Conduit Search/Toolbar

By GoldSparrow in Browser Hijackers

Translate To:

Threat Scorecard

Popularity Rank:	153
Threat Level:	50 % (Medium)
Infected Computers:	1,085,419

First Seen:	January 2, 2013
Last Seen:	February 3, 2026
OS(es) Affected:	Windows

Conduit Search/Toolbar Image

Search.conduit.com is an online search engine which is usually accessed through a toolbar for your web browser. This website and toolbar are the work of the Conduit software. There have been various reports that the Search.conduit.com toolbar makes unauthorized changes to your web browser and that, when it comes time to remove this Browser Helper Object, the lack of a legitimate uninstaller causes several problems on the computer on which Search.conduit.com is installed.

Problems Associated with the Search.conduit.com Website and Toolbar

Affected computer users have reported that the Search.conduit.com toolbar causes browser redirects, forcing the affected user to visit the Search.conduit.com web page. Affected users have also found that Conduit's toolbar makes unauthorized changes to their web browser settings, such as changing the browser's homepage or its default search engine toolbar. ESG security researchers strongly recommend that users take extra care when installing browser toolbars. These kinds of applications tend to set off red flags when it comes to computer security since browser toolbar are common delivery vehicles for various kinds of malware. There are varieties of browser toolbars that are really adware, spyware or browser hijackers. Hackers take advantage of security vulnerabilities associated with BHOs (Browser Helper Objects) in order to infect their victims with malware. Toolbars that are advertised as helpful are also a practical way for criminals to take advantage of computer users, which are not very experienced in computer security.

Removing the Search.conduit.com Toolbar from Your Computer System

One of the problems associated with the Search.conduit.com toolbar is that Search.conduit.com does not include an uninstaller, making the removal of this application somewhat troublesome. The Search.conduit.com toolbar can be removed through the add/remove programs panel in the control panel. However, affected users will have to restore all the changes that this toolbar makes to their web browser preferences. This means restoring the default search engine and home page. Since this can be a tedious process, some computer users may prefer to reinstall their web browser or to restore it to default settings once the Search.conduit.com toolbar has been uninstalled. The Search.conduit.com toolbar is not attacking your computer like other malware, but Search.conduit.com has characteristics that make Search.conduit.com and inconvenience to many computer users.

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Ikarus	not-a-virus:WebToolbar.Rubar
Ikarus	PUA.ClientConnect
McAfee	Artemis!EAF8104FE812
McAfee-GW-Edition	Artemis!Trojan
Avast	Win64:Malware-gen
AVG	Generic.ABF
McAfee	Artemis!CB65DD8AD8BC
Antiy-AVL	RiskWare[WebToolbar:not-a-virus]/Win32.Rubar
Kaspersky	not-a-virus:WebToolbar.Win32.Rubar.a
Symantec	WS.Reputation.1
AVG	Generic.4CC
McAfee-GW-Edition	Artemis
McAfee	Artemis!82FC4EAFF415
AVG	SearchProtect.1DD
AhnLab-V3	PUP/Win32.SearchProtect

