Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix report


  • Please log in to reply
13 replies to this topic

#1 Hijin25

Hijin25

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 08 November 2017 - 02:47 PM

Greetings. Run combofix by a friend's recommendation and he told me to upload the report to this page, although he did not tell me that he should first consult with you.
 
This is my report, what I would like to know is if what I delete the program is dangerous and requires other actions.
 
Thanks in advance.
ComboFix 17-10-17.01 - Hijin 08/11/2017  13:05:22.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.52.3082.18.8158.6195 [GMT -6:00]
Running from: c:\users\Hijin\Desktop\ComboFix.exe
AV: ESET Smart Security *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: Firewall personal de ESET *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\msdownld.tmp
c:\windows\SysWow64\win.ini
.
.
(((((((((((((((((((((((((   Files Created from 2017-10-08 to 2017-11-08  )))))))))))))))))))))))))))))))
.
.
2017-11-08 19:09 . 2017-11-08 19:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2017-11-08 17:32 . 2017-11-08 18:59	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-11-08 17:32 . 2017-11-08 17:32	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2017-11-08 17:32 . 2017-11-08 17:32	--------	d-----w-	c:\programdata\Malwarebytes
2017-11-08 17:32 . 2016-03-10 20:09	64896	----a-w-	c:\windows\system32\drivers\mwac.sys
2017-11-08 17:32 . 2016-03-10 20:08	140672	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2017-11-08 17:32 . 2016-03-10 20:08	27008	----a-w-	c:\windows\system32\drivers\mbam.sys
2017-11-07 15:04 . 2017-11-03 08:06	124920	----a-w-	c:\windows\system32\BootDefrag.exe
2017-11-07 15:04 . 2016-06-23 01:45	17600	----a-w-	c:\windows\system32\drivers\BootDefragDriver.sys
2017-11-07 14:56 . 2017-11-07 14:56	--------	d-----w-	c:\programdata\GlarySoft
2017-11-07 14:51 . 2017-11-07 14:51	20160	----a-w-	c:\windows\system32\drivers\GUBootStartup.sys
2017-11-07 14:51 . 2017-11-07 14:52	--------	d-----w-	c:\program files (x86)\Glary Utilities 5
2017-11-06 02:28 . 2017-11-06 02:28	--------	d-----w-	c:\program files\Sacred
2017-11-06 02:20 . 2017-11-06 02:28	--------	d-----w-	c:\program files (x86)\Sacred
2017-11-06 02:19 . 2017-11-06 02:26	--------	d--h--w-	c:\program files (x86)\FX Uninstall Information
2017-11-02 07:06 . 2017-11-02 07:06	--------	d-----w-	c:\programdata\X3HKR0Xe9I
2017-11-02 07:05 . 2006-03-02 11:00	1392671	------w-	c:\windows\SysWow64\XY_msvbvm60.dll
2017-11-02 07:05 . 2017-11-02 07:12	--------	d-----w-	C:\CivilCAD Demo para AutoCAD 2013-2014
2017-11-02 07:05 . 2008-01-25 01:40	155648	----a-w-	c:\windows\SysWow64\crpk07.dll
2017-11-02 06:42 . 2017-11-02 06:42	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2017-11-02 06:34 . 2017-11-02 06:34	--------	d-----w-	c:\program files (x86)\Common Files\AnswerWorks 4.0
2017-11-02 06:33 . 2017-11-02 06:33	--------	d-----w-	c:\program files (x86)\Common Files\Data Dynamics
2017-11-02 06:33 . 2017-11-02 06:33	--------	d-----w-	c:\program files (x86)\Common Files\Tom Sawyer Software
2017-11-02 06:33 . 2017-11-02 06:33	--------	d-----w-	C:\Python27
2017-11-02 06:31 . 2017-11-02 06:31	--------	d-----w-	c:\programdata\FNP
2017-11-02 06:31 . 2017-11-02 06:56	--------	d-----w-	c:\programdata\FLEXnet
2017-11-02 06:30 . 2017-11-02 06:30	--------	d-----w-	c:\program files (x86)\Common Files\Macrovision Shared
2017-11-02 06:30 . 2017-11-02 06:33	--------	d-----w-	c:\program files (x86)\Common Files\ArcGIS
