Jump to content

Infected with PUP.crossfire.sa - Windows 8


Recommended Posts

Hello,

I recently ran a Malwarebytes scan and noticed my computer has been invected with this. After doing some reading up on it, I've realized that the removal process can be complex so I'm hoping I can get some assistance here. I've pasted the Malwarebytes log below and attached the DDS logs. Any assistance is greatly appreciated.

Thanks!

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.22.04

Windows 7 x64 NTFS

Internet Explorer 9.10.9200.16453

Chris :: CMFT-PC [administrator]

12/22/2012 11:04:58 AM

mbam-log-2012-12-22 (11-14-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205484

Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.

Registry Values Detected: 1

HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16453

Run by Chris at 11:26:20 on 2012-12-22

Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8153.5201 [GMT -6:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dashost.exe

c:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhostex.exe

C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

C:\Windows\System32\WUDFHost.exe

C:\Users\Chris\AppData\Roaming\Spotify\spotify.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\WindowsApps\Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe\glcnd.exe

C:\Windows\system32\wwahost.exe

C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://dell13.msn.com

uDefault_Page_URL = hxxp://dell13.msn.com

mWinlogon: Userinit = userinit.exe

BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll

uRun: [spotify] "C:\Users\Chris\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

uRun: [AdobeBridge] <no file>

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [shwicon9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe

mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [HDD Regenerator] "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mPolicies-System: DisableCAD = dword:1

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{DF9252E6-F00F-4CA5-AC02-87563A5E2637} : DHCPNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4

x64-Run: [btTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe"

x64-Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-mPolicies-System: DisableCAD = dword:1

x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\cb6yns64.default\

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - ExtSQL: 2012-11-25 16:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\cb6yns64.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-02 15:29; crossriderapp4493@crossrider.com; C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\cb6yns64.default\extensions\crossriderapp4493@crossrider.com

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]

R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-10-16 92536]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-10-16 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-16 239616]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-7-2 128640]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-16 7168]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-16 165760]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2012-10-16 1919336]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-16 364416]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-10-16 77824]

R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-10-16 88728]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-10-16 98472]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-10-16 344216]

R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-10-16 114840]

R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-10-16 33944]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-10-16 178840]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-10-16 76952]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-10-16 135832]

R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-10-16 572056]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-10-16 342528]

R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-7-11 25584]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-10-16 683664]

S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2012-10-16 10752]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2012-12-22 10:36:20 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1783AB8C-8383-42FC-8B02-626FD3F15538}\mpengine.dll

2012-12-21 09:00:09 9125352 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-12-19 03:21:54 -------- d-----w- C:\Program Files (x86)\NCH Software

2012-12-19 03:10:01 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2012-12-19 03:01:26 -------- d-----w- C:\Users\Chris\AppData\Local\Adobe

2012-12-16 20:36:05 -------- d-----w- C:\Program Files (x86)\Canon

2012-12-16 20:36:01 -------- d-----w- C:\Program Files\Canon

2012-12-16 20:18:23 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAE.DLL

2012-12-16 20:18:23 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAE.DLL

2012-12-16 20:18:21 361472 ----a-w- C:\Windows\System32\CNMLMAE.DLL

2012-12-16 20:18:05 348672 ----a-w- C:\Windows\System32\CNC5200L.dll

2012-12-16 20:18:05 307200 ----a-w- C:\Windows\SysWow64\CNC5200L.dll

2012-12-16 20:18:05 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll

2012-12-16 20:18:05 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll

2012-12-16 20:18:05 1354240 ----a-w- C:\Windows\System32\CNC5200C.dll

2012-12-16 20:18:05 112128 ----a-w- C:\Windows\System32\CNC5200I.dll

2012-12-16 20:18:05 106496 ----a-w- C:\Windows\SysWow64\CNC5200U.dll

2012-12-16 15:23:54 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll

2012-12-14 01:35:16 144384 ----a-w- C:\Windows\System32\tssdisai.dll

2012-12-14 01:35:16 135680 ----a-w- C:\Windows\System32\appserverai.dll

2012-12-14 01:35:16 126976 ----a-w- C:\Windows\System32\RDWebAI.dll

2012-12-14 01:35:16 122880 ----a-w- C:\Windows\System32\VmHostAI.dll

2012-12-14 01:35:15 148480 ----a-w- C:\Windows\System32\poqexec.exe

2012-12-14 01:35:15 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe

2012-12-12 22:02:59 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2012-12-12 22:02:58 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2012-12-12 21:51:59 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-12-12 21:51:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2012-12-07 18:59:32 -------- d-----w- C:\Program Files (x86)\HDD Regenerator