SpyHunter Detects & Remove Conduit Search/Toolbar

File System Details

Conduit Search/Toolbar may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	A0028368.exe	ced18c00311fab6557daa7bfe9e3ba12	4,617
Name: A0028368.exe MD5: ced18c00311fab6557daa7bfe9e3ba12 Size: 2.13 MB (2135552 bytes) Detections: 4,617 Type: Executable File Path: %SYSTEMDRIVE%\System Volume Information\_restore{06689D21-058A-4446-B0E2-E90A6A353332}\Fifoed\A0028368.exe Group: Malware file Last Updated: September 14, 2025
2.	tbcore3.dll	bed7f9bf0b91a9176c4af2ee157bc438	3,925
Name: tbcore3.dll MD5: bed7f9bf0b91a9176c4af2ee157bc438 Size: 2.66 MB (2669728 bytes) Detections: 3,925 Type: Dynamic link library Path: C:\Program Files (x86)\France Toolbar\tbcore3.dll Group: Malware file Last Updated: May 12, 2025
3.	tbhelper.dll	b03559bf4499f3707d5221c9743ecd53	3,431
Name: tbhelper.dll MD5: b03559bf4499f3707d5221c9743ecd53 Size: 310.94 KB (310944 bytes) Detections: 3,431 Type: Dynamic link library Path: C:\Program Files (x86)\France Toolbar\tbhelper.dll Group: Malware file Last Updated: May 12, 2025
4.	inventoria.exe	b92ba0932cf3a0cb17463844f8da9dd8	2,839
Name: inventoria.exe MD5: b92ba0932cf3a0cb17463844f8da9dd8 Size: 1.55 MB (1558532 bytes) Detections: 2,839 Type: Executable File Path: %PROGRAMFILES(x86)%\NCH Software\Inventoria Group: Malware file Last Updated: February 12, 2020
5.	pcreg.exe	e40132435601968995be3bfcda89d470	2,759
Name: pcreg.exe MD5: e40132435601968995be3bfcda89d470 Size: 25.6 KB (25600 bytes) Detections: 2,759 Type: Executable File Path: C:\Program Files\pcreg\pcreg.exe Group: Malware file Last Updated: February 7, 2022
6.	avayvaxxvae.exe	bb17bcf355b790bf81670c0ca87ba2ec	143
Name: avayvaxxvae.exe MD5: bb17bcf355b790bf81670c0ca87ba2ec Size: 2.13 MB (2136064 bytes) Detections: 143 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\avayvaxxvae\avayvaxxvae.exe Group: Malware file Last Updated: January 10, 2023
7.	NativeMessageHost.exe.vir	b9c364e152fe5f2f0795ef23dae9d9d5	38
Name: NativeMessageHost.exe.vir MD5: b9c364e152fe5f2f0795ef23dae9d9d5 Size: 122.5 KB (122504 bytes) Detections: 38 Path: I:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Chrome\nativeMessagingHost\NativeMessageHost.exe.vir Group: Malware file Last Updated: December 22, 2025
8.	MLSClient.AutoUpdateService.exe	2d4160fc44148d48ecc30b1073b557e1	36
Name: MLSClient.AutoUpdateService.exe MD5: 2d4160fc44148d48ecc30b1073b557e1 Size: 22.52 KB (22528 bytes) Detections: 36 Type: Executable File Path: %PROGRAMFILES%\MLS\1.1.0.2.0.00\AutoUpdate Group: Malware file Last Updated: November 24, 2014
9.	ConduitRBCB_e1v0.exe.vir	977941c772377e27827df41793ec6dae	34
Name: ConduitRBCB_e1v0.exe.vir MD5: 977941c772377e27827df41793ec6dae Size: 122.98 KB (122984 bytes) Detections: 34 Path: C:\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\OpenCandy\AE2D17DCCFAC4E8EB81FFEDF96A61676\ConduitRBCB_e1v0.exe.vir Group: Malware file Last Updated: August 2, 2023
10.	MlsUI.exe	591d9419d5945906f50627286d82e5c5	31
Name: MlsUI.exe MD5: 591d9419d5945906f50627286d82e5c5 Size: 31.74 KB (31744 bytes) Detections: 31 Type: Executable File Path: %PROGRAMFILES%\MLS\1.1.0.2.0.00\App Group: Malware file Last Updated: November 24, 2014
11.	A0121692.exe	f86a73c9497327a20ee960c2abca24a7	15
Name: A0121692.exe MD5: f86a73c9497327a20ee960c2abca24a7 Size: 966.48 KB (966480 bytes) Detections: 15 Type: Executable File Path: D:\BKP_CarlosBraspet 14.11.17\D\BKP_Braspet Carlos 08.03.16\D\bck net-on\System Volume Information\_restore{0B580A12-1B67-4959-9482-73F12CE2D603}\RP242\A0121692.exe Group: Malware file Last Updated: January 23, 2021
12.	TBHostSupport.dll	206a8579f166489f3804c95bd23866eb	14
Name: TBHostSupport.dll MD5: 206a8579f166489f3804c95bd23866eb Size: 458.01 KB (458016 bytes) Detections: 14 Type: Dynamic link library Path: %LOCALAPPDATA%\TBHostSupport Group: Malware file Last Updated: April 28, 2014
13.	prxtbuTor.dll	f539d488bde6d2417bd4819193643251	12
Name: prxtbuTor.dll MD5: f539d488bde6d2417bd4819193643251 Size: 226.59 KB (226592 bytes) Detections: 12 Type: Dynamic link library Path: %PROGRAMFILES%\uTorrentControl_v6 Group: Malware file Last Updated: October 16, 2014
14.	avaxvyvax.exe	21ce5e311a2a0a2cb7529b71c76578f7	8