2017-11-02 06:30 . 2017-11-02 06:33	--------	d-----w-	c:\program files (x86)\ArcGIS
2017-11-02 06:28 . 2017-11-02 06:28	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2017-11-02 06:28 . 2017-11-02 07:04	--------	d-----w-	c:\program files\Common Files\Autodesk Shared
2017-11-02 06:28 . 2017-11-02 06:28	--------	d-----w-	c:\program files\Autodesk
2017-11-02 06:26 . 2017-11-02 06:26	--------	d-----w-	c:\program files (x86)\Autodesk
2017-11-02 06:26 . 2017-11-02 06:28	--------	d-----w-	c:\program files (x86)\Common Files\Autodesk Shared
2017-11-02 06:23 . 2017-11-02 07:04	--------	d-----w-	c:\programdata\Autodesk
2017-11-02 06:19 . 2017-11-02 06:19	--------	d-----w-	c:\program files (x86)\AutoDWG
2017-11-02 06:08 . 2017-11-02 06:08	--------	d-----w-	c:\program files (x86)\GlobalMapper12
2017-11-02 06:07 . 2017-11-02 06:07	--------	d-----w-	c:\program files (x86)\NirSoft
2017-11-02 05:42 . 2017-11-05 19:30	--------	d-----w-	c:\program files\VS Revo Group
2017-11-02 05:30 . 2017-11-02 05:30	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2017-11-02 04:09 . 2017-11-03 21:40	--------	d-----w-	c:\program files (x86)\RivaTuner Statistics Server
2017-11-02 04:09 . 2017-11-08 05:46	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2017-11-02 04:08 . 2017-11-02 04:09	--------	d-----w-	c:\program files\WinRAR
2017-11-02 04:03 . 2017-11-02 04:03	--------	d-----w-	c:\program files (x86)\VideoLAN
2017-11-02 03:59 . 2017-11-02 04:00	--------	d-----w-	c:\program files\LibreOffice 5
2017-11-02 00:31 . 2017-11-02 00:31	--------	d--h--w-	c:\program files\Common Files\EAInstaller
2017-11-01 22:46 . 2017-11-01 22:46	--------	d-----w-	c:\programdata\Electronic Arts
2017-11-01 22:45 . 2017-11-02 03:18	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2017-11-01 20:59 . 2000-06-24 05:05	136704	----a-w-	c:\windows\SysWow64\iacenc.dll
2017-11-01 20:59 . 2000-06-23 04:09	56320	----a-w-	c:\windows\SysWow64\iyvu9_32.dll
2017-11-01 19:21 . 2017-11-08 03:05	--------	d-----w-	c:\program files (x86)\StarCraft
2017-11-01 19:21 . 2017-11-08 03:05	--------	d-----w-	c:\program files (x86)\Diablo III
2017-11-01 19:05 . 2017-11-01 19:05	--------	d-----w-	C:\Temp
2017-11-01 19:05 . 2017-11-01 19:05	--------	d-----w-	c:\programdata\Futuremark
2017-11-01 19:04 . 2017-11-01 19:04	--------	d-----w-	c:\program files (x86)\Futuremark
2017-11-01 18:30 . 2017-11-01 18:30	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2017-11-01 18:30 . 2017-11-01 18:30	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2017-11-01 18:30 . 2017-11-01 18:30	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2017-11-01 18:30 . 2017-11-01 18:30	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2017-11-01 18:30 . 2017-11-01 18:30	--------	d-----w-	c:\program files (x86)\OpenAL
2017-11-01 12:01 . 2017-11-02 04:40	--------	d-----w-	c:\program files (x86)\Origin Games
2017-11-01 11:59 . 2017-11-01 11:59	--------	d-----w-	c:\program files (x86)\Origin
2017-11-01 11:58 . 2017-11-02 04:53	--------	d-----w-	c:\programdata\Origin
2017-11-01 11:55 . 2017-11-01 11:55	--------	d-----w-	c:\program files (x86)\Ubisoft
2017-11-01 11:50 . 2017-11-08 01:23	--------	d-----w-	c:\program files (x86)\GOG Galaxy
2017-11-01 11:50 . 2017-11-01 11:50	--------	d-----w-	c:\programdata\GOG.com
2017-11-01 11:49 . 2017-11-01 11:49	--------	d-----w-	c:\programdata\Blizzard Entertainment
2017-11-01 11:48 . 2017-11-08 03:02	--------	d-----w-	c:\program files (x86)\Battle.net
2017-11-01 11:46 . 2017-11-01 11:47	--------	d-----w-	c:\programdata\Battle.net
