NPU4STUB.DLL – Adware MyWebSearch removal

NPU4STUB.DLL size: 48504 bytes
NPU4STUB.DLL hash: B1E74EEDCC9874C4191F361E0C9E37B0

Created files:

%Program Files%\Guffins\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\Guffins\bar\1.bin\AppIntegrator64.exe
%Program Files%\Guffins\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\Guffins\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\Guffins\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\Guffins\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\Guffins\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\Guffins\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\Guffins\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\Guffins\bar\1.bin\CREXT.DLL
%Program Files%\Guffins\bar\1.bin\CrExtPu4.exe
%Program Files%\Guffins\bar\1.bin\DPNMNGR.DLL
%Program Files%\Guffins\bar\1.bin\EXEMANAGER.DLL
%Program Files%\Guffins\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\Guffins\bar\1.bin\Hpg64.dll
%Program Files%\Guffins\bar\1.bin\NPu4Stub.dll
%Program Files%\Guffins\bar\1.bin\T8EPMSUP.DLL
%Program Files%\Guffins\bar\1.bin\T8EXTEX.DLL
%Program Files%\Guffins\bar\1.bin\T8EXTPEX.DLL
%Program Files%\Guffins\bar\1.bin\T8HTML.DLL
%Program Files%\Guffins\bar\1.bin\T8RES.DLL
%Program Files%\Guffins\bar\1.bin\T8TICKER.DLL
%Program Files%\Guffins\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\Guffins\bar\1.bin\u4auxstb.dll
%Program Files%\Guffins\bar\1.bin\u4auxstb64.dll
%Program Files%\Guffins\bar\1.bin\u4bar.dll
%Program Files%\Guffins\bar\1.bin\u4barsvc.exe
%Program Files%\Guffins\bar\1.bin\u4bprtct.dll
%Program Files%\Guffins\bar\1.bin\u4brmon.exe
%Program Files%\Guffins\bar\1.bin\u4brmon64.exe
%Program Files%\Guffins\bar\1.bin\u4brstub.dll
%Program Files%\Guffins\bar\1.bin\u4brstub64.dll
%Program Files%\Guffins\bar\1.bin\u4datact.dll
%Program Files%\Guffins\bar\1.bin\u4dlghk.dll
%Program Files%\Guffins\bar\1.bin\u4dlghk64.dll
%Program Files%\Guffins\bar\1.bin\u4feedmg.dll
%Program Files%\Guffins\bar\1.bin\u4highin.exe
%Program Files%\Guffins\bar\1.bin\u4hkstub.dll
%Program Files%\Guffins\bar\1.bin\u4htmlmu.dll
%Program Files%\Guffins\bar\1.bin\u4httpct.dll
%Program Files%\Guffins\bar\1.bin\u4idle.dll
%Program Files%\Guffins\bar\1.bin\u4ieovr.dll
%Program Files%\Guffins\bar\1.bin\u4medint.exe
%Program Files%\Guffins\bar\1.bin\u4mlbtn.dll
%Program Files%\Guffins\bar\1.bin\u4Plugin.dll
%Program Files%\Guffins\bar\1.bin\u4radio.dll
%Program Files%\Guffins\bar\1.bin\u4regfft.dll
%Program Files%\Guffins\bar\1.bin\u4reghk.dll
%Program Files%\Guffins\bar\1.bin\u4regiet.dll
%Program Files%\Guffins\bar\1.bin\u4script.dll
%Program Files%\Guffins\bar\1.bin\u4skin.dll
%Program Files%\Guffins\bar\1.bin\u4skplay.exe
%Program Files%\Guffins\bar\1.bin\u4SrcAs.dll
%Program Files%\Guffins\bar\1.bin\u4SrchMn.exe
%Program Files%\Guffins\bar\1.bin\u4srchmr.dll
%Program Files%\Guffins\bar\1.bin\u4tpinst.dll
%Program Files%\Guffins\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\Guffins\bar\1.bin\VERIFY.DLL
%Temp%\00003c50T8SETUP.EXE
%Temp%\00003c50T8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\GuffinsService\Type: 10000000
HKLM\System\CurrentControlSet\Services\GuffinsService\Start: 02000000
HKLM\System\CurrentControlSet\Services\GuffinsService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\GuffinsService\DisplayName: GuffinsService
HKLM\System\CurrentControlSet\Services\GuffinsService\ImagePath: %Program Files%\Guffins\bar\1.bin\u4barsvc.exe

Detected by UnHackMe:

NPU4STUB.DLL
Default location: %PROGRAM FILES%\GUFFINS\BAR\1.BIN\NPU4STUB.DLL

Dropper information:
MD5: 1b5ca9dd2439e0619dfcfaae0d38bd94
File size: 6072696 bytes