Jump to content

Recommended Posts

Hi,

this afternoon my word doc as well as my browser suddenly shut down. I got a popup from malwarebytes about a ransomware. Then the PC suddenly shut down. I immediately pulled the plug on the internet and started up in safe mode, ran a full malware bytes scan including rootkit. However, it came back clean.

I then ran an Adware Cleaner tool from yours, which also came back clean.

Should I be further worried? Or did I just avoid a major hit?

How do I know the PC is safe?

I've included several of the files from the scans I've mentioned. 

malwarebytes ransomware.txt full scan.txt AdwCleaner[S00].txt

Share this post


Link to post
Share on other sites

Also, I want to add that my malware bytes has disabled all active protection now. I am unable to turn it on. It will not work.

Is this because of safe mode? Or is it broken? And how do I fix it?

Share this post


Link to post
Share on other sites

Hello CW1990 and welcome to Malwarebytes,

Malwarebytes real time protection will not work if you are in Safe Mode. Can you boot back to Normal mode and run the following:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Hi, thank you for your response.

The Malware Bytes scan as well as the ADW Cleaner scan came back negative for infection.

 

Here is the ADW Cleaner Scan:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build:    05-25-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-30-2020
# Duration: 00:00:17
# OS:       Windows 7 Professional
# Scanned:  31836
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1413 octets] - [29/06/2020 22:56:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 

 

Here is my FRST scan:

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 28-06-2020
Gestart door Gebruiker (Beheerder) op EIGENAAR-PC (MSI MS-7821) (30-06-2020 09:20:46)
Gestart vanaf C:\Users\Gebruiker\Pictures\Desktop
Geladen Profielen: Gebruiker
Platform: Windows 7 Professional Service Pack 1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.)

() [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe
() [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\100.4.409\QtWebEngineProcess.exe <2>
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Smart Connect software -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel(R) Smart Connect software -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(MagicISO, Inc.) [Bestand niet getekend] [Bestand is in gebruik] D:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros) [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Sanford, L.P. -> ) C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe
(Sanford, L.P.) [Bestand niet getekend] [Bestand is in gebruik] C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(TeamViewer Germany GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Register (gefilterd) ===================

(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [40576 2013-08-29] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7657984 2020-06-25] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [DYMOWebApi] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe [5373440 2020-03-10] () [Bestand niet getekend] [Bestand is in gebruik]
HKLM-x32\...\Run: [DymoOfficeHelper] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.OfficeHelper.exe [63488 2020-03-10] () [Bestand niet getekend] [Bestand is in gebruik]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [466312 2020-05-25] (Express Vpn LLC -> ExpressVPN)
HKLM-x32\...\Run: [Opera Browser Assistant] => D:\program files\opera\assistant\browser_assistant.exe [3105304 2020-06-22] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-07-21] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [Google Update] => C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [DAEMON Tools Lite] => D:\program files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [Discord] => C:\Users\Gebruiker\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [] => [X]
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [DYMOConnectLauncher] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe [162488 2020-03-10] (Sanford, L.P. -> )
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [1162632 2020-05-25] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\MountPoints2: {2fed944f-ffa6-11e3-bef3-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1699787563-3305780868-2387947222-1000\...\MountPoints2: {375f9ded-fd74-11e4-bd0b-448a5b66a256} - G:\autorun.exe
HKLM\...\Windows x64\Print Processors\Canon MG5500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBU.DLL [30208 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: C:\Windows\system32\CNCALBL.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5500 series: C:\Windows\system32\CNMLMBU.DLL [391168 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\Windows\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2013-01-24] (CANON INC.) [Bestand niet getekend] [Bestand is in gebruik]
HKLM\...\Print\Monitors\DYMO LabelWriter Monitor: C:\Windows\system32\LW400MON.DLL [16384 2020-03-10] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [110264 2014-04-25] (pdfforge GmbH -> pdfforge GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-04-25]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel(R) Smart Connect software -> Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-04-25]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A003678C-C125-49A0-90D0-99AE485F6F92}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Qualcomm Atheros, Inc. -> Flexera Software LLC)
Startup: C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2014-06-29]
ShortcutTarget: MagicDisc.lnk -> D:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) [Bestand niet getekend] [Bestand is in gebruik]

