5MSKPLAY.EXE – Adware MyWebSearch removal

5MSKPLAY.EXE size: 55880 bytes
5MSKPLAY.EXE hash: F59EA63EAA060998C359FCBFDBC8C7D7

Created files:

%Program Files%\MyFunCards_5m\bar\1.bin\5mauxstb.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mauxstb64.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mbar.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mbarsvc.exe
%Program Files%\MyFunCards_5m\bar\1.bin\5mbprtct.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mbrmon.exe
%Program Files%\MyFunCards_5m\bar\1.bin\5mbrmon64.exe
%Program Files%\MyFunCards_5m\bar\1.bin\5mbrstub.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mbrstub64.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mdatact.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mdlghk.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mdlghk64.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mfeedmg.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mhighin.exe
%Program Files%\MyFunCards_5m\bar\1.bin\5mhkstub.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mhtmlmu.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mhttpct.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5midle.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mieovr.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mmedint.exe
%Program Files%\MyFunCards_5m\bar\1.bin\5mmlbtn.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mPlugin.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mradio.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mregfft.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mreghk.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mregiet.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mscript.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mskin.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mskplay.exe
%Program Files%\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mSrchMn.exe
%Program Files%\MyFunCards_5m\bar\1.bin\5msrchmr.dll
%Program Files%\MyFunCards_5m\bar\1.bin\5mtpinst.dll
%Program Files%\MyFunCards_5m\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\MyFunCards_5m\bar\1.bin\AppIntegrator64.exe
%Program Files%\MyFunCards_5m\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\MyFunCards_5m\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\MyFunCards_5m\bar\1.bin\CREXT.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\CrExtP5m.exe
%Program Files%\MyFunCards_5m\bar\1.bin\DPNMNGR.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\EXEMANAGER.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\MyFunCards_5m\bar\1.bin\Hpg64.dll
%Program Files%\MyFunCards_5m\bar\1.bin\NP5mStub.dll
%Program Files%\MyFunCards_5m\bar\1.bin\T8EPMSUP.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\T8EXTEX.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\T8EXTPEX.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\T8HTML.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\T8RES.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\T8TICKER.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\MyFunCards_5m\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\MyFunCards_5m\bar\1.bin\VERIFY.DLL
%Temp%\00003820T8SETUP.EXE
%Temp%\00003820T8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\MyFunCards_5mService\Type: 10000000
HKLM\System\CurrentControlSet\Services\MyFunCards_5mService\Start: 02000000
HKLM\System\CurrentControlSet\Services\MyFunCards_5mService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\MyFunCards_5mService\DisplayName: MyFunCardsService
HKLM\System\CurrentControlSet\Services\MyFunCards_5mService\ImagePath: %Program Files%\MyFunCards_5m\bar\1.bin\5mbarsvc.exe

Detected by UnHackMe:

5MSKPLAY.EXE
Default location: %PROGRAM FILES%\MYFUNCARDS_5M\BAR\1.BIN\5MSKPLAY.EXE

Dropper information:
MD5: 8d31091d581c22127b97c1c9bb99a7b3
File size: 6072704 bytes