Infected by Reddmn pop-up Adware

Blueboy · November 12, 2018

http://reddmn.com/scz?p=OTIzNjUxMTk0Mu8UXbtWCYfk8ZJXBJvc0pzYJuvcZ%2BV0031rdqTas2h2sGyGebMtTmCUED2tLF%2BO0NsQx%2BxeDL1TjoqCXD8MkYlsy5aupFwhMuunljPnlX0hS8r6GNzoHRzgffWDqgNG%2F%2F%2FzrMwcYYeOF8u7QAOQTcyM8BDyDTf48JqYg7lRxAW28AVXdj7igLkYotE6Nz4hWXQG0cT0FBhthw17dYi5XPB2zFlihJYAPErn45qLbXuZPmuxsuTykM%2BMJTVk1x6shNJb%2FSGc0EAcIHwOueKvbf6nRfWacV4N5emGhfAxC0UsfkWzGe6Mc%2BSLUwWKgvAnDvGv9sp8R%2FDfK2DlxWQckkl9AXsghsK53hzvtoY4j65tFrujLbeeuIz3r8rgc9vzvpuUYrBNEIbxrA57dlVCsAFG%2F7nBc8v8k3DUDoYyl%2F8q5v%2B7JdMnFDVNDnbI%2FAbH5mg3MvEWy3r8nWKIrKrvcFO%2FkiSW9ziFciWt7YHAW%2FStWF2Yi50O4DntZQrjWxVdNDQE6jnnpS5rACGZaeLyxnE9%2FepTtIQruBuk9rkXtzXqXQdQ1Lr60U3EdWbvte%2FZsw%3D%3D&t=1&dpv=98&ndom=5&st=&l=1

Malwarebytes Adwcleaner 7.2.4.0 does not correct.

kevinf80 · November 12, 2018

Hello Blueboy and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:

Click on the Report tab > from main interface.
Double click on the Scan log which shows the Date and time of the scan just performed.
Click Export > From export you have two options:
Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
Make sure Addition.txt is checkmarked under "Optional scans"
Press Scan button to run the tool....
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Kevin....

Blueboy · November 12, 2018

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/12/18
Scan Time: 4:01 PM
Log File: 1d21a3a2-e6be-11e8-9f6b-b083feb5f178.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7811
License: Premium

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: DESKTOP-SKMNRPP\lrpev

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 342737
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-12-2018
# Duration: 00:00:09
# OS:       Windows 10 Home
# Cleaned: 0
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1618 octets] - [01/11/2018 14:13:09]
AdwCleaner[C00].txt - [1728 octets] - [01/11/2018 14:13:32]
AdwCleaner[S01].txt - [1372 octets] - [01/11/2018 14:52:49]
AdwCleaner[C01].txt - [1558 octets] - [01/11/2018 14:53:37]
AdwCleaner[S02].txt - [1494 octets] - [08/11/2018 08:29:56]
AdwCleaner[C02].txt - [1680 octets] - [08/11/2018 08:30:48]
AdwCleaner[S03].txt - [1616 octets] - [11/11/2018 19:58:48]
AdwCleaner[S04].txt - [1677 octets] - [12/11/2018 16:13:13]
AdwCleaner_Debug.log - [2048 octets] - [12/11/2018 16:16:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by lrpev (administrator) on DESKTOP-SKMNRPP (12-11-2018 16:32:38)
Running from C:\Users\lrpev\Downloads
Loaded Profiles: lrpev (Available Profiles: lrpev & mmpto)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Users\lrpev\Downloads\adwcleaner_7.2.4.0.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\pcdrwi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-20] (Waves Audio Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126712 2018-10-18] (Intel)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3265048010-796270235-1555203059-1001\...\MountPoints2: {8aa1196b-db12-11e5-9c01-4cbb58baff39} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3265048010-796270235-1555203059-1001\...\Winlogon: [Shell] - <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-02-25]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-02-25]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\lrpev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6d79f994-26a3-470c-b4da-76b79854dd51}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{74d1e997-7801-491a-ac47-63cdffad0cb2}: [DhcpNameServer] 10.13.109.99