==================== Geplande Taken (gefilterd) ============

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {052A8028-1E12-453C-9FBD-8CD54D1CDF99} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-18] (Dropbox, Inc -> Dropbox, Inc.)
Task: {30DB2F72-9F9A-460B-8808-BC42B37865A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1699787563-3305780868-2387947222-1000UA => C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3D96E7A6-4093-42D4-BE13-B045FF0D4159} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1699787563-3305780868-2387947222-1000Core => C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {418D151A-EC31-4B3D-94B3-DA8D529B732E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd -> Piriform Ltd)
Task: {5568ADB0-4EED-4D7E-AB74-8F077EF91070} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-18] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6341736D-DC34-444D-90BC-E63673CBB2A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {675D2C2D-EDDD-4BA0-B2B2-46127FABC2B6} - System32\Tasks\AdobeAAMUpdater-1.0-Eigenaar-PC-Gebruiker => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6DE26AF1-9DC4-420D-91A0-6CB116A22D86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {78971E91-4922-44FE-9FDA-3C1E0FB5B626} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [0 2018-08-20] ()
Task: {829EB578-A661-49CD-A8B7-E189B6F1CA67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {8E3B088F-F329-41E1-960D-7AA334280F7F} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-11] (Mozilla Corporation -> Mozilla Foundation)
Task: {A200A0E7-9851-4E04-B1B7-85D797AC9D02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {A7E98EEC-4986-4C14-A01D-00AFB0EC1CA7} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {AE5F95BF-436A-444F-AD64-F655A1905579} - System32\Tasks\Opera scheduled assistant Autoupdate 1582789614 => D:\program files\opera\launcher.exe [1333784 2020-06-18] (Opera Software AS -> Opera Software)
Task: {C1A0C6EF-FB5A-4AB4-8124-D806E4D9681B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF0A58ED-397C-40BB-B78D-1C81423D5240} - System32\Tasks\{4F2145D6-BA0F-4ACE-AD34-A346EBFD602C} => C:\Windows\system32\pcalua.exe -a E:\AOMsetup.exe -d E:\ -c /autorun
Task: {D2AB37DC-CC42-440B-A6C1-F881EC471BE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {D50D3F9B-026F-42E7-BBFC-15DDD8DFF82F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [1447936 2018-08-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D7E647D8-D711-48BB-9313-4C53C2092303} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC5D593F-DD84-4A0B-BC60-8FCEDFB21939} - System32\Tasks\Opera scheduled Autoupdate 1399726773 => D:\program files\opera\launcher.exe [1333784 2020-06-18] (Opera Software AS -> Opera Software)

(Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.)

Hosts: Er is meer dan één item in Hosts. Zie Hosts deel van Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D8619224-6B87-4136-86FB-86A8B940AAC6}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FAD046C4-C920-48B6-9116-AA0A15A5F69F}: [DhcpNameServer] 10.177.0.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1699787563-3305780868-2387947222-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (Canon Inc. -> CANON INC.)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (Canon Inc. -> CANON INC.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-09-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> D:\program files\evernote\EvernoteIE.dll [2014-04-14] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) [Bestand niet getekend] [Bestand is in gebruik]
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-09-03] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (Canon Inc. -> CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: izfhjg5e.default-1399448353244
FF ProfilePath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\izfhjg5e.default-1399448353244 [2020-06-29]
FF user.js: detected! => C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\izfhjg5e.default-1399448353244\user.js [2020-04-03]
FF Extension: (Firebug) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\izfhjg5e.default-1399448353244\Extensions\firebug@software.joehewitt.com.xpi [2017-03-02] [Verouderd]
FF Extension: (Adblock Plus - gratis adblocker) - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\izfhjg5e.default-1399448353244\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-08-12] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [Geen bestand]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.) [Bestand niet getekend] [Bestand is in gebruik]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\itunes\Mozilla Plugins\npitunes.dll [2014-02-20] (Apple Inc. -> )
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [Bestand niet getekend] [Bestand is in gebruik]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Geen bestand]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\program files\VLC\npvlc.dll [2014-02-05] (VideoLAN) [Bestand niet getekend] [Bestand is in gebruik]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-04-30] (pdfforge GmbH -> pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1699787563-3305780868-2387947222-1000: SkypePlugin -> C:\Users\Gebruiker\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi.dll [2015-09-14] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1699787563-3305780868-2387947222-1000: SkypePlugin64 -> C:\Users\Gebruiker\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi-x64.dll [2015-09-14] (Microsoft Corporation -> Skype Technologies S.A.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-06-30]
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Extension: (Presentaties) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documenten) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-25]
CHR Extension: (WOT: Web of Trust, Website Reputatiescores) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-03-31]
CHR Extension: (YouTube) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-25]
CHR Extension: (Adblock Plus - gratis adblocker) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-10]
CHR Extension: (Spreadsheets) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Offline Documenten) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (No Coin - Block miners on the web!) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2018-02-26]
CHR Extension: (Book Report) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gopdpgphdcjglgoojmfdpbcdfcmnllkc [2019-07-07]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-10-22]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27]
CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera: 
=======
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Gebruiker\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2020-03-03]
StartMenuInternet: (HKLM) OperaStable - D:\program files\opera\Launcher.exe

