Conduit Search/Toolbar

Conduit Search/Toolbar Description

Conduit Search Image 1Search.conduit.com is an online search engine which is usually accessed through a toolbar for your web browser. This website and toolbar are the work of the Conduit software. There have been various reports that the Search.conduit.com toolbar makes unauthorized changes to your web browser and that, when it comes time to remove this Browser Helper Object, the lack of a legitimate uninstaller causes several problems on the computer on which Search.conduit.com is installed.

Problems Associated with the Search.conduit.com Website and Toolbar

Affected computer users have reported that the Search.conduit.com toolbar causes browser redirects, forcing the affected user to visit the Search.conduit.com web page. Affected users have also found that Conduit's toolbar makes unauthorized changes to their web browser settings, such as changing the browser's homepage or its default search engine toolbar. ESG security researchers strongly recommend that users take extra care when installing browser toolbars. These kinds of applications tend to set off red flags when it comes to computer security since browser toolbar are common delivery vehicles for various kinds of malware. There are varieties of browser toolbars that are really adware, spyware or browser hijackers. Hackers take advantage of security vulnerabilities associated with BHOs (Browser Helper Objects) in order to infect their victims with malware. Toolbars that are advertised as helpful are also a practical way for criminals to take advantage of computer users, which are not very experienced in computer security.

Removing the Search.conduit.com Toolbar from Your Computer System

One of the problems associated with the Search.conduit.com toolbar is that Search.conduit.com does not include an uninstaller, making the removal of this application somewhat troublesome. The Search.conduit.com toolbar can be removed through the add/remove programs panel in the control panel. However, affected users will have to restore all the changes that this toolbar makes to their web browser preferences. This means restoring the default search engine and home page. Since this can be a tedious process, some computer users may prefer to reinstall their web browser or to restore it to default settings once the Search.conduit.com toolbar has been uninstalled. The Search.conduit.com toolbar is not attacking your computer like other malware, but Search.conduit.com has characteristics that make Search.conduit.com and inconvenience to many computer users.

Aliases: not-a-virus:WebToolbar.Rubar [Ikarus], Adware.Win32.Rubar.a [Baidu-International], PUA.Toolbar.Rubar! [Agnitum], Suspicious_GEN.F47V0309 [TrendMicro-HouseCall], Win64:Malware-gen [Avast], Artemis!Trojan [McAfee-GW-Edition], Artemis!EAF8104FE812 [McAfee], a variant of Win32/ClientConnect.A potentially unw [ESET-NOD32], PUA.ClientConnect [Ikarus], Trojan ( 004b4e961 ) [K7GW], Suspicious_GEN.F47V0223 [TrendMicro-HouseCall], Artemis!CB65DD8AD8BC [McAfee], Generic.ABF [AVG] and Adware.Win32.Conduit.bH [Baidu-International].

Do You Suspect Your PC May Be Infected with Conduit Search/Toolbar & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Conduit Search/Toolbar as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Conduit Search/Toolbar creates the following file(s):
# File Name Size MD5 Detection Count
1 %LOCALAPPDATA%\avaxvyyvyf\avaxvyyvyf.exe 2,557,952 e0b386e7d36bc2459174eb251b9f7c2f 5,167
2 %LOCALAPPDATA%\avaxvyvax\avaxvyvax.exe 2,545,664 4baf784d5c475cd0fd23eb7b5e5099fc 4,680
3 %LOCALAPPDATA%\avayvaxvaa\avayvaxvaa.exe 2,132,992 a0bb20d973618c5a4d8f5b768114672f 4,494
4 %LOCALAPPDATA%\avaavxvyex\avaavxvyex.exe 2,135,552 ced18c00311fab6557daa7bfe9e3ba12 4,476
5 %PROGRAMFILES(x86)%\Tbccint\ToolbarService\ToolbarService.exe 350,528 e9b0f39ac0bf0df78e106d369f1abfd6 4,405
6 %LOCALAPPDATA%\avayvxvaxc\avayvxvaxc.exe 2,562,048 0c933868b86589bcf344e115e25a23df 4,078
7 %LOCALAPPDATA%\NativeMessaging\CT3301689\1_0_0_2\TBMessagingHost.exe 375,072 f817d8021352b78432f595771f6a8d2d 3,841
8 %PROGRAMFILES%\France Toolbar\tbcore3.dll 2,669,728 bed7f9bf0b91a9176c4af2ee157bc438 3,817
9 %PROGRAMFILES%\Conduit\ValueApps\IE\ValueAppsLoader.dll 128,800 028cdaa88b5c340e047baac03c2f6c77 3,494
10 %PROGRAMFILES%\France Toolbar\tbhelper.dll 310,944 b03559bf4499f3707d5221c9743ecd53 3,308
11 %LOCALAPPDATA%\avaxvxvcxe\avaxvxvcxe.exe 2,438,656 89b0df6f1ea024b222b571705eb7a0fe 3,277
12 %LOCALAPPDATA%\WhiteListing\PluginsWhiteListing.dll 194,336 cdc09ef9fe998ed1bb13015c5bf0c07d 3,027
13 %PROGRAMFILES(x86)%\NCH Software\Inventoria\inventoria.exe 1,558,532 b92ba0932cf3a0cb17463844f8da9dd8 2,838
14 %PROGRAMFILES%\free-downloads.net\tbfree.dll 2,349,080 455e61a2cf37f7210df685e2b77bfbe3 2,565
15 %LOCALAPPDATA%\Conduit\BackgroundContainer\BackgroundContainer.dll 319,264 fd42ea980fe1833b3a5eb429273cd1b2 2,017
More files