Internet Explorer:
==================
HKU\S-1-5-21-3265048010-796270235-1555203059-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.my.yahoo.com/
HKU\S-1-5-21-3265048010-796270235-1555203059-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-24] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: qp1gby01.default
FF ProfilePath: C:\Users\lrpev\AppData\Roaming\Mozilla\Firefox\Profiles\qp1gby01.default [2018-11-12]
FF Homepage: Mozilla\Firefox\Profiles\qp1gby01.default -> hxxps://my.yahoo.com/
FF Extension: (InvisibleHand) - C:\Users\lrpev\AppData\Roaming\Mozilla\Firefox\Profiles\qp1gby01.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2018-10-16]
FF Extension: (MapsFox) - C:\Users\lrpev\AppData\Roaming\Mozilla\Firefox\Profiles\qp1gby01.default\Extensions\{43a526a3-28ea-409f-933c-2ef3d9a0629b}.xpi [2018-10-19]
FF Extension: (Adblock Plus) - C:\Users\lrpev\AppData\Roaming\Mozilla\Firefox\Profiles\qp1gby01.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3265048010-796270235-1555203059-1001: @citrixonline.com/appdetectorplugin -> C:\Users\lrpev\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-01] (Citrix Online)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9667872 2018-10-24] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-02] (PC-Doctor, Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-10-18] (Intel)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-09-12] (CloudBees, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-11] (Realtek Semiconductor)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-09-12] (Rivet Networks)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-24] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-24] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36400 2018-10-20] (Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-11-02] (Malwarebytes)
S3 glavcam; C:\WINDOWS\system32\DRIVERS\glavcam.sys [3495680 2016-03-28] (Windows (R) Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-02] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-12] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-15] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-10] (Realsil Semiconductor Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-09-12] (Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-12 16:32 - 2018-11-12 16:33 - 000018453 _____ C:\Users\lrpev\Downloads\FRST.txt
2018-11-12 16:31 - 2018-11-12 16:32 - 000000000 ____D C:\FRST
2018-11-12 16:28 - 2018-11-12 16:28 - 002415616 _____ (Farbar) C:\Users\lrpev\Downloads\FRST64.exe
2018-11-12 16:19 - 2018-11-12 16:19 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-12 16:19 - 2018-11-12 16:19 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-12 16:19 - 2018-11-12 16:19 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-12 16:19 - 2018-11-12 16:19 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-11-12 16:18 - 2018-11-12 16:19 - 000437608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-12 16:18 - 2018-11-12 16:18 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-12 10:31 - 2018-11-12 10:31 - 000009663 _____ C:\Users\lrpev\Documents\Reddmn Adware Zipped.zip
2018-11-11 19:58 - 2018-11-11 19:58 - 000001163 _____ C:\Users\lrpev\Desktop\adwcleaner_7.2.4.0 - Shortcut.lnk
2018-11-10 08:52 - 2018-11-12 16:18 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForlrpev.job
2018-11-10 08:52 - 2018-11-10 08:52 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForlrpev
2018-11-07 20:48 - 2018-11-07 20:48 - 001329887 _____ C:\Users\lrpev\Downloads\Qir09302018
2018-11-02 08:09 - 2018-11-02 08:09 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-02 08:06 - 2018-11-02 08:06 - 000615447 _____ C:\Users\lrpev\Downloads\statement(3).pdf
2018-11-02 08:05 - 2018-11-02 08:05 - 000669270 _____ C:\Users\lrpev\Downloads\statement(2).pdf
2018-11-02 08:04 - 2018-11-02 08:04 - 000671808 _____ C:\Users\lrpev\Downloads\statement(1).pdf
2018-11-02 08:03 - 2018-11-02 08:03 - 000691752 _____ C:\Users\lrpev\Downloads\statement.pdf
2018-11-01 14:14 - 2018-11-01 14:14 - 000489278 _____ C:\Users\lrpev\Downloads\Rug Doctor Repair instructions, DCC Option 1 Solenoid and PCB(1).pdf
2018-11-01 13:48 - 2018-11-01 13:48 - 001012856 _____ C:\Users\lrpev\Downloads\Malwarebytes-AdwCleaner-User-Guide.pdf
2018-11-01 13:12 - 2018-11-01 13:13 - 000000000 ____D C:\AdwCleaner
2018-11-01 13:12 - 2018-11-01 13:12 - 007592144 _____ (Malwarebytes) C:\Users\lrpev\Downloads\adwcleaner_7.2.4.0.exe
2018-11-01 09:45 - 2018-11-01 09:56 - 000015028 _____ C:\Users\lrpev\Documents\Bill Payments November 2018.xlsx
2018-11-01 09:03 - 2018-11-01 09:03 - 000305849 _____ C:\Users\lrpev\Downloads\BOA_2018-10-27.pdf
2018-11-01 08:27 - 2018-11-01 08:27 - 000084906 _____ C:\Users\lrpev\Downloads\Lowes Oct 2018.pdf
2018-10-26 09:53 - 2018-10-26 09:53 - 000489278 _____ C:\Users\lrpev\Downloads\12935 Repair instructions, DCC Option 1 Solenoid and PCB.pdf
2018-10-25 21:21 - 2018-10-25 21:21 - 000036182 _____ C:\Users\lrpev\Downloads\Invoice(1).pdf
2018-10-25 15:39 - 2018-10-25 15:39 - 000617880 _____ (Seven Servos Software Pvt Ltd. ) C:\Users\lrpev\Downloads\TechUtilities_Setup_2.1.9-01-FF.exe
2018-10-24 15:42 - 2018-10-24 15:42 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-24 15:40 - 2018-10-24 15:40 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-10-21 06:35 - 2018-11-06 20:04 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-10-21 06:35 - 2018-10-25 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-10-21 06:35 - 2018-10-21 06:35 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-10-21 06:35 - 2018-10-21 06:35 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-10-21 06:34 - 2018-10-25 09:17 - 000000000 ____D C:\Users\lrpev\Downloads\Temp
2018-10-20 15:34 - 2018-10-20 15:34 - 000036400 _____ (Dell Inc.) C:\WINDOWS\system32\Drivers\dddriver64Dcsa.sys
2018-10-19 17:31 - 2018-10-19 17:31 - 000923082 _____ C:\Users\lrpev\Downloads\Rebate.pdf
2018-10-19 17:02 - 2018-10-19 17:02 - 002854592 _____ C:\Users\lrpev\Downloads\P44621.pdf
2018-10-19 09:09 - 2018-10-19 09:09 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3265048010-796270235-1555203059-1001
2018-10-19 09:09 - 2018-10-19 09:09 - 000002412 _____ C:\Users\lrpev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-17 13:48 - 2018-10-17 13:48 - 000000000 _____ C:\WINDOWS\SysWOW64\SpyWareFolderstoFilter.txt
2018-10-17 13:37 - 2018-10-17 13:37 - 000019727 _____ C:\Users\lrpev\Downloads\TradeConfirmation10152018
2018-10-17 13:37 - 2018-10-17 13:37 - 000018690 _____ C:\Users\lrpev\Downloads\TradeConfirmation10162018
2018-10-14 09:24 - 2018-10-14 09:24 - 000018515 _____ C:\Users\lrpev\Downloads\TradeConfirmation10082018

