Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Guffins Search Scope Monitor' = '"%PROGRAM_FILES%\Guffins\bar\1.bin\u4srchmn.exe" /m=2 /w /h'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Guffins Browser Plugin Loader' = '%PROGRAM_FILES%\Guffins\bar\1.bin\u4brmon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Guffins' = 'rundll32 %PROGRAM_FILES%\Guffins\bar\1.bin\u4bar.dll,S'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Guffins Home Page Guard 32 bit' = '"%PROGRAM_FILES%\Guffins\bar\1.bin\AppIntegrator.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\GuffinsService] 'Start' = '00000002'
- '%PROGRAM_FILES%\Guffins\bar\1.bin\u4SrchMn.exe' /m=2 /w /h /r
- '%PROGRAM_FILES%\Guffins\bar\1.bin\u4brmon.exe'
- '%PROGRAM_FILES%\Guffins\bar\1.bin\u4highin.exe' u4tpinst.dll,#5
- '%PROGRAM_FILES%\Guffins\bar\1.bin\u4barsvc.exe' -remove
- '%PROGRAM_FILES%\Guffins\bar\1.bin\u4barsvc.exe' -install
- '%PROGRAM_FILES%\Guffins\bar\1.bin\u4barsvc.exe'
- '<SYSTEM32>\ntvdm.exe' -f -i3
- '<SYSTEM32>\ntvdm.exe' -f -i2
- '<SYSTEM32>\ntvdm.exe' -f -i1
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4mlbtn.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4Plugin.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4ieovr.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4medint.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4reghk.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4regiet.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4radio.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4regfft.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4idle.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4feedmg.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4highin.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8EXTEX.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8EXTPEX.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4htmlmu.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4httpct.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4hkstub.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8HTML.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4script.dll
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs3.tmp
- %PROGRAM_FILES%\Guffins\bar\1.bin\VERIFY.DLL
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs6.tmp
- %PROGRAM_FILES%\Guffins\bar\Settings\s_pid.dat
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs5.tmp
- %PROGRAM_FILES%\Guffins\bar\1.bin\UNIFIEDLOGGING.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4SrcAs.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4SrchMn.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4skin.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4skplay.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4tpinst.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\TPIMANAGERCONSOLE.EXE
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4srchmr.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8TICKER.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\ASSISTMONITOR.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\ASSISTMONITOR64.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\APPINTEGRATORSTUB.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\AppIntegratorStub64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\CREXT.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\CrExtPu4.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\BOOTSTRAP.JS
- %PROGRAM_FILES%\Guffins\bar\1.bin\CHROME.MANIFEST
- %PROGRAM_FILES%\Guffins\bar\1.bin\AppIntegrator64.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8RES.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4barsvc.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8EPMSUP.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML
- %PROGRAM_FILES%\Guffins\bar\1.bin\APPINTEGRATOR.EXE
- %PROGRAM_FILES%\Guffins\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
- %PROGRAM_FILES%\Guffins\bar\1.bin\DPNMNGR.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4brmon64.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4brstub.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4bprtct.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4brmon.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4dlghk.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4dlghk64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4brstub64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4datact.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4bar.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\Hpg64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\INSTALL.RDF
- %PROGRAM_FILES%\Guffins\bar\1.bin\EXEMANAGER.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\FF-NativeMessagingDispatcher.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4auxstb.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4auxstb64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\LOGO.BMP
- %PROGRAM_FILES%\Guffins\bar\1.bin\NPu4Stub.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4Plugin.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4radio.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4medint.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4mlbtn.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4regiet.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4script.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4regfft.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4reghk.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4ieovr.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4highin.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4hkstub.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8EXTPEX.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4feedmg.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4httpct.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4idle.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8HTML.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4htmlmu.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
- %PROGRAM_FILES%\Guffins\bar\1.bin\VERIFY.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8EPMSUP.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8RES.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4barsvc.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\UNIFIEDLOGGING.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4SrcAs.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4SrchMn.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4skin.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4skplay.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4tpinst.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\TPIMANAGERCONSOLE.EXE
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4srchmr.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8TICKER.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\T8EXTEX.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\ASSISTMONITOR64.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\BOOTSTRAP.JS
- %PROGRAM_FILES%\Guffins\bar\1.bin\AppIntegratorStub64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\ASSISTMONITOR.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\CrExtPu4.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\DPNMNGR.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\CHROME.MANIFEST
- %PROGRAM_FILES%\Guffins\bar\1.bin\CREXT.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\APPINTEGRATORSTUB.DLL
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %PROGRAM_FILES%\Guffins\bar\1.bin\APPINTEGRATOR.EXE
- %PROGRAM_FILES%\Guffins\bar\1.bin\AppIntegrator64.exe
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs6.tmp
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4brmon64.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4brstub.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4bprtct.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4brmon.exe
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4dlghk.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4dlghk64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4brstub64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4datact.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4bar.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\Hpg64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\INSTALL.RDF
- %PROGRAM_FILES%\Guffins\bar\1.bin\EXEMANAGER.DLL
- %PROGRAM_FILES%\Guffins\bar\1.bin\FF-NativeMessagingDispatcher.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4auxstb.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\u4auxstb64.dll
- %PROGRAM_FILES%\Guffins\bar\1.bin\LOGO.BMP
- %PROGRAM_FILES%\Guffins\bar\1.bin\NPu4Stub.dll
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-ba4.ba8.3a0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b68.b6c.390001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b4c.b50.380001'