Help with ComboFix report.

Discussion in 'other anti-malware software' started by Hijin25, Oct 30, 2017.

Thread Status:
Not open for further replies.
  1. Hijin25

    Hijin25 Registered Member

    Joined:
    Jun 15, 2017
    Posts:
    17
    Location:
    México
    Greetings. Today my wife mistakenly executed Combofix on our team, wanted to run JRT but could not remember the name. I just want to know if I do not delete files that I should not delete. This is the report, and I would also like to know if it is a normal behavior that there is now a folder called Recovery in "C:".

    Thank you in advance for your help.

    Code:
    ComboFix 17-10-17.01 - Carlos 30/10/2017 11:30:29.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.52.3082.18.8158.6364 [GMT -6:00]
Running from: c:\users\Carlos\Desktop\ComboFix.exe
AV: ESET Smart Security *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: Firewall personal de ESET *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\msdownld.tmp
c:\windows\SysWow64\win.ini
.
.
((((((((((((((((((((((((( Files Created from 2017-09-28 to 2017-10-30 )))))))))))))))))))))))))))))))
.
.
2017-10-30 17:35 . 2017-10-30 17:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2017-10-29 21:52 . 2017-10-30 01:36    --------    d-----w-    c:\program files (x86)\RivaTuner Statistics Server
2017-10-29 21:52 . 2017-10-30 04:05    --------    d-----w-    c:\program files (x86)\MSI Afterburner
2017-10-28 19:49 . 2017-10-23 01:06    124912    ----a-w-    c:\windows\system32\BootDefrag.exe
2017-10-28 19:49 . 2016-06-23 01:45    17600    ----a-w-    c:\windows\system32\drivers\BootDefragDriver.sys
2017-10-28 19:43 . 2017-10-28 19:43    --------    d-----w-    c:\programdata\GlarySoft
2017-10-28 19:38 . 2017-10-28 19:38    20160    ----a-w-    c:\windows\system32\drivers\GUBootStartup.sys
2017-10-28 19:37 . 2017-10-28 19:39    --------    d-----w-    c:\program files (x86)\Glary Utilities 5
2017-10-27 20:20 . 2017-10-12 21:33    981112    ----a-w-    c:\windows\system32\NvIFR64.dll
2017-10-24 00:53 . 2017-10-27 20:22    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2017-10-23 19:22 . 2017-10-29 18:21    --------    d-----w-    c:\program files (x86)\StarCraft
2017-10-23 19:22 . 2017-10-29 18:20    --------    d-----w-    c:\program files (x86)\Diablo III
2017-10-23 18:16 . 2017-10-23 18:16    --------    d-----w-    c:\programdata\Codemasters
2017-10-20 03:40 . 2017-10-20 03:40    --------    d-----w-    c:\program files (x86)\Registry Life
2017-10-19 05:50 . 2015-06-22 03:42    31144    ----a-w-    c:\windows\system32\drivers\iaStorF.sys
2017-10-19 05:50 . 2015-06-22 03:42    1455552    ----a-w-    c:\windows\system32\drivers\iaStorA.sys
2017-10-17 20:40 . 2017-10-30 17:15    --------    d-----w-    c:\programdata\NVIDIA
2017-10-17 20:40 . 2017-10-27 20:22    --------    d-----w-    c:\programdata\NVIDIA Corporation
2017-10-17 20:39 . 2017-10-27 20:22    --------    d-----w-    c:\program files\NVIDIA Corporation
2017-10-16 21:50 . 2017-10-16 21:50    --------    d-----w-    c:\programdata\Futuremark
2017-10-16 21:49 . 2017-10-16 21:49    --------    d-----w-    c:\program files (x86)\Futuremark
2017-10-16 17:26 . 2017-10-30 04:15    --------    d-----w-    c:\program files (x86)\Steam
2017-10-14 15:26 . 2017-10-23 01:47    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-10-14 15:26 . 2017-10-14 15:26    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2017-10-14 15:26 . 2017-10-14 15:26    --------    d-----w-    c:\programdata\Malwarebytes
2017-10-14 15:26 . 2016-03-10 19:09    64896    ----a-w-    c:\windows\system32\drivers\mwac.sys
2017-10-14 15:26 . 2016-03-10 19:08    140672    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2017-10-14 15:26 . 2016-03-10 19:08    27008    ----a-w-    c:\windows\system32\drivers\mbam.sys
2017-10-14 01:58 . 2017-10-14 01:58    --------    d-----w-    c:\program files (x86)\Ubisoft
2017-10-13 04:15 . 2017-10-13 04:15    --------    d-----w-    c:\programdata\X3HKR0Xe9I
2017-10-13 04:15 . 2006-03-02 10:00    1392671    ------w-    c:\windows\SysWow64\XY_msvbvm60.dll
2017-10-13 04:14 . 2017-10-13 06:00    --------    d-----w-    C:\CivilCAD Demo para AutoCAD 2013-2014
