Solved! Use 8HSKPLAY.EXE (Adware MyWebSearch) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

8HSKPLAY.EXE – Adware MyWebSearch removal

FileMD5Virus Alias
8HSKPLAY.EXE f59ea63eaa060998c359fcbfdbc8c7d7 Adware MyWebSearch
8HSKPLAY.EXE f59ea63eaa060998c359fcbfdbc8c7d7 Trojan Buzus

8HSKPLAY.EXE size: 55880 bytes
8HSKPLAY.EXE hash: F59EA63EAA060998C359FCBFDBC8C7D7

Created files:

%Program Files%\Allin1Convert_8h\bar\1.bin\8hauxstb.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hauxstb64.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hbar.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\8hbprtct.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hbrmon.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\8hbrmon64.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\8hbrstub.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hbrstub64.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hdatact.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hdlghk.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hdlghk64.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hfeedmg.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hhighin.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\8hhkstub.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hhtmlmu.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hhttpct.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hidle.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hieovr.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hmedint.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\8hmlbtn.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hPlugin.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hradio.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hregfft.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hreghk.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hregiet.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hscript.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hskin.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hskplay.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\8hsrchmr.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\8htpinst.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\Allin1Convert_8h\bar\1.bin\CREXT.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe
%Program Files%\Allin1Convert_8h\bar\1.bin\DPNMNGR.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\EXEMANAGER.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\Hpg64.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\NP8hStub.dll
%Program Files%\Allin1Convert_8h\bar\1.bin\T8EPMSUP.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\T8EXTEX.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\T8EXTPEX.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\T8HTML.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\T8RES.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\T8TICKER.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\Allin1Convert_8h\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\Allin1Convert_8h\bar\1.bin\VERIFY.DLL
%Temp%\000068e0T8SETUP.EXE
%Temp%\000068e0T8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Allin1Convert_8hService\Type: 10000000
HKLM\System\CurrentControlSet\Services\Allin1Convert_8hService\Start: 02000000
HKLM\System\CurrentControlSet\Services\Allin1Convert_8hService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Allin1Convert_8hService\DisplayName: Allin1ConvertService
HKLM\System\CurrentControlSet\Services\Allin1Convert_8hService\ImagePath: %Program Files%\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe

Detected by UnHackMe:

8HSKPLAY.EXE
Default location: %PROGRAM FILES%\ALLIN1CONVERT_8H\BAR\1.BIN\8HSKPLAY.EXE

Dropper information:
MD5: fb6dfaa538059c9af9269f7118e8db53
File size: 6072712 bytes

Leave a Reply