just4ubaby30
Members-
Posts
2 -
Joined
-
Last visited
Reputation
0 Neutral-
Over 240 viruses - Help?
just4ubaby30 replied to just4ubaby30's topic in Resolved Malware Removal Logs
What if I get a brand new tower? Will everything be okay after I change all my passwords? -
My family was recently in a move, and our computer had been fine until we arrived in our new house. Suddenly my AVG was missing and other files were gone. I tried setting up my new printer and fax machine for my home business, and every time I logged back onto the computer, my newly installed software was gone. My daughter installed MBAM onto the computer and when she performed a quick scan, she found 248 viruses, and we're still finding more with each scan. MBAM had her restart the computer, and when we logged back on, MBAM was gone too. We can't even open Internet Explorer without getting notified of threats, and my computer now has "PC Performer" and "Babylon Toolbar" which won't uninstall. Please help? Here's one of the logs from MBAM. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.20.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Josie :: DOMINGUEZ [administrator] Protection: Enabled 7/20/2012 4:46:18 PM mbam-log-2012-07-20 (16-46-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 312816 Time elapsed: 10 minute(s), 3 second(s) Memory Processes Detected: 4 C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> 6732 -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> 12460 -> No action taken. C:\Windows\svchost.exe (Trojan.Agent) -> 816 -> Delete on reboot. C:\Windows\svcs.exe (Trojan.Downloader) -> 2700 -> Delete on reboot. Memory Modules Detected: 9 C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll (PUP.MyWebSearch) -> No action taken. C:\Windows\System32\FastUserSwitchingCompatibilityex.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot. C:\Windows\Temp\lupeci.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Temp\qendsr.dll (Trojan.Medfos) -> Delete on reboot. Registry Keys Detected: 100 HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{60fc9013-4a5a-4306-9695-fce0a6617f22} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.ToolbarPlugin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.SettingsPlugin (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743} (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.Radio.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.Radio (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.RadioSettings.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.RadioSettings (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.DynamicBarButton (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.DynamicBarButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.FeedManager (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.FeedManager.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.HTMLMenu (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.HTMLPanel (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.MultipleButton (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.MultipleButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.ScriptButton (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.ScriptButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.UrlAlertButton (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.XMLSessionPlugin (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.XMLSessionPlugin.1 (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{411b1946-3277-4a7f-9f60-745266360613} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{ebaf2b4f-510a-47c7-86ba-e7d94d1162f6} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{86d02bcf-0e0e-444f-8a8d-2d5c4a9e6578} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{20bcce5a-c687-46ff-8dd2-ad8235f5f2b4} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{a4116f8c-a634-4536-b9ef-6b9ebcc5bae1} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{457a4cb8-0391-409d-98b4-c4ccb2849670} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{7924fd2b-877c-4395-a063-a88ab887ea6d} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{def07acd-bcea-4269-933a-4087d20842bb} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully. HKCR\.pox (Rogue.FixTool) -> Quarantined and deleted successfully. HKCR\pofile (Rogue.FixTool) -> Quarantined and deleted successfully. HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully. HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully. HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully. HKCR\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{8542e415-0e53-4261-8be4-0d1598229d90} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{ebbc4e43-292a-40df-88e3-3262b7521460} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{53ca18e7-5223-4358-9fd9-97c62c66c5bd} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2} (PUP.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 20 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponAlert_2p Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: CÃb4¾CA¯pÎûVôoÆ -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Cleaman) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Cleaman) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\Microsoft\wtzvdsv.dll",DllRegisterServer -> Quarantined and deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\Microsoft\wtzvdsv.dll",DllRegisterServer -> Quarantined and deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VerCheck (Adware.SanctionedMedia) -> Data: "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe" -> Quarantined and deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\rqguerynk.dll",DllRegisterServer -> Quarantined and deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|afcdbffceffbdct (Rootkit.TDSS) -> Data: "C:\ProgramData\afcdbffceffbdct.exe" -> Quarantined and deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Programs (Trojan.Happili.XGen2) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Programs\airlock32.dll",DllRegisterServer -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\Windows\svcs.