Solved! Use 2PHIGHIN.EXE (Adware MyWebSearch) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

2PHIGHIN.EXE – Adware MyWebSearch removal

FileMD5Virus Alias
2PHIGHIN.EXE aa82a2d20c3525f0b850ec67dab2a448 Adware MyWebSearch

2PHIGHIN.EXE size: 12872 bytes
2PHIGHIN.EXE hash: AA82A2D20C3525F0B850EC67DAB2A448

Created files:

%Program Files%\CouponAlert_2p\bar\1.bin\2pauxstb.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pauxstb64.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pbar.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
%Program Files%\CouponAlert_2p\bar\1.bin\2pbprtct.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pbrmon.exe
%Program Files%\CouponAlert_2p\bar\1.bin\2pbrmon64.exe
%Program Files%\CouponAlert_2p\bar\1.bin\2pbrstub.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pbrstub64.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pdatact.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pdlghk.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pdlghk64.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pfeedmg.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2phighin.exe
%Program Files%\CouponAlert_2p\bar\1.bin\2phkstub.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2phtmlmu.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2phttpct.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pidle.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pieovr.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pmedint.exe
%Program Files%\CouponAlert_2p\bar\1.bin\2pmlbtn.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pPlugin.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pradio.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pregfft.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2preghk.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pregiet.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pscript.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pskin.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pskplay.exe
%Program Files%\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2pSrchMn.exe
%Program Files%\CouponAlert_2p\bar\1.bin\2psrchmr.dll
%Program Files%\CouponAlert_2p\bar\1.bin\2ptpinst.dll
%Program Files%\CouponAlert_2p\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\CouponAlert_2p\bar\1.bin\AppIntegrator64.exe
%Program Files%\CouponAlert_2p\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\CouponAlert_2p\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\CouponAlert_2p\bar\1.bin\CREXT.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\CrExtP2p.exe
%Program Files%\CouponAlert_2p\bar\1.bin\DPNMNGR.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\EXEMANAGER.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\CouponAlert_2p\bar\1.bin\Hpg64.dll
%Program Files%\CouponAlert_2p\bar\1.bin\NP2pStub.dll
%Program Files%\CouponAlert_2p\bar\1.bin\T8EPMSUP.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\T8EXTEX.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\T8EXTPEX.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\T8HTML.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\T8RES.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\T8TICKER.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\CouponAlert_2p\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\CouponAlert_2p\bar\1.bin\VERIFY.DLL
%Temp%\000000d4T8SETUP.EXE
%Temp%\000000d4T8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\CouponAlert_2pService\Type: 10000000
HKLM\System\CurrentControlSet\Services\CouponAlert_2pService\Start: 02000000
HKLM\System\CurrentControlSet\Services\CouponAlert_2pService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\CouponAlert_2pService\DisplayName: Coupon AlertService
HKLM\System\CurrentControlSet\Services\CouponAlert_2pService\ImagePath: %Program Files%\CouponAlert_2p\bar\1.bin\2pbarsvc.exe

Detected by UnHackMe:

2PHIGHIN.EXE
Default location: %PROGRAM FILES%\COUPONALERT_2P\BAR\1.BIN\2PHIGHIN.EXE

Dropper information:
MD5: 0896c15d55d56f14e6277f63bc566e71
File size: 6072704 bytes

Leave a Reply