2017-10-13 04:14 . 2008-01-25 00:40    155648    ----a-w-    c:\windows\SysWow64\crpk07.dll
2017-10-13 04:04 . 2017-10-13 04:04    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2017-10-13 04:03 . 2017-10-13 04:13    --------    d-----w-    c:\program files\Common Files\Autodesk Shared
2017-10-13 04:03 . 2017-10-13 04:03    --------    d-----w-    c:\program files\Autodesk
2017-10-13 04:02 . 2017-10-13 04:02    --------    d-----w-    c:\program files (x86)\Autodesk
2017-10-13 04:02 . 2017-10-13 04:04    --------    d-----w-    c:\program files (x86)\Common Files\Autodesk Shared
2017-10-13 04:00 . 2017-10-13 04:14    --------    d-----w-    c:\programdata\Autodesk
2017-10-12 23:13 . 2017-10-12 23:13    --------    d-----w-    c:\program files (x86)\NirSoft
2017-10-12 23:12 . 2017-10-12 23:12    --------    d-----w-    c:\program files (x86)\AutoDWG
2017-10-12 23:06 . 2017-10-12 23:06    --------    d-----w-    c:\program files (x86)\Common Files\InstallShield
2017-10-12 23:05 . 2017-10-12 23:05    --------    d-----w-    c:\program files (x86)\GlobalMapper12
2017-10-12 22:50 . 2017-10-12 22:50    --------    d-----w-    c:\program files (x86)\LibreOffice 5
2017-10-12 22:37 . 2017-10-12 22:37    --------    d-----w-    c:\program files\VS Revo Group
2017-10-12 22:33 . 2017-10-12 22:33    --------    d-----w-    c:\program files (x86)\VideoLAN
2017-10-12 22:03 . 2017-10-20 18:31    --------    d-----w-    C:\Temp
2017-10-12 19:03 . 2017-10-12 19:03    --------    d--h--w-    c:\program files (x86)\Common Files\EAInstaller
2017-10-12 17:44 . 2017-10-12 17:44    --------    d-----w-    c:\programdata\Electronic Arts
2017-10-12 16:26 . 2017-10-12 16:26    --------    d--h--w-    c:\program files\Common Files\EAInstaller
2017-10-12 15:23 . 2017-10-23 18:33    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2017-10-12 15:23 . 2017-10-23 18:33    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2017-10-12 15:23 . 2017-10-23 18:33    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2017-10-12 15:23 . 2017-10-23 18:33    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2017-10-12 15:23 . 2017-10-12 15:23    --------    d-----w-    c:\program files (x86)\OpenAL
2017-10-12 14:45 . 2017-10-12 14:45    --------    d-----w-    c:\program files (x86)\MSXML 4.0
2017-10-12 14:44 . 2017-10-12 14:44    --------    d-----w-    c:\program files\Microsoft Silverlight
2017-10-12 14:44 . 2017-10-12 14:44    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2017-10-12 14:28 . 2017-10-12 14:28    --------    d-----w-    c:\program files (x86)\Common Files\AnswerWorks 4.0
2017-10-12 14:28 . 2017-10-12 14:28    --------    d-----w-    c:\program files (x86)\Common Files\Data Dynamics
2017-10-12 14:27 . 2017-10-12 14:27    --------    d-----w-    c:\program files (x86)\Common Files\Tom Sawyer Software
2017-10-12 14:27 . 2017-10-12 14:27    --------    d-----w-    C:\Python27
2017-10-12 14:26 . 2017-10-12 14:26    --------    d-----w-    c:\programdata\FNP
2017-10-12 14:26 . 2017-10-13 04:09    --------    d-----w-    c:\programdata\FLEXnet
2017-10-12 14:26 . 2017-10-12 14:26    --------    d-----w-    c:\program files (x86)\Common Files\Macrovision Shared
2017-10-12 14:25 . 2017-10-12 14:27    --------    d-----w-    c:\program files (x86)\Common Files\ArcGIS
2017-10-12 14:25 . 2017-10-12 14:27    --------    d-----w-    c:\program files (x86)\ArcGIS
2017-10-12 14:04 . 2008-10-15 11:22    5631312    ----a-w-    c:\windows\system32\D3DX9_40.dll
2017-10-12 03:35 . 2017-10-29 05:11    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2017-10-12 03:26 . 2017-10-12 17:45    --------    d-----w-    c:\program files (x86)\Origin Games
2017-10-12 03:24 . 2017-10-21 19:55    --------    d-----w-    c:\program files (x86)\Origin
2017-10-12 03:23 . 2017-10-28 21:56    --------    d-----w-    c:\programdata\Origin
2017-10-12 03:22 . 2017-10-12 03:22    --------    d-----w-    c:\programdata\Blizzard Entertainment
2017-10-12 03:20 . 2017-10-29 23:52    --------    d-----w-    c:\program files (x86)\Blizzard App
2017-10-12 03:20 . 2017-10-12 03:20    --------    d-----w-    c:\programdata\Battle.net