Registry Details

Conduit Search/Toolbar creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Software\AppDataLow\Software\Conduit
Software\AppDataLow\Software\ConduitSearchScopes
Software\AppDataLow\Software\Smartbar
Software\Microsoft\Internet Explorer\Approved Extensions, value: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
Software\Microsoft\Internet Explorer\SearchScopes\{C75C8562-3492-434E-BB91-5713F32AA418}
SOFTWARE\Classes\Toolbar.CT3272718
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{513FA555-9C4D-4F4F-9CC7-66C1D6D58CE3}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B39734D-8D93-469C-B913-F7094E81C038}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar, value: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJAutoUpdateHelper_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJToolbarHelper_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
SOFTWARE\Wow6432Node\MixiDJ
Software\AppDataLow\Software\Produtools_Manuals_2.1\toolbar
Software\AppDataLow\Software\Begin-download_FLV\toolbar
Software\AppDataLow\Software\TV_Bar_2\toolbar
SOFTWARE\Wow6432Node\conduitEngine
SOFTWARE\Classes\Conduit.Engine
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Software\AppDataLow\Toolbar\RegisteredSources, value: Conduitengine
SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
SOFTWARE\mamverifier
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task
Software\Microsoft\Internet Explorer\DOMStorage\conduit-apps.com
Software\Microsoft\Internet Explorer\DOMStorage\app.mam.conduit.com
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{aefeda6a-9a49-47e5-9307-ecbec7d6d879}
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd06a739-69e1-4516-a870-eaa560fc1740}
Toolbar.CT408137
Software\Google\Chrome\Extensions\adejipnaieabipfpgddkkbahfmlkmilg
Software\Google\Chrome\NativeMessagingHosts\nmhostct408137
Software\Microsoft\Internet Explorer\Approved Extensions, value: {AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879}
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: tb_Conduit_brch.exe
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: tb_Conduit_brie.exe
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{aefeda6a-9a49-47e5-9307-ecbec7d6d879}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879}
SOFTWARE\Classes\Toolbar.CT408137
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACCCF206-C5A9-44AB-A125-7640816A64B7}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACCCF206-C5A9-44AB-A125-7640816A64B7}
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\adejipnaieabipfpgddkkbahfmlkmilg
SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\nmhostct408137
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52BD3347-0BBD-4A89-AA20-23E2A9B8F290}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks, value: {aefeda6a-9a49-47e5-9307-ecbec7d6d879}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{aefeda6a-9a49-47e5-9307-ecbec7d6d879}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd06a739-69e1-4516-a870-eaa560fc1740}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT408137
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52BD3347-0BBD-4A89-AA20-23E2A9B8F290}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2FEEA31-FA13-4388-86EE-1EB928C22CAD}
Software\Microsoft\Internet Explorer\SearchScopes\{996D2AD3-8E68-4788-8D34-5D9281A59058}
Software\Microsoft\Windows\CurrentVersion\Uninstall\CHCT408137
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A72B07D7-B4DA-4AD0-9E2F-BFD948601A28}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A72B07D7-B4DA-4AD0-9E2F-BFD948601A28}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A89CD04-6531-498C-803F-374254489D87}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EAD3ED0-44B2-48ED-B990-1FA6599B6836}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A89CD04-6531-498C-803F-374254489D87}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{996AF698-6CEB-47DF-B467-F596279CE876}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61A1C706-7687-49BA-B1A7-DF7CDD4A213B}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{996AF698-6CEB-47DF-B467-F596279CE876}
Software\AppDataLow\Toolbar\RegisteredSources, value: CT408137