2017-11-01 11:43 . 2017-11-02 04:55	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2017-11-01 11:43 . 2017-11-08 06:13	--------	d-----w-	c:\program files (x86)\Steam
2017-11-01 11:08 . 2017-10-27 17:46	1951	----a-w-	c:\windows\NvTelemetryContainerRecovery.bat
2017-11-01 11:08 . 2017-10-27 16:06	136312	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2017-11-01 11:05 . 2017-10-27 17:46	981112	----a-w-	c:\windows\system32\NvIFR64.dll
2017-11-01 11:03 . 2017-11-01 11:08	--------	d-----w-	c:\program files\NVIDIA Corporation
2017-11-01 10:44 . 2014-02-21 05:56	20464	----a-w-	c:\windows\system32\drivers\iusb3hcs.sys
2017-11-01 10:44 . 2014-02-21 05:56	791024	----a-w-	c:\windows\system32\drivers\iusb3xhc.sys
2017-11-01 10:44 . 2014-02-21 05:56	370672	----a-w-	c:\windows\system32\drivers\iusb3hub.sys
2017-11-01 10:44 . 2017-11-01 10:44	--------	d-----w-	C:\Intel
2017-11-01 10:37 . 2017-11-01 10:37	--------	d-----w-	c:\windows\SysWow64\RTCOM
2017-11-01 10:37 . 2017-11-01 10:37	--------	d-----w-	c:\program files\Realtek
2017-11-01 10:37 . 2009-11-24 01:55	518896	----a-w-	c:\windows\system32\SRSTSX64.dll
2017-11-01 10:37 . 2009-11-24 01:55	211184	----a-w-	c:\windows\system32\SRSTSH64.dll
2017-11-01 10:37 . 2009-11-24 01:55	198896	----a-w-	c:\windows\system32\SRSHP64.dll
2017-11-01 10:37 . 2009-11-24 01:55	155888	----a-w-	c:\windows\system32\SRSWOW64.dll
2017-11-01 10:37 . 2011-12-20 07:32	331880	----a-w-	c:\windows\system32\RtlCPAPI64.dll
2017-11-01 10:37 . 2015-06-30 08:04	184688	----a-w-	c:\windows\system32\RtkCfg64.dll
2017-11-01 10:37 . 2015-06-17 06:45	3234520	----a-w-	c:\windows\system32\RtkApi64.dll
2017-11-01 10:37 . 2011-11-22 08:28	14952	----a-w-	c:\windows\system32\RtkCoLDR64.dll
2017-11-01 10:37 . 2015-05-15 11:27	2918104	----a-w-	c:\windows\system32\RtPgEx64.dll
2017-11-01 10:37 . 2014-11-11 05:44	631000	----a-w-	c:\windows\system32\RtDataProc64.dll
2017-11-01 10:35 . 2017-11-01 10:38	--------	d--h--w-	c:\program files (x86)\Temp
2017-11-01 10:35 . 2015-06-08 08:13	2825944	------r-	c:\windows\RtlExUpd.dll
2017-11-01 10:34 . 2017-11-01 10:34	--------	d-----w-	c:\programdata\Intel
2017-11-01 10:34 . 2017-11-01 10:44	--------	d-----w-	c:\program files (x86)\Intel
2017-11-01 10:19 . 2017-11-01 10:21	--------	d-----w-	c:\programdata\HitmanPro
2017-11-01 09:26 . 2017-11-01 09:26	--------	d-----w-	c:\programdata\Licenses
2017-11-01 09:26 . 2017-11-01 09:26	--------	d-----w-	c:\program files (x86)\SpywareBlaster
2017-11-01 09:26 . 2012-05-02 18:17	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2017-11-01 09:26 . 2009-03-24 19:52	129872	----a-w-	c:\windows\SysWow64\MSSTDFMT.DLL
2017-11-01 09:23 . 2017-11-02 21:46	--------	d-----w-	c:\program files\CCleaner
2017-11-01 09:14 . 2017-11-01 09:15	--------	d-----w-	c:\program files (x86)\Google
2017-11-01 09:04 . 2017-11-01 09:04	--------	d-----w-	c:\program files\Microsoft Silverlight
2017-11-01 09:04 . 2017-11-01 09:04	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2017-11-01 08:30 . 2017-11-01 08:30	--------	d-----w-	c:\program files\ESET
2017-11-01 08:24 . 2016-07-22 14:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2017-11-01 08:24 . 2016-07-22 14:51	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2017-11-01 08:06 . 2017-11-01 08:06	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2017-11-01 07:54 . 2017-09-13 15:28	1212928	----a-w-	c:\windows\system32\rpcrt4.dll