==================== Services (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2019-07-21] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-18] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-18] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-06-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 DYMOConnectPnPService; C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe [26112 2020-03-10] (Sanford, L.P.) [Bestand niet getekend] [Bestand is in gebruik]
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [438664 2020-05-25] (Express Vpn LLC -> ExpressVPN)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Bestand niet getekend] [Bestand is in gebruik]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Bestand niet getekend] [Bestand is in gebruik]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] (Intel(R) Smart Connect software -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-19] (Malwarebytes Inc -> Malwarebytes)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [782320 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [782136 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH -> pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH -> pdfforge GmbH)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-11] (Qualcomm Atheros) [Bestand niet getekend] [Bestand is in gebruik]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [Bestand niet getekend] [Bestand is in gebruik]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10823184 2020-04-20] (TeamViewer Germany GmbH -> TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-05-03] (Tages SA -> )
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [47600 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-29] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-04-24] (Malwarebytes Corporation -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [18800 2020-05-25] (ExprsVPN LLC -> )
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc. -> GEAR Software Inc.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] (Intel(R) Smart Connect software -> )
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] (Intel(R) Smart Connect software -> )
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] (Intel(R) Smart Connect software -> )
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-05-03] (Tages SA -> )
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-06-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [196456 2020-06-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-06-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [120432 2020-06-23] (Malwarebytes Inc -> Malwarebytes)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [78320 2018-10-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [36208 2019-08-21] (ExprsVPN LLC -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een maand (aangemaakt) ===================

(Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.)

2020-06-30 09:20 - 2020-06-30 09:21 - 000000000 ____D C:\FRST
2020-06-30 09:08 - 2020-06-30 09:08 - 000196456 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-06-30 09:08 - 2020-06-30 09:08 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-06-29 23:05 - 2020-06-29 22:56 - 008402608 _____ (Malwarebytes) C:\Users\Gebruiker\Downloads\adwcleaner_8.0.5.exe
2020-06-29 22:56 - 2020-06-29 22:56 - 000000000 ____D C:\AdwCleaner
2020-06-29 16:28 - 2020-06-29 22:54 - 000367690 _____ C:\Windows\ntbtlog.txt
2020-06-28 11:09 - 2020-06-28 11:09 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\NVIDIA Corporation
2020-06-28 11:08 - 2020-06-28 11:08 - 000000000 ____D C:\Users\Gebruiker\AppData\LocalLow\Pathea Games
2020-06-27 08:53 - 2020-06-27 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-06-26 10:08 - 2020-06-26 10:08 - 000185748 _____ C:\Users\Gebruiker\Downloads\VanDerLee Verkooporder81756.pdf
2020-06-25 19:11 - 2020-06-25 19:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2020-06-25 19:11 - 2020-06-25 19:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2020-06-25 19:11 - 2020-06-25 19:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2020-06-25 19:11 - 2020-06-25 19:11 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys
2020-06-25 19:11 - 2020-06-25 19:11 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2020-06-24 10:11 - 2020-06-24 10:11 - 000550290 _____ C:\Users\Gebruiker\Downloads\Factuur 2020 06-25.pdf
2020-06-23 14:13 - 2020-06-23 14:13 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-06-23 14:13 - 2020-06-23 14:13 - 000120432 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-06-11 11:07 - 2020-06-29 16:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-08 11:09 - 2020-06-08 11:09 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2020-06-08 10:57 - 2020-06-30 09:07 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

==================== Een maand (gewijzigd) ==================

(Als een item is opgenomen in de fixlist, wordt de map of het bestand verplaatst.)