Name: avaxvyvax.exe MD5: 21ce5e311a2a0a2cb7529b71c76578f7 Size: 2.54 MB (2545664 bytes) Detections: 8 Type: Executable File Path: %LOCALAPPDATA%\avaxvyvax Group: Malware file Last Updated: January 30, 2015
15.	The_Pirate_Bay.exe	92becf79224ac52f9e3943f6040090d7	5
Name: The_Pirate_Bay.exe MD5: 92becf79224ac52f9e3943f6040090d7 Size: 1.31 MB (1314064 bytes) Detections: 5 Type: Executable File Path: %USERPROFILE%\Mina dokument\Min musik Group: Malware file Last Updated: June 15, 2016
16.	PwmNativeMessaging.exe	448e74df1e13d4103466be7465218af6	4
Name: PwmNativeMessaging.exe MD5: 448e74df1e13d4103466be7465218af6 Size: 519.24 KB (519248 bytes) Detections: 4 Type: Executable File Path: %PROGRAMFILES%\Trend Micro\TMIDS\PwmNativeMessaging Group: Malware file Last Updated: June 24, 2020
17.	NativeMessageHost.exe	b6b568ba7404947bd3d6438cd1a69989	2
Name: NativeMessageHost.exe MD5: b6b568ba7404947bd3d6438cd1a69989 Size: 122.5 KB (122504 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES(x86)%\Wajam\Chrome\nativeMessagingHost Group: Malware file Last Updated: October 9, 2020
18.	ConduitHelper.exe	280062cb75b91fbf44abc416fc464a80	2
Name: ConduitHelper.exe MD5: 280062cb75b91fbf44abc416fc464a80 Size: 272.38 KB (272384 bytes) Detections: 2 Type: Executable File Path: %PUBLIC%\Conduit\ConduitHelper Group: Malware file Last Updated: March 30, 2016
19.	APISupport.dll	5691d2e4dce886cab24668a4451c0b05	2
Name: APISupport.dll MD5: 5691d2e4dce886cab24668a4451c0b05 Size: 1.08 MB (1082176 bytes) Detections: 2 Type: Dynamic link library Path: %LOCALAPPDATA%\TB\APISupport Group: Malware file Last Updated: March 23, 2016
20.	fhgc.dll	22684bf4b2ce6d61df96ad3283242b74	1
Name: fhgc.dll MD5: 22684bf4b2ce6d61df96ad3283242b74 Size: 781.31 KB (781312 bytes) Detections: 1 Type: Dynamic link library Path: %LOCALAPPDATA%\NativeMessaging\Temp Group: Malware file Last Updated: April 17, 2014
21.	fogiohohcp.dll	ce90b03d1dc5ed1afeb1c76d55022bd2	1
Name: fogiohohcp.dll MD5: ce90b03d1dc5ed1afeb1c76d55022bd2 Size: 442.88 KB (442880 bytes) Detections: 1 Type: Dynamic link library Path: %LOCALAPPDATA%\Microsoft\NativeMessaging Group: Malware file Last Updated: April 17, 2014
22.	ekneeicf.dll	581b3272fcdab3b63a4d80f8d00c2988	1
Name: ekneeicf.dll MD5: 581b3272fcdab3b63a4d80f8d00c2988 Size: 485.37 KB (485376 bytes) Detections: 1 Type: Dynamic link library Path: %LOCALAPPDATA%\NativeMessaging\Symantec Group: Malware file Last Updated: April 17, 2014
23.	ChromeInstaller.exe	3ea0022c36c504f6bfd405c8204f6d90	1
Name: ChromeInstaller.exe MD5: 3ea0022c36c504f6bfd405c8204f6d90 Size: 1 MB (1002832 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\igdhbblpcellaljokkpfhcjlagemhgjl\Binaries Group: Malware file Last Updated: March 26, 2016
24.	NativeMessagingApp.exe	e521580e5facef89885cdcdb63e91101	1
Name: NativeMessagingApp.exe MD5: e521580e5facef89885cdcdb63e91101 Size: 61.44 KB (61440 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\Sensible Vision\Fast Access\chrome_fasso Group: Malware file Last Updated: April 17, 2014
25.	TBMessagingHost.exe	6d3282fa8d14e621193a4e83ea189a31	1
Name: TBMessagingHost.exe MD5: 6d3282fa8d14e621193a4e83ea189a31 Size: 1.08 MB (1087296 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\NativeMessaging\CT2504091\1_0_2_0 Group: Malware file Last Updated: March 26, 2016
26.	UninstallerUI.exe	3cb679b8f9bf317aa423487a23efe220	1
Name: UninstallerUI.exe MD5: 3cb679b8f9bf317aa423487a23efe220 Size: 1.7 MB (1709168 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Conduit\IE\CT1561552 Group: Malware file Last Updated: March 30, 2016
27.	ConduitCrashHandler.exe	a4185bdaca04cf569cc14de1b0e9013d	1
Name: ConduitCrashHandler.exe MD5: a4185bdaca04cf569cc14de1b0e9013d Size: 144.08 KB (144088 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\Conduit\Update\1.3.25.25 Group: Malware file Last Updated: March 30, 2016
28.	BackgroundContainer.dll	d42c388f33a2099abc3a311691fa406e	1
Name: BackgroundContainer.dll MD5: d42c388f33a2099abc3a311691fa406e Size: 20B (20 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\system32\config\systemprofile\AppData\Local\Conduit\BackgroundContainer Group: Malware file Last Updated: March 23, 2016