2017-10-12 03:14 . 2017-10-23 17:21    --------    d-----w-    c:\program files (x86)\GOG Galaxy
2017-10-12 03:14 . 2017-10-12 03:14    --------    d-----w-    c:\programdata\GOG.com
2017-10-12 03:05 . 2017-10-12 03:05    --------    d-----w-    c:\program files\WinRAR
2017-10-12 02:37 . 2017-10-12 02:40    --------    d-----w-    c:\programdata\HitmanPro
2017-10-12 02:31 . 2017-10-29 00:25    --------    d-----w-    C:\AdwCleaner
2017-10-12 02:30 . 2017-10-12 02:30    --------    d-----w-    c:\programdata\Licenses
2017-10-12 02:30 . 2017-10-29 00:34    --------    d-----w-    c:\program files (x86)\SpywareBlaster
2017-10-12 02:30 . 2012-05-02 17:17    1070152    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2017-10-12 02:30 . 2009-03-24 18:52    129872    ----a-w-    c:\windows\SysWow64\MSSTDFMT.DLL
2017-10-12 02:28 . 2017-10-12 02:28    --------    d-----w-    c:\program files\CCleaner
2017-10-12 02:22 . 2017-10-29 00:31    --------    d-----w-    c:\program files (x86)\Google
2017-10-12 01:59 . 2014-02-21 05:56    20464    ----a-w-    c:\windows\system32\drivers\iusb3hcs.sys
2017-10-12 01:59 . 2014-02-21 05:56    791024    ----a-w-    c:\windows\system32\drivers\iusb3xhc.sys
2017-10-12 01:59 . 2014-02-21 05:56    370672    ----a-w-    c:\windows\system32\drivers\iusb3hub.sys
2017-10-12 01:59 . 2017-10-12 01:59    --------    d-----w-    C:\Intel
2017-10-12 01:51 . 2017-10-12 01:51    --------    d-----w-    c:\windows\SysWow64\RTCOM
2017-10-12 01:51 . 2017-10-12 01:51    --------    d-----w-    c:\program files\Realtek
2017-10-12 01:49 . 2013-10-11 04:47    113576    ----a-w-    c:\windows\system32\CONEQMSAPOGUILibrary.dll
2017-10-12 01:49 . 2014-06-09 02:59    560328    ----a-w-    c:\windows\system32\AERTAC64.dll
2017-10-12 01:49 . 2012-03-08 03:47    108640    ----a-w-    c:\windows\system32\AERTAR64.dll
2017-10-12 01:49 . 2017-10-12 01:52    --------    d--h--w-    c:\program files (x86)\Temp
2017-10-12 01:49 . 2015-06-08 08:13    2825944    ------r-    c:\windows\RtlExUpd.dll
2017-10-12 01:49 . 2017-10-12 01:49    --------    d-----w-    c:\programdata\Intel
2017-10-12 01:49 . 2017-10-12 01:59    --------    d-----w-    c:\program files (x86)\Intel
2017-10-12 01:23 . 2016-07-22 14:58    142336    ----a-w-    c:\windows\system32\poqexec.exe
2017-10-12 01:23 . 2016-07-22 14:51    123904    ----a-w-    c:\windows\SysWow64\poqexec.exe
2017-10-12 00:56 . 2017-04-27 22:50    3550208    ----a-w-    c:\windows\SysWow64\D3DCompiler_47.dll
2017-10-12 00:56 . 2017-04-12 13:05    4296704    ----a-w-    c:\windows\system32\D3DCompiler_47.dll
2017-10-12 00:43 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2017-10-12 00:43 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2017-10-12 00:43 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2017-10-12 00:43 . 2014-07-09 02:03    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2017-10-12 00:43 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2017-10-12 00:43 . 2014-07-09 01:31    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2017-10-12 00:43 . 2014-07-09 01:31    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
2017-10-12 00:14 . 2017-10-12 00:14    --------    d-----w-    c:\program files\ESET
2017-10-12 00:06 . 2017-10-12 00:06    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2017-10-12 00:04 . 2015-07-16 19:12    856064    ----a-w-    c:\windows\SysWow64\rdvidcrl.dll
2017-10-12 00:04 . 2015-07-16 19:12    53248    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2017-10-12 00:04 . 2015-07-16 19:12    6131200    ----a-w-    c:\windows\SysWow64\mstscax.dll
2017-10-12 00:04 . 2015-07-16 19:11    62976    ----a-w-    c:\windows\system32\tsgqec.dll
2017-10-12 00:04 . 2015-07-16 19:11    7077376    ----a-w-    c:\windows\system32\mstscax.dll
2017-10-12 00:04 . 2015-07-16 19:11    1057792    ----a-w-    c:\windows\system32\rdvidcrl.dll
2017-10-12 00:04 . 2015-07-11 13:15    429568    ----a-w-    c:\windows\system32\wksprt.exe