Software\Microsoft\Internet Explorer\SearchScopes\{5EFFDAC1-7C5A-49D2-AD6B-EE78A7E6F4D5}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D70C51B8-8B14-4588-BD9F-774318E284FB}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D70C51B8-8B14-4588-BD9F-774318E284FB}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT2152092
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{876b9240-3ee0-46f8-a351-45febf1b6bed}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{413c77a8-1554-46ac-b5e0-e5ac3c4e839e}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD07E2DD-15FD-4BDD-B758-D2F127CF67EF}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03C95EB2-5FBE-46D5-B37C-99016FB0773D}
SOFTWARE\Google\Chrome\Extensions\bbejhgkacfaffkncbiijcficebdpoomk
SOFTWARE\Conduit_Search
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{413c77a8-1554-46ac-b5e0-e5ac3c4e839e}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD07E2DD-15FD-4BDD-B758-D2F127CF67EF}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03C95EB2-5FBE-46D5-B37C-99016FB0773D}
SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\nmhostct2152092
SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbejhgkacfaffkncbiijcficebdpoomk
SOFTWARE\Wow6432Node\Conduit_Search
SOFTWARE\Classes\Toolbar.CT2152092
Software\Microsoft\Windows\CurrentVersion\Uninstall\CHCT2152092
Software\Google\Chrome\NativeMessagingHosts\nmhostct2152092
Software\AppDataLow\Software\Conduit_Search
Toolbar.CT2152092
Software\Microsoft\Internet Explorer\Approved Extensions, value: {413c77a8-1554-46ac-b5e0-e5ac3c4e839e}
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: tb_Conduit_Search.exe
Software\AppDataLow\Toolbar\RegisteredSources, value: CT2152092
Software\Microsoft\Internet Explorer\SearchScopes\{05A8E91C-DF2E-4EF9-A72C-E58C7F555CE3}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9641BBFC-3E97-48DF-976D-9B09C06EFFC6}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F388662-A784-4DF8-AB84-734BB748C981}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9641BBFC-3E97-48DF-976D-9B09C06EFFC6}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F388662-A784-4DF8-AB84-734BB748C981}
Software\Microsoft\Internet Explorer\SearchScopes\{091D5FC7-E0FB-4DCA-99E0-5DDB0680FC26}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC626AD-D3D3-434C-BCF9-5C039CA95F44}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC626AD-D3D3-434C-BCF9-5C039CA95F44}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{939704A0-A106-4CD2-BB7B-3D49D5F80E45}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{939704A0-A106-4CD2-BB7B-3D49D5F80E45}
Software\Microsoft\Internet Explorer\SearchScopes\{74BB949A-C7C9-4A36-808E-A47C1AB5B9D5}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C612542-94E6-43EA-98B0-919BECA10A8C}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE360403-033A-4D74-BF95-AB02D5604F74}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C612542-94E6-43EA-98B0-919BECA10A8C}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C4753EB-41A9-4C72-8676-2C625476D46B}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF74C2E6-42F5-4283-ADC4-6583BA0614E4}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF74C2E6-42F5-4283-ADC4-6583BA0614E4}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424D92D9-A01B-41E2-995B-1CD1DFC1AE3A}
Software\Microsoft\Internet Explorer\SearchScopes\{F4225DB6-B96B-4533-B188-1C44192C19AB}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FECAC5BD-B69E-4539-959C-E01E93EB888B}
Software\Microsoft\Internet Explorer\SearchScopes\{E891B1CE-466E-45C3-B5B6-CB7C8AC95D21}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7ECA0F7-C358-4771-B18F-3DBFF7922C62}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{140FDBB0-A308-4D91-9954-C91AC448CE89}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7ECA0F7-C358-4771-B18F-3DBFF7922C62}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{140FDBB0-A308-4D91-9954-C91AC448CE89}
Software\Microsoft\Internet Explorer\DOMStorage\conduitapps.com
Toolbar\RegisteredSources, value: CT408137
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6CCBB11-E625-4361-953F-E9E9E9C64138}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3340853C-4CFB-40A9-930F-E0EC95F358E5}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6CCBB11-E625-4361-953F-E9E9E9C64138}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3340853C-4CFB-40A9-930F-E0EC95F358E5}
Software\Microsoft\Internet Explorer\SearchScopes\{E2C5BE6D-D8C9-410D-BBF0-614359E3D9CB}