More files

Registry Details

Conduit Search/Toolbar may create the following registry entry or registry entries:

CLSID

{1BBF13E0-551E-42DD-91F4-1A547443FFDA}

{30F9B915-B755-4826-820B-08FBA6BD249D}

{3c471948-f874-49f5-b338-4f214a2ee0b1}

{5CF209CF-1B8A-4D23-A927-1165BE2AEFD8}

{7473b6bd-4691-4744-a82b-7854eb3d70b6}

{afdbddaa-5d3f-42ee-b79c-185a7020515b}

{C0C2693D-2EE8-47B4-9DF7-B67A0EE31988}

{DFBEB35B-444D-4F25-8D7D-EB2683C206EC}

{E802027B-1F2B-40BD-B307-0BD96D036835}

File name without path

client.conduit-storage[1].xml

Conduit.xpt

ConduitAutoCompleteSearch.js

ConduitAutoCompleteSearch.xpt

http_app.mam.conduit.com_0.localstorage

http_app.mam.conduit.com_0.localstorage-journal

http_cap1.conduit-apps.com_0.localstorage

http_cap1.conduit-apps.com_0.localstorage-journal

http_search.conduit.com_0.localstorage

http_search.conduit.com_0.localstorage-journal

http_storage.conduit.com_0.localstorage

http_storage.conduit.com_0.localstorage-journal

http_twitter.conduitapps.com_0.localstorage

http_twitter.conduitapps.com_0.localstorage-journal

https_facebook.conduitapps.com_0.localstorage

https_facebook.conduitapps.com_0.localstorage-journal

https_youtube.conduitapps.com_0.localstorage

https_youtube.conduitapps.com_0.localstorage-journal

Regexp file mask

%LOCALAPPDATA%\Conduit\BackgroundContainer\BackgroundContainer.dll

%LOCALAPPDATA%\ConduitInstaller.exe

%LOCALAPPDATA%\CRE\[RANDOM CHARACTERS].crx

%temp%\[RANDOM CHARACTERS]ConduitEngineSetup.exe

%TEMP%\ConduitInstaller.exe

%TEMP%\tbWhit.dll

%USERPROFILE%\Local Settings\Application Data\CRE\[RANDOM CHARACTERS].crx

%WINDIR%\System32\Tasks\BackgroundContainer Startup Task

%WinDir%\System32\Tasks\pcreg

%WinDir%\Tasks\pcreg.job

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\AppDataLow\Software\AstroburnBar\toolbar