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 7 C:\Program Files (x86)\CouponAlert_2p (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 104 C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll (PUP.MyWebSearch) -> No action taken. C:\Users\Guest\AppData\Local\Temp\e65y4191.tmp\VeohWebPlayerSetup_us.exe (PUP.BundleInstaller.IB) -> No action taken. C:\Users\Josie\AppData\Local\Temp\Dealio.exe (PUP.Dealio.TB) -> No action taken. C:\Windows\Temp\DealioToolbar.exe (PUP.Dealio.TB) -> No action taken. C:\Users\Josie\Downloads\CouponAlert.exe (PUP.FunWebProducts) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll (PUP.MyWebSearch) -> No action taken. C:\Windows\System32\FastUserSwitchingCompatibilityex.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot. C:\Windows\Temp\lupeci.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Temp\qendsr.dll (Trojan.Medfos) -> Delete on reboot. C:\Windows\System32\config\systemprofile\AppData\Local\dplaysvr.exe (Trojan.Cleaman) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\MSoft\Microsoft\wtzvdsv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe (Adware.SanctionedMedia) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Google\rqguerynk.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\ProgramData\afcdbffceffbdct.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\SanctionedMedia\Programs\airlock32.dll (Trojan.Happili.XGen2) -> Quarantined and deleted successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot. C:\ProgramData\F4D55F3B000435DB0020239EB4EB2367\F4D55F3B000435DB0020239EB4EB2367.exe (Trojan.LameShield) -> Quarantined and deleted successfully. C:\Users\Guest\AppData\Local\Temp\1uiu12gug12igi1u2gy3.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Guest\AppData\Local\Temp\p9pl6136666821238371117.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully. C:\Users\Guest\AppData\Local\Temp\is9w3x1o.tmp\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\Josie\AppData\Local\Temp\7B29.tmp (Rootkit.Agent.TDGen) -> Quarantined and deleted successfully. C:\Users\Josie\AppData\Local\Temp\9E0.tmp (Rootkit.Agent.TDGen) -> Quarantined and deleted successfully. C:\Windows\Temp\0.15297246490524197 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\0.2556418533076412 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\0.3888778834265699 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\0.4149886434650487 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\0.6419021974147591 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\0.643013443313085 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\0.823407367132314 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\0.9156652922735191 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\0.9621745873181319 (Trojan.Happili) -> Quarantined and deleted successfully. C:\Windows\Temp\2132447.2777767.tmp (Rogue.Chameleon2012) -> Quarantined and deleted successfully. C:\Windows\Temp\avg-03065239-8705-457e-842b-923fb370c962.tmp (Backdoor.Simda) -> Quarantined and deleted successfully. C:\Windows\Temp\avg-ae9b797b-8512-433d-978c-f63fa10edf7e.tmp (Rogue.FakeAV) -> Quarantined and deleted successfully. C:\Windows\Temp\azjbylsxqumxyzxupazbcciig.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\Temp\cswrxaoenm.exe (Trojan.LameShield) -> Quarantined and deleted successfully. C:\Windows\Temp\GQyywBjoLc5bTx.exe.tmp (Trojan.FakeHDD) -> Quarantined and deleted successfully. C:\Windows\Temp\hlpwcibsys.exe (Trojan.Agent.H) -> Quarantined and deleted successfully. C:\Windows\Temp\JpJwqn6Ozh4pmw.exe.tmp (Rogue.FakeAV) -> Quarantined and deleted successfully. C:\Windows\Temp\k8h00.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully. C:\Windows\Temp\rmgrlgrpydlqbcxtsdchwzytc.exe (Rogue.FakeAV) -> Quarantined and deleted successfully. C:\Windows\Temp\rpsmpvuywjfxyjalgby.exe (Trojan.Agent.H) -> Quarantined and deleted successfully. C:\Windows\Temp\rwmseoxcan.exe (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Temp\xcrsoenmaw.exe (Trojan.Medfos) -> Quarantined and deleted successfully. C:\Windows\Temp\xwmnsecora.exe (Trojan.MSIL) -> Quarantined and deleted successfully. C:\Windows\Temp\nsi341E.tmp\ravhy.dll (Trojan.Happili.XGen2) -> Quarantined and deleted successfully. C:\Windows\Temp\nsi425E.tmp\fptjnmg.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Windows\Temp\nsi425E.tmp\kmzkybj.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Windows\Temp\nsiD898.tmp\lfbegkzq.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Windows\Temp\nsiD898.tmp\sgpeue.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Windows\Temp\nsiEBA8.tmp\wtzvdsv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Windows\Temp\nsiF88E.tmp\vevyhjerp.dll (Trojan.Happili.XGen2) -> Quarantined and deleted successfully. C:\Windows\Temp\nsmC228.tmp\dpvdx.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Windows\Temp\nsmC228.tmp\gvsxqqc.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Windows\Temp\nsp96C5.tmp\airlock32.dll (Trojan.Happili.XGen2) -> Quarantined and deleted successfully. C:\Windows\Temp\nsv6E1F.tmp\rqguerynk.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully. C:\Users\Guest\Local Settings\jsftrrnz.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Guest\Local Settings\Application Data\jsftrrnz.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Installer\{ea95d680-e97b-43c4-4fb8-fc5bd20c2990}\n (Rootkit.0Access) -> Delete on reboot. C:\Windows\Installer\{ea95d680-e97b-43c4-4fb8-fc5bd20c2990}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Guest\AppData\Local\Temp\oiu0.5179853418267742.exe (Exploit.Drop.7) -> Quarantined and deleted successfully. C:\Windows\Temp\0.94150132170848 (Exploit.Drop.9) -> Quarantined and deleted successfully. C:\Windows\Temp\0.8902612215184241 (Exploit.Drop.9) -> Quarantined and deleted successfully. C:\Windows\Temp\0.9478437612742706 (Exploit.Drop.9) -> Quarantined and deleted successfully. C:\Windows\svcs.exe (Trojan.Downloader) -> Delete on reboot. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\CouponAlert_2p\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully. (end)