2012-12-07 18:59:08 -------- d-----w- C:\Users\Chris\AppData\Local\Downloaded Installations

2012-12-02 21:30:39 -------- d-----w- C:\Program Files (x86)\Common Files\COWON

2012-12-02 21:30:36 -------- d-----w- C:\Program Files (x86)\JetAudio

2012-12-02 21:29:28 -------- d-----w- C:\Users\Chris\AppData\Local\Google

2012-12-02 21:29:28 -------- d-----w- C:\Users\Chris\AppData\Local\Coupon Companion

2012-12-02 21:29:26 -------- d-----w- C:\Program Files (x86)\Coupon Companion

2012-12-02 21:23:24 -------- d-----w- C:\Users\Chris\AppData\Roaming\WebApp

2012-12-02 21:20:20 -------- d-----w- C:\Users\Chris\AppData\Local\Cyberlink

2012-12-01 07:37:36 -------- d-----w- C:\Users\Chris\AppData\Local\Spotify

2012-11-30 05:21:54 -------- d-----w- C:\Users\Chris\AppData\Local\webkit

2012-11-30 04:15:03 -------- d-----w- C:\Users\Chris\.thumbnails

2012-11-30 04:14:07 -------- d-----w- C:\Users\Chris\AppData\Local\fontconfig

2012-11-30 04:14:06 -------- d-----w- C:\Users\Chris\AppData\Local\gegl-0.2

2012-11-30 04:14:06 -------- d-----w- C:\Users\Chris\.gimp-2.8

2012-11-30 04:13:23 -------- d-----w- C:\Program Files\GIMP 2

2012-11-29 22:54:55 -------- d-----w- C:\Program Files\Paint.NET

2012-11-29 22:54:45 -------- d-----w- C:\Users\Chris\AppData\Local\Paint.NET

2012-11-28 02:29:04 405504 ----a-w- C:\Windows\System32\pcasvc.dll

2012-11-28 02:29:03 31232 ----a-w- C:\Windows\System32\pcadm.dll

2012-11-28 02:29:03 13312 ----a-w- C:\Windows\System32\pcalua.exe

2012-11-28 02:29:03 11776 ----a-w- C:\Windows\System32\pcaevts.dll

2012-11-26 03:28:03 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2012-11-25 23:11:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes

2012-11-25 22:00:29 -------- d-----w- C:\Users\Chris\AppData\Local\Diagnostics

2012-11-24 23:10:11 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery

2012-11-24 23:02:12 -------- d-----w- C:\Users\Chris\AppData\Local\softthinks

2012-11-24 22:59:01 80736 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-24 22:59:01 695648 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll

2012-11-20 08:00:23 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-11-20 05:24:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll

2012-11-20 05:24:17 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll

2012-11-20 05:17:23 1184256 ----a-w- C:\Windows\System32\Display.dll

2012-11-20 05:17:20 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll

2012-11-20 05:02:46 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL

2012-11-20 04:59:26 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL

2012-11-20 04:56:27 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2012-11-20 04:56:11 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2012-11-20 04:54:31 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys

2012-11-13 04:20:30 1120768 ----a-w- C:\Windows\System32\msctf.dll

2012-11-13 04:19:23 890880 ----a-w- C:\Windows\SysWow64\msctf.dll

2012-11-13 04:19:14 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll

2012-11-13 04:19:14 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll

2012-11-09 04:49:51 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:03:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-08 04:25:36 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll

2012-11-08 04:25:36 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll

2012-11-08 04:25:36 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll

2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll

2012-11-08 04:23:55 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-11-08 04:22:21 641536 ----a-w- C:\Windows\System32\WSShared.dll

