Solved! Use U4HIGHIN.EXE (Adware MyWebSearch) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

U4HIGHIN.EXE – Adware MyWebSearch removal

FileMD5Virus Alias
U4HIGHIN.EXE aa82a2d20c3525f0b850ec67dab2a448 Adware MyWebSearch

U4HIGHIN.EXE size: 12872 bytes
U4HIGHIN.EXE hash: AA82A2D20C3525F0B850EC67DAB2A448

Created files:

%Program Files%\Guffins\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\Guffins\bar\1.bin\AppIntegrator64.exe
%Program Files%\Guffins\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\Guffins\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\Guffins\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\Guffins\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\Guffins\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\Guffins\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\Guffins\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\Guffins\bar\1.bin\CREXT.DLL
%Program Files%\Guffins\bar\1.bin\CrExtPu4.exe
%Program Files%\Guffins\bar\1.bin\DPNMNGR.DLL
%Program Files%\Guffins\bar\1.bin\EXEMANAGER.DLL
%Program Files%\Guffins\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\Guffins\bar\1.bin\Hpg64.dll
%Program Files%\Guffins\bar\1.bin\NPu4Stub.dll
%Program Files%\Guffins\bar\1.bin\T8EPMSUP.DLL
%Program Files%\Guffins\bar\1.bin\T8EXTEX.DLL
%Program Files%\Guffins\bar\1.bin\T8EXTPEX.DLL
%Program Files%\Guffins\bar\1.bin\T8HTML.DLL
%Program Files%\Guffins\bar\1.bin\T8RES.DLL
%Program Files%\Guffins\bar\1.bin\T8TICKER.DLL
%Program Files%\Guffins\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\Guffins\bar\1.bin\u4auxstb.dll
%Program Files%\Guffins\bar\1.bin\u4auxstb64.dll
%Program Files%\Guffins\bar\1.bin\u4bar.dll
%Program Files%\Guffins\bar\1.bin\u4barsvc.exe
%Program Files%\Guffins\bar\1.bin\u4bprtct.dll
%Program Files%\Guffins\bar\1.bin\u4brmon.exe
%Program Files%\Guffins\bar\1.bin\u4brmon64.exe
%Program Files%\Guffins\bar\1.bin\u4brstub.dll
%Program Files%\Guffins\bar\1.bin\u4brstub64.dll
%Program Files%\Guffins\bar\1.bin\u4datact.dll
%Program Files%\Guffins\bar\1.bin\u4dlghk.dll
%Program Files%\Guffins\bar\1.bin\u4dlghk64.dll
%Program Files%\Guffins\bar\1.bin\u4feedmg.dll
%Program Files%\Guffins\bar\1.bin\u4highin.exe
%Program Files%\Guffins\bar\1.bin\u4hkstub.dll
%Program Files%\Guffins\bar\1.bin\u4htmlmu.dll
%Program Files%\Guffins\bar\1.bin\u4httpct.dll
%Program Files%\Guffins\bar\1.bin\u4idle.dll
%Program Files%\Guffins\bar\1.bin\u4ieovr.dll
%Program Files%\Guffins\bar\1.bin\u4medint.exe
%Program Files%\Guffins\bar\1.bin\u4mlbtn.dll
%Program Files%\Guffins\bar\1.bin\u4Plugin.dll
%Program Files%\Guffins\bar\1.bin\u4radio.dll
%Program Files%\Guffins\bar\1.bin\u4regfft.dll
%Program Files%\Guffins\bar\1.bin\u4reghk.dll
%Program Files%\Guffins\bar\1.bin\u4regiet.dll
%Program Files%\Guffins\bar\1.bin\u4script.dll
%Program Files%\Guffins\bar\1.bin\u4skin.dll
%Program Files%\Guffins\bar\1.bin\u4skplay.exe
%Program Files%\Guffins\bar\1.bin\u4SrcAs.dll
%Program Files%\Guffins\bar\1.bin\u4SrchMn.exe
%Program Files%\Guffins\bar\1.bin\u4srchmr.dll
%Program Files%\Guffins\bar\1.bin\u4tpinst.dll
%Program Files%\Guffins\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\Guffins\bar\1.bin\VERIFY.DLL
%Temp%\00003c50T8SETUP.EXE
%Temp%\00003c50T8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\GuffinsService\Type: 10000000
HKLM\System\CurrentControlSet\Services\GuffinsService\Start: 02000000
HKLM\System\CurrentControlSet\Services\GuffinsService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\GuffinsService\DisplayName: GuffinsService
HKLM\System\CurrentControlSet\Services\GuffinsService\ImagePath: %Program Files%\Guffins\bar\1.bin\u4barsvc.exe

Detected by UnHackMe:

U4HIGHIN.EXE
Default location: %PROGRAM FILES%\GUFFINS\BAR\1.BIN\U4HIGHIN.EXE

Dropper information:
MD5: 1b5ca9dd2439e0619dfcfaae0d38bd94
File size: 6072696 bytes

Leave a Reply