d4330 (the data entry has 80 more characters).
    Task: {F6C73EAD-BE70-4F20-8649-9489614E99DB} - System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE [2017-06-14] ()
    Task: C:\Windows\Tasks\Yahoo! Powered tarol.job => Wscript.exe C:\ProgramData\{CCC709A4-4685-8362-C043-1D205A0196EE}\fafe.txt <==== ATTENTION
    Task: C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => C:\Users\User\AppData\Local\Sanahaf\PRODUC~1.EXE
    C:\Program Files\ByteFence\x64\lz4_x64.dll
    C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2017-06-14 21:33 - 2017-06-14 21:33 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    C:\Program Files\ByteFence\rsLggr.exe
    AlternateDataStreams: C:\Users\User\AppData\Local\iBWHlJX8:hGJpPNmbjjWHPuDd38U [2356]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2128]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2234]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2208]
    AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:9LnhNkWZ3aNuA1WxSVvJWgC [2296]
    CMD: ipconfig /flushdns
    EmptyTemp:
    Hosts:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Program Files\ByteFence\rsLggr.exe => moved successfully
    C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe => moved successfully
    C:\Program Files\ByteFence\ByteFenceService.exe => moved successfully
    C:\Program Files\ByteFence => moved successfully
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\Software\Classes\PROTOCOLS\Handler\wlpg => key removed successfully
    HKLM\Software\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\antiphishing@bullguard => value removed successfully
    HKLM\System\CurrentControlSet\Services\ByteFenceService => key removed successfully
    ByteFenceService => service removed successfully
    "C:\Program Files\ByteFence\ByteFenceService.exe" => not found.
    HKLM\System\CurrentControlSet\Services\rtop => key removed successfully
    rtop => service removed successfully
    C:\ProgramData\ByteFence => moved successfully
    C:\Windows\System32\Tasks\ByteFence => moved successfully
    "C:\Program Files\ByteFence" => not found.
    C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => moved successfully
    C:\Users\User\AppData\Local\Temp\AppInstaller.exe => moved successfully
    C:\Users\User\AppData\Local\Temp\DTLite1051-0232.exe => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B706FCF-EECC-43DB-B04D-448367923EFF} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B706FCF-EECC-43DB-B04D-448367923EFF} => key removed successfully
    C:\Windows\System32\Tasks\ByteFence => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F9EFB62-9299-4EC7-9214-1CA8F4B6E253} => key removed successfully
    C:\Windows\System32\Tasks\ByteFence Scan => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D97E2F-98BC-489F-874E-A2EDFBCBFFE3} => key removed successfully
    C:\Windows\System32\Tasks\Yahoo! Powered tarol => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered tarol => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6C73EAD-BE70-4F20-8649-9489614E99DB} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6C73EAD-BE70-4F20-8649-9489614E99DB} => key removed successfully
    C:\Windows\System32\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47FA3CBE-A263-64FE-C5FF-58F793D45F77} => key removed successfully
    C:\Windows\Tasks\Yahoo! Powered tarol.job => moved successfully
    C:\Windows\Tasks\{47FA3CBE-A263-64FE-C5FF-58F793D45F77}.job => not found.
    "C:\Program Files\ByteFence\x64\lz4_x64.dll" => not found.
    "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => not found.
    "C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => not found.
    "C:\Program Files\ByteFence\rsLggr.exe" => not found.
    C:\Users\User\AppData\Local\iBWHlJX8 => ":hGJpPNmbjjWHPuDd38U" ADS removed successfully.
    C:\Users\User\AppData\Local\Temp => ":b7qXxbqTbYWneAuCuejvU" ADS removed successfully.
    C:\Users\User\AppData\Local\Temp => ":EyajXVarKQMW3gvXYTKRojrWv" ADS removed successfully.
    C:\Users\User\AppData\Local\Temp => ":XxRF4J8zmz2AxOZoq6TYF" ADS removed successfully.
    C:\Users\User\AppData\Local\Temporary Internet Files => ":9LnhNkWZ3aNuA1WxSVvJWgC" ADS removed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63091679 B
    Java, Flash, Steam htmlcache => 81369552 B
    Windows/system/drivers => 540346 B
    Edge => 0 B
    Chrome => 828487842 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 66356 B
    systemprofile32 => 66228 B
    LocalService => 0 B
    NetworkService => 80976 B
    User => 3552162093 B

    RecycleBin => 4294428321 B
    EmptyTemp: => 8.2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:20:22 ====

    With Malwarebytes I accidentally hit quarantine. I tried scanning again and it came up with no threats. This is the log I saved from the first scan before I hit quarantine:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 6/17/17
    Scan Time: 12:28 PM
    Log File: Logfile.txt
    Administrator: Yes

    -Software Information-
    Version: 3.1.2.1733
    Components Version: 1.0.139
    Update Package Version: 1.0.2169
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: User-PC\User