2017-11-01 07:43 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2017-11-01 07:43 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2017-11-01 07:43 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2017-11-01 07:43 . 2014-07-09 02:03	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2017-11-01 07:43 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2017-11-01 07:43 . 2014-07-09 01:31	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2017-11-01 07:43 . 2014-07-09 01:31	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2017-11-01 07:30 . 2015-07-11 13:15	429568	----a-w-	c:\windows\system32\wksprt.exe
2017-11-01 07:30 . 2015-07-16 19:12	856064	----a-w-	c:\windows\SysWow64\rdvidcrl.dll
2017-11-01 07:30 . 2015-07-16 19:12	53248	----a-w-	c:\windows\SysWow64\tsgqec.dll
2017-11-01 07:30 . 2015-07-16 19:12	6131200	----a-w-	c:\windows\SysWow64\mstscax.dll
2017-11-01 07:30 . 2015-07-16 19:11	62976	----a-w-	c:\windows\system32\tsgqec.dll
2017-11-01 07:30 . 2015-07-16 19:11	7077376	----a-w-	c:\windows\system32\mstscax.dll
2017-11-01 07:30 . 2015-07-16 19:11	1057792	----a-w-	c:\windows\system32\rdvidcrl.dll
2017-11-01 07:30 . 2013-11-26 08:16	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2017-11-01 07:30 . 2013-11-22 22:48	3928064	----a-w-	c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-28 10:07 . 2017-09-28 10:07	87880	----a-w-	c:\windows\system32\vcruntime140.dll
2017-09-28 10:07 . 2017-09-28 10:07	633144	----a-w-	c:\windows\system32\msvcp140.dll
2017-09-28 10:07 . 2017-09-28 10:07	395592	----a-w-	c:\windows\system32\vccorlib140.dll
2017-09-28 10:07 . 2017-09-28 10:07	333632	----a-w-	c:\windows\system32\concrt140.dll
2017-09-25 15:31 . 2017-09-25 15:31	132848	----a-w-	c:\windows\system32\drivers\eamonm.sys
2017-09-25 15:31 . 2017-09-25 15:31	102160	----a-w-	c:\windows\system32\drivers\epfwwfp.sys
2017-09-13 23:20 . 2017-09-13 23:20	798008	----a-w-	c:\windows\SysWow64\vulkan-1-1-0-61-0.dll
2017-09-13 23:20 . 2017-09-13 23:20	490296	----a-w-	c:\windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:19 . 2017-09-13 23:19	927544	----a-w-	c:\windows\system32\vulkan-1-1-0-61-0.dll
2017-09-13 23:19 . 2017-09-13 23:19	591160	----a-w-	c:\windows\system32\vulkaninfo-1-1-0-61-0.exe
2017-09-13 15:08 . 2017-11-01 07:54	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2017-11-03 44024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GOG Galaxy\GalaxyClientService.exe;c:\program files (x86)\GOG Galaxy\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 iusb3hcs;Controlador del conmutador de la controladora de host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.3\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.3\bin\lmgrd.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S3 iusb3hub;Controlador del concentrador Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Controlador de la controladora de host Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-11-06 21:22	1509208	----a-w-	c:\program files (x86)\Google\Chrome\Application\62.0.3202.89\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2017-10-10 324216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-07-07 14040792]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{7F767935-3198-471A-A446-0063634CFA9D}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-63169023.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-11-08  13:11:35
ComboFix-quarantined-files.txt  2017-11-08 19:11
.
Pre-Run: 619,427,725,312 bytes libres
Post-Run: 619,265,396,736 bytes libres
.
- - End Of File - - 4944EE6439D2459C8EFEB46E1EDD54DA
A36C5E4F47E84449FF07ED3517B43A31