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-12 16:24 - 2018-05-13 22:17 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-12 16:24 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-12 16:19 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-12 16:19 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-12 16:19 - 2016-11-17 09:12 - 000000000 ____D C:\Users\lrpev\AppData\LocalLow\Mozilla
2018-11-12 16:19 - 2015-08-02 14:46 - 000000000 __SHD C:\Users\lrpev\IntelGraphicsProfiles
2018-11-12 16:18 - 2018-05-13 22:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-12 16:18 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-12 15:56 - 2018-05-13 22:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-12 14:52 - 2018-05-13 22:30 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{13A83238-F704-43DA-9EEB-048F8878C119}
2018-11-12 13:52 - 2016-10-02 10:27 - 000000000 ____D C:\RepTemp
2018-11-12 13:52 - 2016-10-02 10:22 - 000000000 ____D C:\Program Files (x86)\SwannView Link
2018-11-12 10:59 - 2015-08-16 19:52 - 000000000 ____D C:\Users\lrpev\Documents\AHOA
2018-11-12 10:15 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-09 13:04 - 2018-05-16 11:26 - 000004238 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-11-09 09:15 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-08 21:49 - 2018-01-10 10:02 - 000000555 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2018-11-06 21:37 - 2017-03-07 10:22 - 000001923 _____ C:\Users\lrpev\Desktop\HP ENVY 5530 series (Network) - Shortcut.lnk
2018-11-06 20:02 - 2017-05-22 20:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-06 20:02 - 2016-03-04 17:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-06 19:47 - 2017-12-08 23:28 - 000000000 ____D C:\Users\lrpev\AppData\Local\Packages
2018-11-06 19:39 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-05 11:22 - 2015-07-18 14:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-05 11:20 - 2015-07-18 14:38 - 000000000 ____D C:\ProgramData\PCDr
2018-11-02 09:12 - 2015-07-18 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-11-02 09:10 - 2017-06-26 09:34 - 000000000 ____D C:\ProgramData\SupportAssist
2018-11-02 08:09 - 2018-10-06 14:04 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-02 07:04 - 2016-03-04 17:15 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-10-25 09:17 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-10-25 09:17 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-25 09:17 - 2018-04-11 16:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-10-25 09:05 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-10-25 08:51 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\registration
2018-10-24 15:45 - 2018-06-14 20:15 - 000000000 ____D C:\ProgramData\Packages
2018-10-24 15:41 - 2018-02-28 22:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-24 15:40 - 2015-07-18 14:27 - 000000000 ____D C:\ProgramData\Intel
2018-10-21 06:36 - 2015-07-18 14:26 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-21 06:35 - 2017-05-20 19:31 - 000000000 ____D C:\Program Files\Intel
2018-10-21 06:35 - 2016-02-01 10:42 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2018-10-19 09:09 - 2015-08-02 14:49 - 000000000 ___RD C:\Users\lrpev\OneDrive
2018-10-16 18:24 - 2018-05-13 22:09 - 000000000 ____D C:\Users\lrpev
2018-10-16 10:07 - 2015-08-02 17:47 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-11-01 17:10 - 2015-11-01 17:10 - 001593561 _____ ( ) C:\ProgramData\TR.exe
2015-09-26 09:24 - 2017-04-14 07:24 - 000007602 _____ () C:\Users\lrpev\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-13 22:05