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 327458
    Threats Detected: 39
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 6 min, 10 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 9
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1110F9D0-4190-2850-F010-58D020908B50}, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, No Action By User, [639], [388725],1.0.2169
    PUP.Optional.ProductSetup, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\PRODUCTSETUP, No Action By User, [14971], [242047],1.0.2169
    PUP.Optional.ByteFence, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\ByteFence, No Action By User, [639], [388728],1.0.2169
    PUP.Optional.InstallCore, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\csastats, No Action By User, [3], [260986],1.0.2169
    PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, No Action By User, [639], [389039],1.0.2169
    PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, No Action By User, [639], [388723],1.0.2169
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, No Action By User, [639], [389038],1.0.2169
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, No Action By User, [639], [389038],1.0.2169

    Registry Value: 3
    PUP.Optional.NotChromeRun, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_EA977365BF5B2185FA52414E130E9AF9, No Action By User, [1400], [241243],1.0.2169
    PUP.Optional.ProductSetup, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [14971], [242047],1.0.2169
    Adware.DealPly.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|REHIPOKESE, No Action By User, [2849], [367966],1.0.2169

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 3
    PUP.Optional.ByteFence, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ByteFence Anti-Malware, No Action By User, [639], [388719],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}, No Action By User, [91], [302717],1.0.2169

    File: 24
    PUP.Optional.ByteFence, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk, No Action By User, [639], [388719],1.0.2169
    PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, No Action By User, [91], [254335],1.0.2169
    PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\chromium-min.jpg, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\control panel-min-min.JPG, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\down.png, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\ff menu.JPG, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\ff search engine-min.png, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\hp-min ff.png, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\hp-min ie.png, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\search engine.gif, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\setup pages.gif, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\sp-min.png, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\start-min.jpg, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\up.png, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\cotadala.dat, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\fonito.dat, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\install.log, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\necenod.exe, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\romarilet.dat, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\Sqlite3.dll, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\tonesa, No Action By User, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\uninst.exe, No Action By User, [91], [302717],1.0.2169
    Adware.DealPly.Generic, C:\USERS\USER\APPDATA\ROAMING\REHIRONOSUT, No Action By User, [2849], [367966],1.0.2169

    Physical Sector: 0
    (No malicious items detected)


    (end)

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,223

    Default

    Do you have the results of the Malwarebytes AdwCleaner scan?


    ~~~~~~~~~~~~~~~~~

    Zemana AntiMalware Free

    Please download it from here:


    Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.


    You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.

    When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
    without changing any options, press Scan


    When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.

    Zemana AntiMalware will now start to remove all the malicious programs from your computer.

    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
    • open Zemana AntiMalware again and locate the latest report
    • please paste the contents into your reply


    When the process is complete, you can close Zemana AntiMalware


    How is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Junior Member
    Join Date
    Jun 2017
    Posts
    5

    Default

    Hello again, I can't seem to locate the log for the malwarebytes scan as it didn't automatically pop up upon restart the way the FRST scan did.

    Performance is still a bit sluggish, maybe a little better. Bytefence seems to have disappeared though so that's something positive!

    Here's the Zemana log anyhow:

    Zemana AntiMalware 2.74.2.49 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2017/6/18
    Operating System : Windows 7 64-bit
    Processor : 4X Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
    BIOS Mode : Legacy
    CUID : 127F85E7645DBFA846B718
    Scan Type : System Scan
    Duration : 39m 44s
    Scanned Objects : 189381
    Detected Objects : 2
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    PluginAlliance_KeyGen.exe
    Status : Scanned
    Object : %userprofile%\desktop\desktop\work\accusonus drumatom v1.5.0 win macosx incl.patched and keygen-r2r [deepstatus]\accusonus.drumatom.v1.5.0.incl.patched.and.keygen-r2r [deepstatus]\r2r-2046\r2r\pluginalliance_keygen.exe
    MD5 : 46135C60B9CA1760BAD11B5A2CB54506
    Publisher : -
    Size : 943202
    Version : -
    Detection : PUA:Win32/SoftCrack.Gen
    Cleaning Action : Quarantine
    Related Objects :
    File - %userprofile%\desktop\desktop\work\accusonus drumatom v1.5.0 win macosx incl.patched and keygen-r2r [deepstatus]\accusonus.drumatom.v1.5.0.incl.patched.and.keygen-r2r [deepstatus]\r2r-2046\r2r\pluginalliance_keygen.exe

    shotcut.exe
    Status : Scanned
    Object : %userprofile%\downloads\shotcut.exe
    MD5 : 3589847A3663B982956ECD07CE7AFF51
    Publisher : CHIP Digital GmbH
    Size : 1496584
    Version : 2.1.4.4
    Detection : PUA:Win32/CHIP.AdsDownloader!Ep
    Cleaning Action : Quarantine
    Related Objects :
    File - %userprofile%\downloads\shotcut.exe


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 2
    Reported as safe : 0
    Failed : 0

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,223

    Default

    With Malwarebytes I accidentally hit quarantine. I tried scanning again and it came up with no threats. This is the log I saved from the first scan before I hit quarantine:
    If you allowed it to quarantine what it found, good.