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 37,696 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:02 PM

Posted 09 November 2017 - 09:25 AM

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 Hijin25

Hijin25
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 09 November 2017 - 01:45 PM

Thank you very much for your attention. These are my reports.
 
Now, in general there is no perceptible problem in my PC, I just have the habit of analyzing my machine with malwarebytes, adwcleaner and my antivirus every week to see that I have not brought any bug from work or from the daily navigation. And coincided that a friend was here at home while doing my analysis and recommended me to use Combofix, as the analysis of the other tools came out clean, and I saw that combofix if I delete things, I wanted to know what was deleted and if it is dangerous.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 37,696 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:02 PM

Posted 10 November 2017 - 08:12 AM


Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Media Router) - C:\Users\Hijin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-01]
S3 catchme; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#5 Hijin25

Hijin25
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 10 November 2017 - 02:04 PM

Thanks again for your help. Here is the fixlog.
 
If it is not annoying, what was it that was deleted?

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 37,696 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:02 PM

Posted 11 November 2017 - 09:09 AM



Hi,

I have removed the Chrome Restrictions. Nothing malicious.


Your System restore is disabled.

Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
<<<>>>

#7 Hijin25

Hijin25
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 11 November 2017 - 09:19 AM

Thank you very much. Is it essential to activate the restoration of the system? Since I use ESET I deactivate it by choice, since it seems that this antivirus does not allow restorations to be carried out correctly and nothing else takes up space.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 37,696 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:02 PM

Posted 11 November 2017 - 10:00 AM

Hi,

I never seen a problem with Eset and the System restore operating system.

You can check with Eset if both can work together.

If I was you I would remove Eset using their uninstaller.
https://support.eset.com/kb2289/

Create my System Restore point.

Restart the computer and reinstall Eset.

Your call.

#9 Hijin25

Hijin25
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 11 November 2017 - 05:33 PM

Thank you very much for the help.
 
If you consider that my PC does not have anything serious, for my part I do not bother them anymore.
 
I thank you again for the time you have borrowed.

Edited by Hijin25, 11 November 2017 - 05:34 PM.


#10 Hijin25

Hijin25
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 12 November 2017 - 12:32 PM

Sorry to bother you again, run Farbar Recovery Scan Tool again and I found three processes "(Microsoft Corporation) C:\Windows\System32\dllhost.exe" that did not appear in my previous scan. They are normal?

Attached Files


Edited by Hijin25, 12 November 2017 - 12:32 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 37,696 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:02 PM

Posted 12 November 2017 - 01:30 PM

Hi,

Do you have any other issues with this computer?

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

#12 Hijin25

Hijin25
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 12 November 2017 - 06:30 PM

Thank you for your attention, these are the reports.

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 37,696 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:02 PM

Posted 13 November 2017 - 08:07 AM

All clean.

#14 Hijin25

Hijin25
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 13 November 2017 - 05:03 PM

thank you very much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users