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by lrpev (12-11-2018 16:33:47)
Running from C:\Users\lrpev\Downloads
Windows 10 Home Version 1803 17134.345 (X64) (2018-05-14 03:31:38)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3265048010-796270235-1555203059-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3265048010-796270235-1555203059-503 - Limited - Disabled)
Guest (S-1-5-21-3265048010-796270235-1555203059-501 - Limited - Disabled)
lrpev (S-1-5-21-3265048010-796270235-1555203059-1001 - Administrator - Enabled) => C:\Users\lrpev
mmpto (S-1-5-21-3265048010-796270235-1555203059-1002 - Administrator - Enabled) => C:\Users\mmpto
WDAGUtilityAccount (S-1-5-21-3265048010-796270235-1555203059-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{B753FD71-4EB8-4842-9016-B1B97ACBDC79}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{E43C1D03-D1BF-4DF9-A6F3-E483EA8B01CA}) (Version: 3.6.0.4 - Intel) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
AmScope AmScope 3.7.10246 (HKLM-x32\...\{1B67D67B-E7ED-4055-951F-C78FCF99A210}) (Version: 3.7.10246.20171109 - AmScope)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.9.24.3 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{2C895850-899F-4E06-ADB6-28A654FFCF9D}) (Version: 2.2.04036 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e5a12991-d0a9-4922-a125-fce431f55219}) (Version: 3.6.0.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E8266049-8C7B-4A09-9E11-8BD100E0076A}) (Version: 8.0.1.2379 - GenesysLogic)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5073.107 - Waves Audio Ltd.) Hidden
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11001.20074 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3265048010-796270235-1555203059-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 63.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.1 (x64 en-US)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20074 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20074 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20074 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11001.20074 - Microsoft Corporation) Hidden
Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
SmartByte Drivers and Services (HKLM\...\{6AD3253B-AFE1-436E-971B-B16D8C6ABA3F}) (Version: 2.0.637 - Rivet Networks)
SwannView Link version 2.1.2.27 (HKLM-x32\...\{992EF7D5-3D70-5A7F-AFDC-8C946676BD5D}_is1) (Version: 2.1.2.27 - )
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3265048010-796270235-1555203059-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-13] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-12-13] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {122F541F-BDA4-41FF-B34E-8BBE8E167B75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {1DF43E38-EBF0-4B86-8C9D-B0EB65E58A88} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {20BF953E-3FDE-452C-A7A2-DE76ABDDD591} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
Task: {24B65604-8CE7-4EC6-9D49-57FCB7EC911C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {2EA42C28-5B4E-41CF-8507-B9272E6E66C1} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-11] (Realtek Semiconductor)
Task: {2F72381A-5FE5-4BA4-BFD3-3B5C2F9DBB31} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
Task: {356A49CE-BD35-4539-BF96-45C3011D0255} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
Task: {429AC9A6-861F-4E45-815B-07B500B4CE3A} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2016-12-13] (WinZip)
Task: {537E1327-4A35-41B0-B5FC-0D3A935EB39E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-05] (Microsoft Corporation)
Task: {57AE2CB3-E557-4D93-B9BB-2EBB47B17770} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
Task: {6497811D-9D59-4255-8C36-869BECDF9E86} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-05] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6837B007-F0EC-41F6-A8E1-EC35E9864E00} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {729DF2EE-BD6C-4E0C-99DC-190D4E2364CE} - System32\Tasks\HPCeeScheduleForlrpev => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {8135889E-23EA-4CB4-B83F-8639753ACC23} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-11] (Adobe Systems Incorporated)
Task: {81FD7617-5DD9-4C61-9568-7BD0D41B6F6E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {82F7B4CE-679D-42A2-807C-D1230DD52B6A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-05] (Microsoft Corporation)
Task: {8A8443B3-12B2-42BB-900D-D7E6A2C6F9BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-10-24] (Microsoft Corporation)
Task: {8B148760-2694-4F0E-8F3F-AB0B47781ECD} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {971195B5-DE9A-40A5-A913-12573FCACB53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {99B30279-9D80-4E86-A784-55D031D855D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {A14A8F71-AE3E-462F-95F8-AE51D2A54751} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-05] (Microsoft Corporation)
Task: {AAE584B4-020F-4CE6-A47D-A55DCFF67365} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-09-12] (DELL)
Task: {AB966C32-CA83-4D3F-973D-B72097EF4383} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {AC9F9171-9092-4E05-AEBF-5D69B9F3FAC7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {B9AD108A-B748-45DD-95E5-9426ECD083D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {BA5B1257-DB1A-40F0-A5D3-B61C0C2C8F1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {C090B235-9899-43A1-93AF-8408AC472BBA} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-12-13] (WinZip Computing, S.L.)
Task: {C12B4C7D-A97C-4CAC-ACFD-9B812F5FF0BB} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {D71F8244-F1E1-45DF-A287-00C8D2ACB81D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-24] (Google Inc.)
Task: {E130F01F-CFCD-4AE5-95E0-A52682324AA1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
Task: {E2249B8B-DBD1-4A67-BE55-3B5EC70978F8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {E3B47175-3E77-4776-A70A-BECE9C3C9CC5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {E93BC140-C0D4-4A4C-BC28-0944EC80C08D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-11] (Adobe Systems Incorporated)
Task: {EF63DE2A-D462-4F25-AC6A-C9BAF4F03E57} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-10-24] (Microsoft Corporation)
Task: {F1044067-6222-4F73-BFEB-D2415FE7EB73} - System32\Tasks\S-1-5-21-3265048010-796270235-1555203059-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {F314C31F-706C-4C6C-AEC4-127909D92B01} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {F50FB0B9-6681-4F81-A76D-2BC18B7EFEF6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {F7D97724-D4FB-42EA-9D76-3356F1CE07D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Dell Product Registration.job => cmd /c sc start Dell Product RegistrationWORKGROUP DESKTOP SKMNRPP
Task: C:\WINDOWS\Tasks\HPCeeScheduleForlrpev.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP SKMNRPP

