Solved! Use NP29STUB.DLL (Adware MyWebSearch) Removal Guide

Adware No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

NP29STUB.DLL – Adware MyWebSearch removal

File MD5 Virus Alias
NP29STUB.DLL 0ff47859becff8bcad2409b369a942a0 Adware MyWebSearch
NP29STUB.DLL 0ff47859becff8bcad2409b369a942a0 Trojan SuspiciousFile
NP29STUB.DLL 0ff47859becff8bcad2409b369a942a0 Trojan Graftor
NP29STUB.DLL 0ff47859becff8bcad2409b369a942a0 Trojan Agent

NP29STUB.DLL size: 48520 bytes
NP29STUB.DLL hash: 0FF47859BECFF8BCAD2409B369A942A0

Created files:

%Program Files%\HeadlineAlley_29\bar\1.bin\29auxstb.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29auxstb64.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29bar.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29barsvc.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\29bprtct.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29brmon.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\29brmon64.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\29brstub.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29brstub64.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29datact.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29dlghk.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29dlghk64.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29feedmg.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29highin.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\29hkstub.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29htmlmu.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29httpct.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29idle.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29ieovr.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29medint.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\29mlbtn.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29Plugin.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29radio.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29regfft.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29reghk.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29regiet.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29script.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29skin.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29skplay.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\29SrcAs.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29SrchMn.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\29srchmr.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\29tpinst.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\HeadlineAlley_29\bar\1.bin\AppIntegrator64.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\HeadlineAlley_29\bar\1.bin\CREXT.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\CrExtP29.exe
%Program Files%\HeadlineAlley_29\bar\1.bin\DPNMNGR.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\EXEMANAGER.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\Hpg64.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\NP29Stub.dll
%Program Files%\HeadlineAlley_29\bar\1.bin\T8EPMSUP.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\T8EXTEX.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\T8EXTPEX.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\T8HTML.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\T8RES.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\T8TICKER.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\HeadlineAlley_29\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\HeadlineAlley_29\bar\1.bin\VERIFY.DLL
%Temp%\00002d78T8SETUP.EXE
%Temp%\00002d78T8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\HeadlineAlley_29Service\Type: 10000000
HKLM\System\CurrentControlSet\Services\HeadlineAlley_29Service\Start: 02000000
HKLM\System\CurrentControlSet\Services\HeadlineAlley_29Service\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\HeadlineAlley_29Service\DisplayName: HeadlineAlleyService
HKLM\System\CurrentControlSet\Services\HeadlineAlley_29Service\ImagePath: %Program Files%\HeadlineAlley_29\bar\1.bin\29barsvc.exe

Detected by UnHackMe:

NP29STUB.DLL
Default location: %PROGRAM FILES%\HEADLINEALLEY_29\BAR\1.BIN\NP29STUB.DLL

Dropper information:
MD5: 1638a8ecb90b67185b94c1f4d5dd78a7
File size: 6072712 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images