Solved! Use HPG64.DLL (Adware MyWebSearch) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

HPG64.DLL – Adware MyWebSearch removal

FileMD5Virus Alias
HPG64.DLL 629badd33fbba164acff36bc5a932460 Adware MyWebSearch

HPG64.DLL size: 438856 bytes
HPG64.DLL hash: 629BADD33FBBA164ACFF36BC5A932460

Created files:

%Program Files%\PopularScreensavers_7i\bar\1.bin\7iauxstb.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iauxstb64.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ibar.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ibprtct.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ibrmon64.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ibrstub.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ibrstub64.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7idatact.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7idlghk.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7idlghk64.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ifeedmg.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ihighin.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ihkstub.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ihtmlmu.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ihttpct.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iidle.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iieovr.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7imedint.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\7imlbtn.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iPlugin.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iradio.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iregfft.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7ireghk.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iregiet.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iscript.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iskin.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iskplay.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iSrcAs.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7iSrchMn.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\7isrchmr.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\7itpinst.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\APPINTEGRATOR.EXE
%Program Files%\PopularScreensavers_7i\bar\1.bin\AppIntegrator64.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\APPINTEGRATORSTUB.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\AppIntegratorStub64.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\ASSISTMONITOR.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\ASSISTMONITOR64.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
%Program Files%\PopularScreensavers_7i\bar\1.bin\CREXT.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\CrExtP7i.exe
%Program Files%\PopularScreensavers_7i\bar\1.bin\DPNMNGR.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\EXEMANAGER.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\FF-NativeMessagingDispatcher.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\Hpg64.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll
%Program Files%\PopularScreensavers_7i\bar\1.bin\T8EPMSUP.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\T8EXTEX.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\T8EXTPEX.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\T8HTML.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\T8RES.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\T8TICKER.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\TPIMANAGERCONSOLE.EXE
%Program Files%\PopularScreensavers_7i\bar\1.bin\UNIFIEDLOGGING.DLL
%Program Files%\PopularScreensavers_7i\bar\1.bin\VERIFY.DLL
%Temp%\00004424T8SETUP.EXE
%Temp%\00004424T8SETUP.EX_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\PopularScreensavers_7iService\Type: 10000000
HKLM\System\CurrentControlSet\Services\PopularScreensavers_7iService\Start: 02000000
HKLM\System\CurrentControlSet\Services\PopularScreensavers_7iService\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\PopularScreensavers_7iService\DisplayName: PopularScreensaversService
HKLM\System\CurrentControlSet\Services\PopularScreensavers_7iService\ImagePath: %Program Files%\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe

Detected by UnHackMe:

HPG64.DLL
Default location: %PROGRAM FILES%\POPULARSCREENSAVERS_7I\BAR\1.BIN\HPG64.DLL

Dropper information:
MD5: 2a9699b44eced88ed2948eea6753f9dd
File size: 6072720 bytes

Leave a Reply