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-10-06 14:04 - 2018-11-02 08:09 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-10-06 14:04 - 2018-11-02 08:09 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-05-19 11:11 - 2015-05-19 11:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2015-07-18 14:26 - 2014-04-14 20:59 - 000253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-03-13 22:20 - 2017-03-13 22:20 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-10-11 18:57 - 2018-09-19 22:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-25 23:50 - 2018-10-25 23:51 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-25 23:50 - 2018-10-25 23:51 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-25 23:50 - 2018-10-25 23:51 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-25 23:50 - 2018-10-25 23:51 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-10-25 23:50 - 2018-10-25 23:51 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-10-25 23:50 - 2018-10-25 23:51 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
2018-10-25 23:50 - 2018-10-25 23:51 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-09 19:10 - 2018-07-09 19:10 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-11-01 08:14 - 2018-11-01 08:15 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-11-01 08:14 - 2018-11-01 08:15 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-11-01 08:14 - 2018-11-01 08:15 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-11-01 08:14 - 2018-11-01 08:14 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-01 08:14 - 2018-11-01 08:15 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-11-02 09:12 - 2018-11-02 09:12 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\libprotobuf.dll
2015-07-18 14:25 - 2014-12-08 02:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 17:28 - 2014-12-08 17:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 18:26 - 2015-06-23 18:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 12:41 - 2018-03-27 12:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2015-06-24 03:07 - 2015-06-24 03:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3265048010-796270235-1555203059-1001\...\google.com -> hxxps://google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2018-11-12 16:17 - 000000852 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3265048010-796270235-1555203059-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lrpev\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{b1be14dc-02b3-4f6a-8b97-7554cdbe2afd}.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

