Solved! Use TPIMANAGERCONSOLE.EXE (Adware MyWebSearch) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

TPIMANAGERCONSOLE.EXE – Adware MyWebSearch removal

File MD5 Virus Alias
TPIMANAGERCONSOLE.EXE 35737dbf1519b3b3622ea9be64a7a828 Adware MyWebSearch
TPIMANAGERCONSOLE.EXE 35737dbf1519b3b3622ea9be64a7a828 Trojan SuspiciousFile

TPIMANAGERCONSOLE.EXE size: 78216 bytes
TPIMANAGERCONSOLE.EXE hash: 35737DBF1519B3B3622EA9BE64A7A828

Created files:

%Program Files%\HowToSimplified_8e\bar\1.bin\8eauxstb.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eauxstb64.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ebar.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ebarsvc.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\8ebprtct.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ebrmon.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\8ebrmon64.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\8ebrstub.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ebrstub64.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8edatact.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8edlghk.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8edlghk64.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8efeedmg.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ehighin.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\8ehkstub.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ehtmlmu.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ehttpct.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eidle.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eieovr.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8emedint.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\8emlbtn.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ePlugin.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eradio.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eregfft.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8ereghk.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eregiet.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8escript.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eskin.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eskplay.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\8eSrcAs.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8eSrchMn.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\8esrchmr.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\8etpinst.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\HowToSimplified_8e\bar\1.bin\AppIntegrator64.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\HowToSimplified_8e\bar\1.bin\CREXT.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\CrExtP8e.exe
%Program Files%\HowToSimplified_8e\bar\1.bin\DPNMNGR.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\EXEMANAGER.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\Hpg64.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\NP8eStub.dll
%Program Files%\HowToSimplified_8e\bar\1.bin\T8EPMSUP.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\T8EXTEX.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\T8EXTPEX.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\T8HTML.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\T8RES.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\T8TICKER.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\HowToSimplified_8e\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\HowToSimplified_8e\bar\1.bin\VERIFY.DLL
%Temp%\00005f28T8SETUP.EXE
%Temp%\00005f28T8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\HowToSimplified_8eService\Type: 10000000
HKLM\System\CurrentControlSet\Services\HowToSimplified_8eService\Start: 02000000
HKLM\System\CurrentControlSet\Services\HowToSimplified_8eService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\HowToSimplified_8eService\DisplayName: HowToSimplifiedService
HKLM\System\CurrentControlSet\Services\HowToSimplified_8eService\ImagePath: %Program Files%\HowToSimplified_8e\bar\1.bin\8ebarsvc.exe

Detected by UnHackMe:

TPIMANAGERCONSOLE.EXE
Default location: %PROGRAM FILES%\HOWTOSIMPLIFIED_8E\BAR\1.BIN\TPIMANAGERCONSOLE.EXE

Dropper information:
MD5: 3eb59ae0e8cb6a57f2c49556257bd9cd
File size: 6056328 bytes

Leave a Reply