Software\AppDataLow\Software\BackgroundContainer

Software\AppDataLow\Software\Begin-download_FLV\toolbar

Software\AppDataLow\Software\Conduit

Software\AppDataLow\Software\conduitEngine

Software\AppDataLow\Software\ConduitSearchScopes

Software\AppDataLow\Software\MixiDJ\toolbar

Software\AppDataLow\Software\PHPNukeEN

Software\AppDataLow\Software\Produtools_Manuals_2.1\toolbar

Software\AppDataLow\Software\Produtools_Manuals_2.1_B2\toolbar

Software\AppDataLow\Software\Smartbar

Software\AppDataLow\Software\Tbccint

Software\AppDataLow\Software\TbccintSearchScopes

Software\AppDataLow\Software\TV_Bar_2\toolbar

Software\AppDataLow\Software\uTorrentControl_v2

SOFTWARE\AppDataLow\Software\YesStreamer_Bar

Software\AppDataLow\Toolbar\RegisteredSources\Conduitengine

Software\AppDataLow\Toolbar\RegisteredSources\CT3272718

SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

SOFTWARE\Classes\Toolbar.CT3272718

SOFTWARE\Conduit

SOFTWARE\DT Soft\Astroburn Toolbar

Software\Google\Chrome\NativeMessagingHosts\nmhostct408137

SOFTWARE\mamverifier

Software\Microsoft\Internet Explorer\Approved Extensions\{30F9B915-B755-4826-820B-08FBA6BD249D}

Software\Microsoft\Internet Explorer\Approved Extensions\{413c77a8-1554-46ac-b5e0-e5ac3c4e839e}

Software\Microsoft\Internet Explorer\Approved Extensions\{AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879}

Software\Microsoft\Internet Explorer\Approved Extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}

Software\Microsoft\Internet Explorer\Approved Extensions\{C9CEFC16-8DBE-4DB8-A3E5-4C3CE4685756}

Software\Microsoft\Internet Explorer\DOMStorage\app.mam.conduit.com

Software\Microsoft\Internet Explorer\DOMStorage\conduit-apps.com

Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Software\Microsoft\Internet Explorer\DOMStorage\conduitapps.com

Software\Microsoft\Internet Explorer\DOMStorage\tbccint.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit-storage.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Produtools_Manuals_2.1.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit_brch.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit_brff.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit_brie.exe

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit_Search.exe

Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

SOFTWARE\Microsoft\Internet Explorer\Toolbar\{589d7cff-0173-47a9-966a-9afae3e5c249}

SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9843474f-6082-4a44-b63d-5559d9e8c6a8}

SOFTWARE\Microsoft\Internet Explorer\Toolbar\{aefeda6a-9a49-47e5-9307-ecbec7d6d879}

SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C9CEFC16-8DBE-4DB8-A3E5-4C3CE4685756}

SOFTWARE\Microsoft\Internet Explorer\Toolbar\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}

SOFTWARE\Microsoft\Internet Explorer\Toolbar\{e802027b-1f2b-40bd-b307-0bd96d036835}

SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{589d7cff-0173-47a9-966a-9afae3e5c249}

Software\Microsoft\Internet Explorer\URLSearchHooks\{AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879}

SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavaevy

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg

SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{589d7cff-0173-47a9-966a-9afae3e5c249}

SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}

Software\Microsoft\Windows\CurrentVersion\Run\APISupport

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BackgroundContainerV2

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BackgroundContainerV3

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ConduitHelper

Software\Microsoft\Windows\CurrentVersion\Run\pcreg

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TBHostSupport

SOFTWARE\PHPNukeEN

Software\Tbccint

Software\Tbccint_HKLM

SOFTWARE\Wow6432Node\Conduit

SOFTWARE\Wow6432Node\conduitEngine

SOFTWARE\Wow6432Node\DT Soft\Astroburn Toolbar

SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\nmhostct408137

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{589d7cff-0173-47a9-966a-9afae3e5c249}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{9843474f-6082-4a44-b63d-5559d9e8c6a8}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{aefeda6a-9a49-47e5-9307-ecbec7d6d879}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C9CEFC16-8DBE-4DB8-A3E5-4C3CE4685756}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{e802027b-1f2b-40bd-b307-0bd96d036835}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\{589d7cff-0173-47a9-966a-9afae3e5c249}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}

SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJAutoUpdateHelper_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJAutoUpdateHelper_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJToolbarHelper_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJToolbarHelper_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{589d7cff-0173-47a9-966a-9afae3e5c249}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BackgroundContainerV2

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ConduitHelper

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\pcreg

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TBHostSupport

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

SOFTWARE\Wow6432Node\MixiDJ

SOFTWARE\Wow6432Node\PHPNukeEN

SYSTEM\ControlSet001\services\pcregservice

SYSTEM\ControlSet001\services\TBSrv

SYSTEM\ControlSet002\services\pcregservice

SYSTEM\CurrentControlSet\services\pcregservice

SYSTEM\CurrentControlSet\services\TBSrv

Toolbar\RegisteredSources\CT408137

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

CHCT408137

PHPNukeEN Toolbar

{4BD8E034-E0F4-4509-A753-467A8E854CD8}

Directories

Conduit Search/Toolbar may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\Conduit