01-11-2018 09:19:17 Scheduled Checkpoint
05-11-2018 12:11:32 Windows Modules Installer
06-11-2018 19:55:20 Windows Modules Installer
07-11-2018 20:02:42 Windows Modules Installer
08-11-2018 22:15:07 Windows Modules Installer
10-11-2018 22:25:45 Windows Modules Installer
12-11-2018 10:15:07 Windows Modules Installer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2018 04:10:43 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (11/09/2018 09:11:55 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (11/09/2018 09:11:55 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (11/08/2018 09:12:09 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (11/08/2018 09:12:09 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (11/08/2018 09:12:08 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (11/06/2018 08:05:50 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[The remote name could not be resolved: 'downloads.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[ at System.Net.HttpWebRequest.GetResponse()
at eSupport.Common.Client.Core.DownloadHelper.IsFileNotModified(String fileLocation, String fileType, String fileName)]]></StackTrace><SysInfo STag="G13WS52" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A10" SMBIOSPresent="True" Rel_Date="20180510000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 3847" Ident_Num="DESKTOP-SKMNRPP" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><HostIP>192.168.2.13</HostIP></Exception>

Error: (11/05/2018 11:10:44 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

System errors:
=============
Error: (11/12/2018 04:20:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2018 04:20:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2018 04:19:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2018 04:17:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Hardware Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/12/2018 04:17:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).

Error: (11/12/2018 04:17:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/12/2018 04:17:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Windows Defender:
===================================
Date: 2018-11-08 21:21:07.117
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {35A50CE4-4663-4957-8F67-E039842B537D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-07 09:39:43.460
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0D80DF22-AACC-42E0-9A93-CC86363E0F2C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-06 21:37:05.053
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8B74B983-01EB-4C34-9B2A-CF0A5A79BDFD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-05 19:48:12.217
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DD124B7E-0FB1-4F33-A9BB-1AC3E1E44084}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-05 18:48:49.749
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2D6A6958-BB3F-491A-AF97-67D020B8D195}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-10-24 18:30:08.577
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2018-10-11 19:46:27.621
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.277.950.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15300.6
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-10-04 11:39:28.466
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.277.587.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15300.6
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-08-15 21:08:49.116
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2018-07-21 07:56:49.821
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.76.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===================================

Date: 2018-11-11 11:47:47.314
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-11 11:47:23.516
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-11 11:47:23.132
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-11 11:47:14.782
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-11 11:47:14.776
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-11-06 21:25:48.616
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 50%
Total physical RAM: 8108.93 MB
Available physical RAM: 3978.31 MB
Total Virtual: 9388.93 MB
Available Virtual: 4440.3 MB

==================== Drives ================================

Drive ? (OS) (Fixed) (Total:917.26 GB) (Free:803.53 GB) NTFS
Drive e: (USB20FD) (Removable) (Total:3.8 GB) (Free:0.76 GB) FAT32

\\?\Volume{b9be84e0-bddc-44e5-9eea-4ecbf336e735}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{cac4ef78-4e45-4579-bc4f-62b80043f89f}\ (Image) (Fixed) (Total:13.2 GB) (Free:0.95 GB) NTFS
\\?\Volume{d2742a77-a3b3-42d6-9da6-164cde0686eb}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 98219F17)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

(end)

kevinf80 · November 12, 2018

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program
If no threats were found please confirm that result....