Software\AppDataLow\Software\TbccintSearchScopes, value: {94BAB700-FE90-4C65-B4ED-FC310E522D19}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02B6EF74-5E5E-4B0C-82F6-F8F8BA725A8E}
Software\Microsoft\Internet Explorer\SearchScopes\{94BAB700-FE90-4C65-B4ED-FC310E522D19}
Software\Tbccint_HKLM
Software\Tbccint
SYSTEM\CurrentControlSet\services\TBSrv
Software\AppDataLow\Software\TbccintSearchScopes
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7CC6C7F-5417-4EAE-AE5C-0EA51506E4D9}
Software\Microsoft\Windows\CurrentVersion\Run, value: APISupport
Software\Microsoft\Internet Explorer\SearchScopes\{9720D87E-F15C-4A01-849C-9B9FD47B17CE}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB52B05E-B9CC-45E3-908D-645020AB112E}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1409B56-EF5C-4BEB-A2C9-1E73C4D750CA}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, value: TBHostSupport
SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: TBHostSupport
Software\Microsoft\Internet Explorer\SearchScopes\{8990461E-4D6A-457A-AF5D-B8AE0E6F93DE}
Software\Microsoft\Internet Explorer\SearchScopes\{11E53E10-2E26-4A29-97CD-18BDC6E3F998}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, value: BackgroundContainerV2
SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: BackgroundContainerV2
Software\Microsoft\Internet Explorer\SearchScopes\{DB9C4404-81ED-4F5B-A984-56835EB05864}
SYSTEM\CurrentControlSet\services\pcregservice
SYSTEM\ControlSet002\services\pcregservice
SYSTEM\ControlSet001\services\pcregservice
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17931E86-6CF6-45F1-A503-4959F7CBC7D5}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks, value: {589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks, value: {589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar, value: {589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Microsoft\Internet Explorer\Toolbar, value: {589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{589d7cff-0173-47a9-966a-9afae3e5c249}
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION, value: Produtools_Manuals_2.1.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, value: ConduitHelper
Software\Microsoft\Internet Explorer\DOMStorage\tbccint.com
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.ex
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit-storage.com
SOFTWARE\Microsoft\Internet Explorer\Toolbar, value: {9843474f-6082-4a44-b63d-5559d9e8c6a8}
SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFACAC1E-2EA5-4484-9B6E-0358D53A9E2B}
SOFTWARE\AstroburnBar\toolbar
SOFTWARE\AppDataLow\Software\AstroburnBar\toolbar
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar, value: {e802027b-1f2b-40bd-b307-0bd96d036835}
SOFTWARE\Microsoft\Internet Explorer\Toolbar, value: {e802027b-1f2b-40bd-b307-0bd96d036835}
SOFTWARE\DT Soft\Astroburn Toolbar
SOFTWARE\Wow6432Node\DT Soft\Astroburn Toolbar
SOFTWARE\PHPNukeEN
SOFTWARE\Wow6432Node\PHPNukeEN
Software\AppDataLow\Software\PHPNukeEN
Software\Microsoft\Internet Explorer\Approved Extensions, value: {C9CEFC16-8DBE-4DB8-A3E5-4C3CE4685756}
Software\Microsoft\Internet Explorer\Approved Extensions, value: {30F9B915-B755-4826-820B-08FBA6BD249D}
SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: BackgroundContainerV3
SOFTWARE\Google\Chrome\Extensions\gnnjdlilhkfmkipgokcdoplmaigijcnp
SOFTWARE\WOW6432Node\Google\Chrome\Extensions\gnnjdlilhkfmkipgokcdoplmaigijcnp
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar, value: {dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Microsoft\Internet Explorer\Toolbar, value: {dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks, value: {dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks, value: {dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
{4BD8E034-E0F4-4509-A753-467A8E854CD8}
CHCT408137
AstroburnBar Toolbar
PHPNukeEN Toolbar
The following CLSID's were found:
HKEY..\..\{CLSID Path}
{07D5F4C5-57FA-4F2F-84F9-72A25BFFA9D7}
{0AB3EDED-39E1-4958-9BAD-21DB9EC4BFBB}
{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{3c471948-f874-49f5-b338-4f214a2ee0b1}
{5ADE4580-1665-47C0-8EA7-F26A0762E681}
{7473b6bd-4691-4744-a82b-7854eb3d70b6}
{AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879}
{afdbddaa-5d3f-42ee-b79c-185a7020515b}
{BD06A739-69E1-4516-A870-EAA560FC1740}
{C0C2693D-2EE8-47B4-9DF7-B67A0EE31988}
{DFBEB35B-444D-4F25-8D7D-EB2683C206EC}