2012-11-08 04:22:20 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll

2012-11-08 04:22:20 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll

2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll

2012-11-08 04:22:12 907776 ----a-w- C:\Windows\System32\uxtheme.dll

2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll

2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll

2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll

2012-11-08 04:20:26 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll

2012-11-08 04:01:40 3072 ----a-w- C:\Windows\SysWow64\lpk.dll

2012-11-08 04:00:59 362496 ----a-w- C:\Windows\System32\atmfd.dll

2012-11-08 04:00:11 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-11-08 03:59:49 4056576 ----a-w- C:\Windows\System32\win32k.sys

2012-11-08 01:56:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2012-11-06 07:52:07 445160 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2012-11-06 07:52:04 277736 ----a-w- C:\Windows\System32\drivers\msiscsi.sys

2012-11-06 07:36:23 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2012-11-06 07:36:14 96488 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys

2012-11-06 07:35:34 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2012-11-06 07:35:31 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2012-11-06 07:33:46 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll

2012-11-06 07:33:46 253512 ----a-w- C:\Windows\System32\audiodg.exe

2012-11-06 07:33:45 490064 ----a-w- C:\Windows\System32\AudioEng.dll

2012-11-06 07:33:45 447792 ----a-w- C:\Windows\System32\AudioSes.dll

2012-11-06 07:33:30 1566432 ----a-w- C:\Windows\System32\ole32.dll

2012-11-06 05:00:06 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll

2012-11-06 05:00:06 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll

2012-11-06 05:00:06 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll

2012-11-06 04:54:13 2205696 ----a-w- C:\Windows\SysWow64\PrintConfig.dll

2012-11-06 04:48:27 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll

2012-11-06 04:19:59 470016 ----a-w- C:\Windows\System32\wlanmsm.dll

2012-11-06 04:18:58 84992 ----a-w- C:\Windows\SysWow64\fdWCN.dll

2012-11-06 04:17:58 110080 ----a-w- C:\Windows\System32\dafWCN.dll

2012-11-06 04:17:44 718848 ----a-w- C:\Windows\System32\BFE.DLL

2012-11-06 04:17:43 2302464 ----a-w- C:\Windows\System32\authui.dll

2012-11-06 04:17:42 785920 ----a-w- C:\Windows\System32\audiosrv.dll

2012-11-06 04:17:41 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll

2012-11-06 04:17:35 2146816 ----a-w- C:\Windows\System32\actxprxy.dll

2012-11-06 04:17:33 322560 ----a-w- C:\Windows\System32\aaclient.dll

2012-11-06 04:17:32 212992 ----a-w- C:\Windows\System32\bthprops.cpl

2012-11-06 04:00:44 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll

2012-11-06 04:00:17 16384 ----a-w- C:\Windows\System32\iscsilog.dll

2012-11-06 03:58:53 9728 ----a-w- C:\Windows\System32\wlanhlp.dll

2012-11-06 03:56:35 9728 ----a-w- C:\Windows\SysWow64\wlanhlp.dll

2012-11-06 03:55:44 22528 ----a-w- C:\Windows\System32\drivers\fxppm.sys

2012-11-06 03:55:09 212992 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2012-11-06 03:55:02 90624 ----a-w- C:\Windows\System32\drivers\amdk8.sys

2012-11-06 03:55:02 89088 ----a-w- C:\Windows\System32\drivers\intelppm.sys

2012-11-06 03:55:02 88064 ----a-w- C:\Windows\System32\drivers\amdppm.sys

2012-11-06 03:55:02 87552 ----a-w- C:\Windows\System32\drivers\processr.sys

2012-11-06 03:54:40 74752 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2012-11-06 03:54:09 859136 ----a-w- C:\Windows\System32\drivers\http.sys

2012-11-06 03:53:56 51712 ----a-w- C:\Windows\System32\drivers\bthenum.sys

2012-11-06 03:53:44 560640 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-11-06 03:53:12 1171968 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-11-06 03:52:49 366080 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2012-11-06 03:51:47 665600 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-03 05:26:59 132096 ----a-w- C:\Windows\System32\sysreset.exe

2012-11-03 05:26:40 34816 ----a-w- C:\Windows\System32\dpnsvr.exe

2012-11-03 05:26:12 32256 ----a-w- C:\Windows\SysWow64\dpnsvr.exe

2012-11-03 05:25:40 945152 ----a-w- C:\Windows\System32\resetengmig.dll

2012-11-03 05:25:40 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2012-11-03 05:25:40 1009664 ----a-w- C:\Windows\System32\reseteng.dll