The Virus Removal Tool scans the following areas of your computer:

Memory, including system memory on 32-bit (x86) versions of Windows
The Windows registry
All local hard drives, fixed and removable
Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your next reply, also let me know if there are any remaining issues or concerns...

Thanks,

Kevin..

fixlist.txt

Blueboy · November 14, 2018

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by lrpev (13-11-2018 09:52:54) Run:1
Running from C:\Users\lrpev\Downloads\Adware Tools
Loaded Profiles: lrpev (Available Profiles: lrpev & mmpto)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3265048010-796270235-1555203059-1001\...\MountPoints2: {8aa1196b-db12-11e5-9c01-4cbb58baff39} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3265048010-796270235-1555203059-1001\...\Winlogon: [Shell] - <==== ATTENTION
2015-11-01 17:10 - 2015-11-01 17:10 - 001593561 _____ ( ) C:\ProgramData\TR.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {1DF43E38-EBF0-4B86-8C9D-B0EB65E58A88} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6837B007-F0EC-41F6-A8E1-EC35E9864E00} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
File: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
RemoveProxy:
EmptyTemp:
Hosts:
CMD: ipconfig /flushDNS
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
HKU\S-1-5-21-3265048010-796270235-1555203059-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8aa1196b-db12-11e5-9c01-4cbb58baff39} => removed successfully
HKLM\Software\Classes\CLSID\{8aa1196b-db12-11e5-9c01-4cbb58baff39} => not found
"HKU\S-1-5-21-3265048010-796270235-1555203059-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"C:\ProgramData\TR.exe " => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DF43E38-EBF0-4B86-8C9D-B0EB65E58A88}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DF43E38-EBF0-4B86-8C9D-B0EB65E58A88}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6837B007-F0EC-41F6-A8E1-EC35E9864E00}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6837B007-F0EC-41F6-A8E1-EC35E9864E00}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found

========================= File: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat ========================

C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
File not signed
MD5: 5C5A797761421CF9B72087F3BC8A5259
Creation and modification date: 2018-11-12 16:19 - 2018-11-12 16:19
Size: 000000180
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/3bc9fd278cacc735ab16670c70767f33db69b6d3b0ef39250285a9ef4ca5de7e/analysis/1541103325/

====== End of File: ======

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========

========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3265048010-796270235-1555203059-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3265048010-796270235-1555203059-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushDNS =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 236982039 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 3900614 B
Edge => 110795574 B
Chrome => 0 B
Firefox => 409800078 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 30047488 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 229070 B
NetworkService => 0 B
lrpev => 10488368 B
mmpto => 671850 B

RecycleBin => 7592274 B
EmptyTemp: => 783 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:56:48 ====

No threats in Sophos

Sorry I did not get back with you sooner

Thanks

kevinf80 · November 14, 2018

How does your system respond now, any issues or concerns...?

Blueboy · November 14, 2018

No change, still getting redirect from reddmn.com

kevinf80 · November 14, 2018

What are you doing when the redirect happens, is specific to one browser or more than one......?

Run this please:

Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.
Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
Open Zemana AntiMalware again.
Click on icon and double click the latest report.
Now click File > Save As and choose your Desktop before pressing Save.
Attach saved report in your next message.

Thanks,

Kevin

Blueboy · November 14, 2018

It seems to be only in Firefox. It does not occur in Microsoft Edge. I will try running other browsers.

kevinf80 · November 14, 2018

Did you run Zemana, is good scanner for browser redirects...?

Blueboy · November 15, 2018

Unable to download Zemana. Have deleted Mozilla Firefox and no longer have any issues with reddmn adware.

Thanks

kevinf80 · November 15, 2018

OK, thanks for update, good to hear you have fix the redirect issue. I guess we can clean up...

Uninstall Sophos AV and Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Also delete this folder if still present: C:\ProgramData\Sophos

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

Remove disinfection tools <----- this will remove tools we may have used.
Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

kevinf80 · November 19, 2018

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

Infected by Reddmn pop-up Adware

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information