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

2 Comments

  • Arlene:
    5 years ago Reply

    Man This Virus Was So Annoying! Took Me About 3-5 Months To Get It Off! First, I Had To Run Spyhunter's Scan And Remove The Threats. Then, I Had To Initally Remove It. If You See Any Free Downloads. Chances Are, They Could Include Conduit Search/Toolbar. I Highly Recommend That You Buy Spyhunter, Then Turn System Guard On So It Cant Get Onto Your Computer!

  • Aroldo Tissot Júnior:
    4 years ago Reply

    Como faco para deletar este search Protect criminoso que entro no meu PC e nada mais e que um vírus dominante, que aparentemente está oculto em alguma pasta de meu PC e dominou a internet, abre sozinho sites de publicidade, e vive tentando fazer eu instalar novos programas. Como faço para denunciar? Entrou no meu PC quando fui baixar o CCLEANER no Baixaki.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

Comments (2)
By GoldSparrow in Browser Hijackers
Translate To: Japanese
Threat Scorecard
?
The ESL Threat Scorecard is an assessment report that is given to every malware threat that has been collected and analyzed through our Malware Research Center. The ESL Threat Scorecard evaluates and ranks each threat by using several metrics such as trends, incidents and severity over time.

In addition to the effective scoring for each threat, we are able to interpret anonymous geographic data to list the top three countries infected with a particular threat. The data used for the ESL Threat Scorecard is updated daily and displayed based on trends for a 30-day period. The ESL Threat Scorecard is a useful tool for a wide array of computer users from end users seeking a solution to remove a particular threat or security experts pursuing analysis and research data on emerging threats.

Each of the fields listed on the ESL Threat Scorecard, containing a specific value, are as follows:

Ranking: The current ranking of a particular threat among all the other threats found on our malware research database.

Threat Level: The level of threat a particular PC threat could have on an infected computer. The threat level is based on a particular threat's behavior and other risk factors. We rate the threat level as low, medium or high. The different threat levels are discussed in the SpyHunter Risk Assessment Model.

Infected PCs: The number of confirmed and suspected cases of a particular threat detected on infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter's Spyware Scanner.

% Change: The daily percent change in the frequency of infected PCs of a specific threat. The formula for percent changes results from current trends of a specific threat. An increase in the rankings of a specific threat yields a recalculation of the percentage of its recent gain. When a specific threat's ranking decreases, the percentage rate reflects its recent decline. For a specific threat remaining unchanged, the percent change remains in its current state. The % Change data is calculated and displayed in three different date ranges, in the last 24 hours, 7 days and 30 days. Next to the percentage change is the trend movement a specific malware threat does, either upward or downward, in the rankings. Each level of movement is color coded: a green up-arrow (∧) indicates a rise, a red down-arrow (∨) indicates a decline, and a brown equal symbol (=) indicates no change or plateaued.

Top 3 Countries Infected: Lists the top three countries a particular threat has targeted the most over the past month. This data allows PC users to track the geographic distribution of a particular threat throughout the world.
Ranking: 2
Threat Level: 5
Infected PCs: 1,445,595
% Change 30 Days:
0%
7 Days:
0%
1 Day:
9%
Top 3 Countries Infected: Canada, Thailand, Serbia