2020-06-30 09:19 - 2009-07-14 06:45 - 000032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-30 09:19 - 2009-07-14 06:45 - 000032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-30 09:13 - 2011-04-12 15:00 - 000745748 _____ C:\Windows\system32\perfh013.dat
2020-06-30 09:13 - 2011-04-12 15:00 - 000153700 _____ C:\Windows\system32\perfc013.dat
2020-06-30 09:13 - 2009-07-14 07:13 - 001670888 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-30 09:13 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-06-30 09:09 - 2015-06-18 17:13 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Dropbox
2020-06-30 09:08 - 2016-12-23 22:07 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\discord
2020-06-30 09:07 - 2016-12-18 03:14 - 000001016 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2020-06-30 09:07 - 2014-04-25 14:33 - 000000000 ____D C:\ProgramData\NVIDIA
2020-06-30 09:07 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-29 19:49 - 2014-06-29 17:47 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\ElevatedDiagnostics
2020-06-29 17:50 - 2016-11-18 16:18 - 000000000 ____D C:\Users\Gebruiker\AppData\LocalLow\Mozilla
2020-06-29 16:29 - 2009-07-14 06:45 - 007671848 _____ C:\Windows\system32\FNTCACHE.DAT
2020-06-29 16:28 - 2014-05-06 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-29 16:24 - 2014-05-24 10:25 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\CrashDumps
2020-06-29 15:57 - 2016-12-18 03:14 - 000001020 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2020-06-27 10:41 - 2016-11-17 19:38 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-06-27 08:53 - 2016-12-18 03:14 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-06-25 09:47 - 2014-05-06 22:45 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\vlc
2020-06-24 10:03 - 2020-02-27 09:46 - 000004032 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1582789614
2020-06-24 08:44 - 2020-04-03 09:24 - 000000000 ____D C:\Users\Gebruiker\AppData\Roaming\DYMOConnect
2020-06-22 21:06 - 2014-05-06 16:24 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-22 21:06 - 2014-05-06 16:24 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-22 21:06 - 2014-05-06 16:24 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-22 16:59 - 2015-03-25 16:28 - 000003840 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1399726773
2020-06-09 10:48 - 2014-04-25 13:26 - 000321792 _____ C:\Users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT
2020-06-08 11:09 - 2019-09-17 12:20 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2020-06-08 11:09 - 2019-04-14 10:46 - 000002087 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2020-06-08 11:09 - 2019-04-14 10:46 - 000002087 _____ C:\ProgramData\Desktop\ExpressVPN.lnk
2020-06-08 11:09 - 2019-04-14 10:46 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\ExpressVPN
2020-06-08 11:09 - 2016-11-17 20:05 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-08 10:34 - 2014-05-06 17:21 - 000000000 ____D C:\Users\Gebruiker\Documents\My Kindle Content
2020-06-05 15:01 - 2014-05-06 16:27 - 000000000 ____D C:\Users\Gebruiker\Documents\Calibrebibliotheek
2020-06-04 14:17 - 2015-06-01 14:17 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-06-01 11:26 - 2014-05-08 10:16 - 000000132 _____ C:\Users\Gebruiker\AppData\Roaming\Adobe PNG Format CS5 Prefs
2020-05-31 15:32 - 2016-03-01 16:17 - 000000000 ____D C:\Users\Gebruiker\AppData\Local\Ubisoft Game Launcher

==================== Bestanden in de root van sommige mappen ========

2014-05-28 14:36 - 2019-10-11 10:01 - 000000132 _____ () C:\Users\Gebruiker\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2018-02-11 17:44 - 2018-02-11 17:44 - 000000132 _____ () C:\Users\Gebruiker\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2014-05-08 10:16 - 2020-06-01 11:26 - 000000132 _____ () C:\Users\Gebruiker\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-01-22 17:58 - 2018-01-30 20:29 - 000001595 _____ () C:\Users\Gebruiker\AppData\Roaming\SAS7_000.DAT
2014-05-09 17:26 - 2018-05-05 15:53 - 000001456 _____ () C:\Users\Gebruiker\AppData\Local\Adobe Save for Web 12.0 Prefs
2017-02-20 19:57 - 2017-03-08 16:12 - 000020480 _____ () C:\Users\Gebruiker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-01 19:10 - 2018-04-22 18:57 - 000007667 _____ () C:\Users\Gebruiker\AppData\Local\Resmon.ResmonCfg
2018-04-08 11:30 - 2018-04-08 11:30 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{5791E756-187E-4600-AD62-AB781833E4D1}
2017-09-18 12:52 - 2017-09-18 12:52 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{63AF0501-40BC-4850-AFCB-F751D751E269}
2018-05-06 09:49 - 2018-05-06 09:49 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{6C833CFA-6179-477E-A37C-432173A0FFD5}
2017-08-03 22:39 - 2017-08-03 22:39 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{A6100239-D3F4-4F7D-BDE0-CFECE4B47AD0}
2017-11-14 14:27 - 2017-11-14 14:27 - 000000000 _____ () C:\Users\Gebruiker\AppData\Local\{A6B1FD5A-CC21-4EFE-9514-A18DB3E96A8A}

==================== SigCheck ============================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)


LastRegBack: 2020-06-20 15:48
==================== Einde van FRST.txt ========================

Addition.txt malwarebytes.txt

Share this post


Link to post
Share on other sites

Hiya CW1990,

Thanks for those logs, continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your reply..

Thank you,

Kevin.

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

I've included the fixlog of FRST here. The Sophos scan took a while because my PC continued to go into sleep mode and I didn't realize it wasn't running whilst in sleep mode.

It came back completely clean though. No details, nothing detected.

Does this mean Malwarebytes completely stopped the Ransomware attack?

 

Fixlog.txt

Share this post


Link to post
Share on other sites

Hiya CW1990,

Yes Malwarebytes did its job and protected your system. There was no Malware or infection in the FRST logs, the fix was just to remove unwanted remnants and general clean up...

Unless you have any issues or concerns we can finish up:

Right click on FRST here: C:\Users\Gebruiker\Pictures\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...

Share this post


Link to post
Share on other sites

You`re very welcome CW1990, it was a pleasure to work with you...

Regards,

Kevin

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.