    We can run another scan if you wish, update it first.
    The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    ~~~~~~~~~~~~~~~~~
    Bytefence seems to have disappeared though so that's something positive!
    Good deal.

    *******************
    • Download Emsisoft Emergency Kit and save it to your desktop.
    • Double-click icon then click Install
    • A Window should open highlighting Start Emergency Kit Scanner
    • Right click on the icon and select Run as administrator
    • Click 1. Update now!
    • Once the update is completed select Settings under Scan
    • Uncheck Join the Emsisoft Anti-Malware Network
    • Click Scan at the top
    • Click On scan completion
    • Click Quarantine detected objects, then click OK
    • Click Malware Scan
    • Once completed click View Report
    • Save the file to your Desktop using the default file name
    • Copy and paste the report in your reply

    ===============
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  7. #7
    Junior Member
    Join Date
    Jun 2017
    Posts
    5

    Default

    Hello, sorry for the delay in replies.

    Here is the Malwarebytes report:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 6/17/17
    Scan Time: 12:28 PM
    Log File: Malwarebytes Log.txt
    Administrator: Yes

    -Software Information-
    Version: 3.1.2.1733
    Components Version: 1.0.139
    Update Package Version: 1.0.2169
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: User-PC\User

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 327458
    Threats Detected: 39
    Threats Quarantined: 39
    Time Elapsed: 6 min, 10 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 9
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1110F9D0-4190-2850-F010-58D020908B50}, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, Quarantined, [639], [388725],1.0.2169
    PUP.Optional.ProductSetup, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\PRODUCTSETUP, Quarantined, [14971], [242047],1.0.2169
    PUP.Optional.ByteFence, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\ByteFence, Quarantined, [639], [388728],1.0.2169
    PUP.Optional.InstallCore, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\csastats, Quarantined, [3], [260986],1.0.2169
    PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, Quarantined, [639], [389039],1.0.2169
    PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, Quarantined, [639], [388723],1.0.2169
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Quarantined, [639], [389038],1.0.2169
    PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Quarantined, [639], [389038],1.0.2169

    Registry Value: 3
    PUP.Optional.NotChromeRun, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_EA977365BF5B2185FA52414E130E9AF9, Quarantined, [1400], [241243],1.0.2169
    PUP.Optional.ProductSetup, HKU\S-1-5-21-4088020178-4125591875-2159771896-1000\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [14971], [242047],1.0.2169
    Adware.DealPly.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|REHIPOKESE, Quarantined, [2849], [367966],1.0.2169

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 3
    PUP.Optional.ByteFence, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ByteFence Anti-Malware, Quarantined, [639], [388719],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}, Quarantined, [91], [302717],1.0.2169

    File: 24
    PUP.Optional.ByteFence, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk, Quarantined, [639], [388719],1.0.2169
    PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Quarantined, [91], [254335],1.0.2169
    PUP.Optional.WinYahoo, C:\USERS\USER\APPDATA\LOCAL\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\chromium-min.jpg, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\control panel-min-min.JPG, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\down.png, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\ff menu.JPG, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\ff search engine-min.png, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\hp-min ff.png, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\hp-min ie.png, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\search engine.gif, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\setup pages.gif, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\sp-min.png, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\start-min.jpg, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\HowToRemove\up.png, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\cotadala.dat, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\fonito.dat, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\install.log, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\necenod.exe, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\romarilet.dat, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\Sqlite3.dll, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\tonesa, Quarantined, [91], [302717],1.0.2169
    PUP.Optional.WinYahoo, C:\Users\User\AppData\Local\{A58593D9-812D-FF61-ECB5-DA89C8DD2611}\uninst.exe, Quarantined, [91], [302717],1.0.2169
    Adware.DealPly.Generic, C:\USERS\USER\APPDATA\ROAMING\REHIRONOSUT, Quarantined, [2849], [367966],1.0.2169

    Physical Sector: 0
    (No malicious items detected)


    (end)

    And the Emsisoft:

    Emsisoft Emergency Kit - Version 2017.4
    Last update: 24/06/2017 14:15:50
    User account: User-PC\User
    Computer name: USER-PC
    OS version: Windows 7x64 Service Pack 1

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: Off
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 24/06/2017 14:31:25

    Scanned 73680
    Found 0

    Scan end: 24/06/2017 14:37:47
    Scan time: 0:06:22

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,223

    Default

    Good, everything looks to be quarantined now, how is your computer?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  9. #9
    Junior Member
    Join Date
    Jun 2017
    Posts
    5

    Default

    Hello again, Bytefence has definitely disappeared, my computer is still a bit sluggish, particularly when streaming videos but not as bad as it was before.

    It could just be my computer getting old of course.

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,223

    Default

    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    **************************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •