Jump to content

Over 240 viruses - Help?

just4ubaby30
 Share

Recommended Posts

just4ubaby30

just4ubaby30

Posted
Posted

My family was recently in a move, and our computer had been fine until we arrived in our new house. Suddenly my AVG was missing and other files were gone. I tried setting up my new printer and fax machine for my home business, and every time I logged back onto the computer, my newly installed software was gone. My daughter installed MBAM onto the computer and when she performed a quick scan, she found 248 viruses, and we're still finding more with each scan. MBAM had her restart the computer, and when we logged back on, MBAM was gone too. We can't even open Internet Explorer without getting notified of threats, and my computer now has "PC Performer" and "Babylon Toolbar" which won't uninstall. Please help? Here's one of the logs from MBAM.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Josie :: DOMINGUEZ [administrator]

Protection: Enabled

7/20/2012 4:46:18 PM

mbam-log-2012-07-20 (16-46-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 312816

Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 4

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> 6732 -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> 12460 -> No action taken.

C:\Windows\svchost.exe (Trojan.Agent) -> 816 -> Delete on reboot.

C:\Windows\svcs.exe (Trojan.Downloader) -> 2700 -> Delete on reboot.

Memory Modules Detected: 9

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll (PUP.MyWebSearch) -> No action taken.

C:\Windows\System32\FastUserSwitchingCompatibilityex.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot.

C:\Windows\Temp\lupeci.dll (Trojan.Downloader) -> Delete on reboot.

C:\Windows\Temp\qendsr.dll (Trojan.Medfos) -> Delete on reboot.

Registry Keys Detected: 100

HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{60fc9013-4a5a-4306-9695-fce0a6617f22} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.SettingsPlugin (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743} (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.Radio.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.Radio (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.RadioSettings.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.RadioSettings (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.DynamicBarButton (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.DynamicBarButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.FeedManager (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.FeedManager.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.HTMLMenu (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.HTMLPanel (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.MultipleButton (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.ScriptButton (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.ScriptButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.UrlAlertButton (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.XMLSessionPlugin (PUP.MyWebSearch) -> No action taken.

HKCR\CouponAlert_2p.XMLSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{411b1946-3277-4a7f-9f60-745266360613} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{ebaf2b4f-510a-47c7-86ba-e7d94d1162f6} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{86d02bcf-0e0e-444f-8a8d-2d5c4a9e6578} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{20bcce5a-c687-46ff-8dd2-ad8235f5f2b4} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{a4116f8c-a634-4536-b9ef-6b9ebcc5bae1} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{457a4cb8-0391-409d-98b4-c4ccb2849670} (PUP.MyWebSearch) -> No action taken.

HKCR\TypeLib\{7924fd2b-877c-4395-a063-a88ab887ea6d} (PUP.MyWebSearch) -> No action taken.

HKCR\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{def07acd-bcea-4269-933a-4087d20842bb} (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKCR\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.

HKCR\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.

HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.

HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKCR\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{8542e415-0e53-4261-8be4-0d1598229d90} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{ebbc4e43-292a-40df-88e3-3262b7521460} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\TypeLib\{53ca18e7-5223-4358-9fd9-97c62c66c5bd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCR\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 20

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponAlert_2p Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: CÃb4¾CA¯pÎûVôoÆ -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Data: -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> No action taken.

HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Data: -> No action taken.

HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Cleaman) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Cleaman) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\Microsoft\wtzvdsv.dll",DllRegisterServer -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\Microsoft\wtzvdsv.dll",DllRegisterServer -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VerCheck (Adware.SanctionedMedia) -> Data: "C:\Windows\system32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe" -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Google\rqguerynk.dll",DllRegisterServer -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|afcdbffceffbdct (Rootkit.TDSS) -> Data: "C:\ProgramData\afcdbffceffbdct.exe" -> Quarantined and deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Programs (Trojan.Happili.XGen2) -> Data: rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Programs\airlock32.dll",DllRegisterServer -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\Windows\svcs.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 7

C:\Program Files (x86)\CouponAlert_2p (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 104

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll (PUP.MyWebSearch) -> No action taken.

C:\Users\Guest\AppData\Local\Temp\e65y4191.tmp\VeohWebPlayerSetup_us.exe (PUP.BundleInstaller.IB) -> No action taken.

C:\Users\Josie\AppData\Local\Temp\Dealio.exe (PUP.Dealio.TB) -> No action taken.

C:\Windows\Temp\DealioToolbar.exe (PUP.Dealio.TB) -> No action taken.

C:\Users\Josie\Downloads\CouponAlert.exe (PUP.FunWebProducts) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtml.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll (PUP.MyWebSearch) -> No action taken.

C:\Windows\System32\FastUserSwitchingCompatibilityex.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (Trojan.Proxy) -> Delete on reboot.

C:\Windows\Temp\lupeci.dll (Trojan.Downloader) -> Delete on reboot.

C:\Windows\Temp\qendsr.dll (Trojan.Medfos) -> Delete on reboot.

C:\Windows\System32\config\systemprofile\AppData\Local\dplaysvr.exe (Trojan.Cleaman) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\MSoft\Microsoft\wtzvdsv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\MSoft\VerCheck\VerCheck.exe (Adware.SanctionedMedia) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Google\rqguerynk.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\ProgramData\afcdbffceffbdct.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\SanctionedMedia\Programs\airlock32.dll (Trojan.Happili.XGen2) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

C:\ProgramData\F4D55F3B000435DB0020239EB4EB2367\F4D55F3B000435DB0020239EB4EB2367.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

C:\Users\Guest\AppData\Local\Temp\1uiu12gug12igi1u2gy3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Guest\AppData\Local\Temp\p9pl6136666821238371117.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.

C:\Users\Guest\AppData\Local\Temp\is9w3x1o.tmp\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Users\Josie\AppData\Local\Temp\7B29.tmp (Rootkit.Agent.TDGen) -> Quarantined and deleted successfully.

C:\Users\Josie\AppData\Local\Temp\9E0.tmp (Rootkit.Agent.TDGen) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.15297246490524197 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.2556418533076412 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.3888778834265699 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.4149886434650487 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.6419021974147591 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.643013443313085 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.823407367132314 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.9156652922735191 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.9621745873181319 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Windows\Temp\2132447.2777767.tmp (Rogue.Chameleon2012) -> Quarantined and deleted successfully.

C:\Windows\Temp\avg-03065239-8705-457e-842b-923fb370c962.tmp (Backdoor.Simda) -> Quarantined and deleted successfully.

C:\Windows\Temp\avg-ae9b797b-8512-433d-978c-f63fa10edf7e.tmp (Rogue.FakeAV) -> Quarantined and deleted successfully.

C:\Windows\Temp\azjbylsxqumxyzxupazbcciig.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\Temp\cswrxaoenm.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

C:\Windows\Temp\GQyywBjoLc5bTx.exe.tmp (Trojan.FakeHDD) -> Quarantined and deleted successfully.

C:\Windows\Temp\hlpwcibsys.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.

C:\Windows\Temp\JpJwqn6Ozh4pmw.exe.tmp (Rogue.FakeAV) -> Quarantined and deleted successfully.

C:\Windows\Temp\k8h00.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.

C:\Windows\Temp\rmgrlgrpydlqbcxtsdchwzytc.exe (Rogue.FakeAV) -> Quarantined and deleted successfully.

C:\Windows\Temp\rpsmpvuywjfxyjalgby.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.

C:\Windows\Temp\rwmseoxcan.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Temp\xcrsoenmaw.exe (Trojan.Medfos) -> Quarantined and deleted successfully.

C:\Windows\Temp\xwmnsecora.exe (Trojan.MSIL) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsi341E.tmp\ravhy.dll (Trojan.Happili.XGen2) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsi425E.tmp\fptjnmg.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsi425E.tmp\kmzkybj.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsiD898.tmp\lfbegkzq.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsiD898.tmp\sgpeue.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsiEBA8.tmp\wtzvdsv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsiF88E.tmp\vevyhjerp.dll (Trojan.Happili.XGen2) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsmC228.tmp\dpvdx.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsmC228.tmp\gvsxqqc.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsp96C5.tmp\airlock32.dll (Trojan.Happili.XGen2) -> Quarantined and deleted successfully.

C:\Windows\Temp\nsv6E1F.tmp\rqguerynk.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Users\Guest\Local Settings\jsftrrnz.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Guest\Local Settings\Application Data\jsftrrnz.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\Installer\{ea95d680-e97b-43c4-4fb8-fc5bd20c2990}\n (Rootkit.0Access) -> Delete on reboot.

C:\Windows\Installer\{ea95d680-e97b-43c4-4fb8-fc5bd20c2990}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

C:\Users\Guest\AppData\Local\Temp\oiu0.5179853418267742.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.94150132170848 (Exploit.Drop.9) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.8902612215184241 (Exploit.Drop.9) -> Quarantined and deleted successfully.

C:\Windows\Temp\0.9478437612742706 (Exploit.Drop.9) -> Quarantined and deleted successfully.

C:\Windows\svcs.exe (Trojan.Downloader) -> Delete on reboot.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\CouponAlert_2p\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello,

There is a rookit + one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

You've lost me on the "new tower". Do you intend to abandon this system?

On the passwords, I am saying it needs to be done using a "clean pc" ....not this one.

And that is a minimum that you need to do.

The other is to have your bank and CC companies put your accounts on a fraud alert watch (if you did any online banking or shopping online with credit or debit cards)

Tell me what you have decided about "this" system.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.