2012-11-03 05:25:39 443392 ----a-w- C:\Windows\System32\ReAgent.dll

2012-11-03 05:24:34 8192 ----a-w- C:\Windows\SysWow64\dpnhupnp.dll

2012-11-03 05:24:34 8192 ----a-w- C:\Windows\SysWow64\dpnhpast.dll

2012-11-03 05:24:34 58880 ----a-w- C:\Windows\SysWow64\dpnathlp.dll

2012-11-03 05:24:34 375808 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-03 05:24:11 9216 ----a-w- C:\Windows\System32\dpnhupnp.dll

.

============= FINISH: 11:26:38.46 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume1

Install Date: 11/19/2012 6:27:05 PM

System Uptime: 12/18/2012 9:23:55 PM (86 hours ago)

.

Motherboard: Dell Inc. | | 0NW73C

Processor: Intel® Core i5-3350P CPU @ 3.10GHz | CPU 1 | 2900/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 923 GiB total, 645.561 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is FIXED (NTFS) - 466 GiB total, 255.245 GiB free.

J: is Removable

X: is FIXED (NTFS) - 7 GiB total, 0.301 GiB free.

Y: is FIXED (NTFS) - 0 GiB total, 0.225 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP7: 12/7/2012 12:59:22 PM - Installed HDD Regenerator.

RP8: 12/12/2012 4:00:49 PM - Windows Update

RP9: 12/15/2012 4:17:17 PM - Windows Update

RP10: 12/18/2012 7:20:55 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 Plugin

Adobe Photoshop CS6

AMD APP SDK Runtime

AMD Catalyst Install Manager

Bonjour

Canon Easy-PhotoPrint EX

Canon MG5200 series MP Drivers

Canon MP Navigator EX 4.0

Canon My Printer

Catalyst Control Center

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Coupon Companion

COWON Media Center - jetAudio Basic VX

CyberLink LabelPrint 2.5

CyberLink Media Suite 10

CyberLink Media Suite Essentials

CyberLink Power2Go 8

CyberLink PowerDirector 10

CyberLink PowerDVD 10

D3DX10

Dell Backup and Recovery

Dell Backup and Recovery - Support Software

Dell Digital Delivery

Dell Support Center

Dell WLAN and Bluetooth Client Installation

DSC/AA Factory Installer

GIMP 2.8.2

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Trusted Connect Service Client

K-Lite Codec Pack 9.5.5 (Standard)

Malwarebytes Anti-Malware version 1.65.1.1000

MediaMonkey 4.0

Microsoft Application Error Reporting

Microsoft Office

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Movie Maker

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

MSVCRT110_amd64

Multimedia Card Reader

PDF Settings CS6

Photo Common

Photo Gallery

PhotoStage Slideshow Producer

Qualcomm Atheros Bluetooth Suite (64)

Realtek High Definition Audio Driver

Spotify

VLC media player 2.0.4

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

12/22/2012 5:13:27 AM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.

12/18/2012 10:09:43 PM, Error: Ntfs [137] - The default transaction resource manager on volume I: encountered a non-retryable error and could not start. The data contains the error code.

12/18/2012 10:09:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

.

==== End Of File ===========================

Edited by Maurice Naggar
Link to post
Share on other sites

Hello and welcome to MalwareBytes forums.

Go back into MBAM, do another Quick scan and this time have it remove what it "tags".

e.g. specifically remove these 2 (and anything else it tags)

Registry Keys Detected: 1

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.

Registry Values Detected: 1

HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> No action taken.

There will be more to follow. Do not do any websurfing for duration of this case, until I give the all clear.

Link to post
Share on other sites

Thanks for your help and the quick response! Something odd is happening because I just re-ran the and no objects came up this time:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.22.04

Windows 7 x64 NTFS

Internet Explorer 9.10.9200.16453

Chris :: CMFT-PC [administrator]

12/22/2012 12:06:07 PM

mbam-log-2012-12-22 (12-06-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205512

Time elapsed: 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I want you to go to Control Panel >> Programs and Features

then look to see if Coupon Companion

is installed

and if so, then Uninstall it.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.