Script Zhpfix O38 - TASK: {DABF2B61-0488-43C8-BD87-31BB7E511C44} [64Bits][\WebDiscover Browser Update Task] - (.DESKTOP-UBDNRUU\Cha - Browser.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe [918240] C:\Windows\System32\Tasks\WebDiscover Browser Update Task - (.DESKTOP-UBDNRUU\Cha.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe [--update] O4 - HKCU\..\Run: [WebDiscoverBrowser] . (. - Browser.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] . (. - .) -- /q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe (.Not File.) O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] . (. - .) -- /q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe (.Not File.) O4 - HKUS\S-1-5-19\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000 O4 - HKUS\S-1-5-20\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000 G2 - GCE: Preference [Cha][User Data\Default\Extensions] [ehlceeijggpdgfcefmipcmdelickjgfg] Hermes Tab G2 - GCE: Preference [Cha][User Data\Default\Extensions] [nahhmpbckpgdidfnmfkfgiflpjijilce] Search Manager G2 - GCE: Preference [Cha][User Data\Default\Extensions] [pilplloabdedfmialnfchjomjmpjcoej] Search Manager O4 - GS\Programs [Cha]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html O4 - GS\Programs [defaultuser0]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html O4 - GS\Programs [Family]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html O4 - GS\Programs [Public]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html O4 - GS\ProgramsCommon [Public]: HowToRemove.html.lnk . (...) C:\Users\Cha\AppData\Local\{CB9AFDC6-EF32-917E-82AA-B496A6C2480E}\HowToRemove\HowToRemove.html O4 - GS\ProgramsCommon [Public]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{CB9AFDC6-EF32-917E-82AA-B496A6C2480E}\HowToRemove\HowToRemove.html [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:WebDiscoverBrowser HKU\.DEFAULT\Software\ByteFence HKU\S-1-5-18\Software\ByteFence HKCU\Software\WebDiscoverBrowser HKCU\Software\csastats HKCU\Software\ProductSetup HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence HKCU\SOFTWARE\nuevos-programas.com O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.) O108 - CMH2: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.) O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.) HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASAPI32 HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASMANCS HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]:ByteFence.exe C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe C:\Windows\System32\Tasks\WebDiscover Browser Update Task C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1 C:\ProgramData\ByteFence C:\Users\Cha\AppData\Local\WebDiscoverBrowser C:\Windows\Prefetch\BYTEFENCE.EXE-C79121AD.pf C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-B68A323A.pf HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC} HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASAPI32 HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASMANCS HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASAPI32 HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASMANCS HKLM\SOFTWARE\McAfee.com =>.McAfee Inc. HKLM\SOFTWARE\WOW6432Node\McAfee NGI =>.McAfee Inc. C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\000 C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\001 C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\002 C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\003 O43 - CFD: 24/02/2018 - [] D -- C:\ProgramData\ByteFence =>.SUP.ByteFence O43 - CFD: 12/08/2019 - [] D -- C:\ProgramData\McAfee =>.McAfee O43 - CFD: 03/02/2018 - [] DC -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser =>Adware.WebDiscoverBrowser O45 - LFCP:[MD5.B0787130850307265713E9A92D351C49] 12/08/2019 A -- C:\Windows\Prefetch\BYTEFENCE.EXE-C79121AD.pf =>.SUP.ByteFence O45 - LFCP:[MD5.ECACB5A22E6F003AAF7E468A68CCE155] 12/08/2019 A -- C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-B68A323A.pf =>.SUP.ByteFence O69 - SBI: SearchScopes [HKCU] [64Bits]{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC} - (Surf Live) - http://www.surf-live.com/ =>.SUP.SurfLiveCom O87 - FAEL: "{B1123E8D-76FF-48C5-B823-DA8B679C3966}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (.not file.) =>.SUP.Orphan O87 - FAEL: "{DF5098DD-28CD-4376-829F-D45914333BCA}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (.not file.) =>.SUP.Orphan HKU\.DEFAULT\Software\ByteFence HKU\S-1-5-18\Software\ByteFence HKCU\Software\WebDiscoverBrowser HKU\S-1-5-21-4241389643-2301839562-2191970874-1000\SOFTWARE\McAfee =>.McAfee Inc. HKCU\Software\csastats HKCU\Software\ProductSetup HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\ByteFence\ByteFenceScan.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\ByteFence\ByteFenceScan.exe.ApplicationCompany EmptyPrefetch EmptyClsid