2017-10-12 00:04 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2017-10-12 00:04 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2017-10-12 00:02 . 2016-04-09 04:20    1230848    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2017-10-12 00:02 . 2016-04-09 03:52    1424896    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2017-10-12 00:02 . 2015-02-04 03:16    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2017-10-12 00:02 . 2015-02-04 02:54    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-10-26 17:15 . 2017-06-22 21:01    132848    ----a-w-    c:\windows\system32\drivers\eamonm.sys
2017-10-26 17:15 . 2017-05-04 18:18    180088    ----a-w-    c:\windows\system32\drivers\ehdrv.sys
2017-10-26 17:15 . 2017-05-04 18:18    102160    ----a-w-    c:\windows\system32\drivers\epfwwfp.sys
2017-09-13 23:20 . 2017-09-13 23:20    798008    ----a-w-    c:\windows\SysWow64\vulkan-1-1-0-61-0.dll
2017-09-13 23:20 . 2017-09-13 23:20    490296    ----a-w-    c:\windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:19 . 2017-09-13 23:19    927544    ----a-w-    c:\windows\system32\vulkan-1-1-0-61-0.dll
2017-09-13 23:19 . 2017-09-13 23:19    591160    ----a-w-    c:\windows\system32\vulkaninfo-1-1-0-61-0.exe
2017-09-13 15:08 . 2017-10-12 01:07    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2017-08-30 18:23 . 2017-08-30 18:23    993632    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23    987840    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23    690008    ----a-w-    c:\windows\system32\msvcp120_clr0400.dll
2017-08-30 18:23 . 2017-08-30 18:23    485576    ----a-w-    c:\windows\SysWow64\msvcp120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2017-10-23 44024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GOG Galaxy\GalaxyClientService.exe;c:\program files (x86)\GOG Galaxy\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Controlador del conmutador de la controladora de host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.3\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.3\bin\lmgrd.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S3 iusb3hub;Controlador del concentrador Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Controlador de la controladora de host Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;c:\windows\system32\DRIVERS\XtuAcpiDriver.sys;c:\windows\SYSNATIVE\DRIVERS\XtuAcpiDriver.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RTCORE64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-10-29 00:31    1509208    ----a-w-    c:\program files (x86)\Google\Chrome\Application\62.0.3202.75\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-07-07 14040792]
"egui"="c:\program files\ESET\ESET Security\ecmdS.exe" [2017-10-26 324216]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{A67F9DC9-8A1C-4A22-96AF-77C321D8F18C}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-25908698.sys
SafeBoot-41859191.sys
SafeBoot-43699677.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-10-30 11:36:53
ComboFix-quarantined-files.txt 2017-10-30 17:36
.
Pre-Run: 583,443,259,392 bytes libres
Post-Run: 583,282,987,008 bytes libres
.
- - End Of File - - 942348AD2EFD617B9E699C574617E77B
A36C5E4F47E84449FF07ED3517B43A31
     
    Hijin25, Oct 30, 2017
    #1
  2. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,042
    Location:
    Nebraska, USA
    Combofix was created by sUBS over at Bleeping Computer. It might be best to ask the folks over there about it. From what I remember from long ago, if you are certain everything is working fine, it is safe to delete the files created by the program. But I would not be in a hurry to delete - wait until absolutely sure.

    As far as your Recovery folder, there are many programs that may have created that folder. I would look at the timestamp of the folder and see if it was created at the same time Combofix created other folders.
     
    Bill_Bright, Oct 31, 2017
    #2
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    As Bill mentioned it's best to go to the Bleeping Computer forum for help with ComboFix. In my experience it doesn't cause problems most of the time, but I had one instance where a computer became unusable.
     
    Victek, Oct 31, 2017
    #3
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    24,092
    Location:
    UK
    stapp, Oct 31, 2017
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...