%ALLUSERSPROFILE%\Application Data\Tbccint

%ALLUSERSPROFILE%\Conduit

%ALLUSERSPROFILE%\Tbccint

%LOCALAPPDATA%\Conduit

%LOCALAPPDATA%\TBHostSupport

%LOCALAPPDATA%\Tbccint

%LOCALAPPDATA%\cctbplt

%PROGRAMFILES%\AstroburnBar

%PROGRAMFILES%\Conduit

%PROGRAMFILES%\ConduitEngine

%PROGRAMFILES%\Nova

%PROGRAMFILES%\Tbccint

%PROGRAMFILES%\pcreg

%PROGRAMFILES(x86)%\AstroburnBar

%PROGRAMFILES(x86)%\Conduit

%PROGRAMFILES(x86)%\Nova

%PROGRAMFILES(x86)%\Tbccint

%PUBLIC%\Conduit

%TEMP%\38fdaae5-8e0e-493c-88ec-e05c3be06e42

%TEMP%\AstroburnBar

%TEMP%\CT3302872

%TMP%\ct2571160

%Temp%\CT3302999

%Temp%\CT3310393

%Temp%\CT3317212

%Temp%\ct3311333

%Temp%\mam-ct3317212

%USERPROFILE%\AppData\LocalLow\ConduitEngine

%USERPROFILE%\AppData\LocalLow\PHPNukeEN

%USERPROFILE%\AppData\LocalLow\Tbccint

%USERPROFILE%\Configuración local\Datos de programa\Conduit

%USERPROFILE%\Configurações Locais\Dados de aplicativos\Conduit

%USERPROFILE%\Impostazioni locali\Dati applicazioni\Conduit

%USERPROFILE%\Local Settings\Application Data\Conduit

%USERPROFILE%\Lokale Einstellungen\Anwendungsdaten\Conduit

%USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Conduit

%UserProfile%\AppData\LocalLow\Conduit

%UserProfile%\Local Settings\Application Data\TBHostSupport

%UserProfile%\Local Settings\Application Data\Tbccint

%appdata%\Tbccint

%programfiles%\PHPNukeEN

%programfiles(x86)%\PHPNukeEN

%systemdrive%\users\appdata\locallow\Conduit

%temp%\Conduit

%temp%\ConduitSP

%temp%\ct3309759

URLs

Conduit Search/Toolbar may call the following URLs:

&form=CONMHP&conlogo=CT

ConduitAutoCompleteSearch

npconduitfirefoxplugin

www.ourtoolbar.com

Analysis Report

General information

Family Name:	Conduit Search/Toolbar
Signature status:	Root Not Trusted

Known Samples

MD5: f52e42cb0cc7d9197dd37f614eb887f0

SHA1: fb7eae8f5161cad079e1ee0995002e0994751c3f

SHA256: 21258514DE6C1302B9188DFEB3FB4F5097919E94A6076A5C6474DDEBA6C80CF3

File Size: 2.03 MB, 2027274 bytes

MD5: db85d58e9fcb9d892ca72e0b63aff15f

SHA1: 66c8a8105c880eb780b7797b182541aef0adcbde

SHA256: 818DB6EC6E522E718AE3B3BB2BCB52308FB8B2E646A2E1E17166FF378F300AAC

File Size: 2.69 MB, 2690048 bytes

MD5: c9b90b925974527f5a93e3a8239f32e6

SHA1: 1dd9b3ac065fabd8b3c2a82f7cb999f84dcac3d0

SHA256: 4E366A56BE7F8027E1A6663A68546A1DBFC4A23FEAE1FB6AF258C5191A7683A1

File Size: 193.95 KB, 193947 bytes

MD5: 92164ba78c6490098c91c3a8a8a7948f

SHA1: c2b2cd11723aaf7308be961ad2e51001259eb7fd

SHA256: CB82099265453F11073246313B5A7F49F865A280ED7C066040B2A518C9C6B644

File Size: 2.31 MB, 2308100 bytes

MD5: 0edb6c7b31cee6601686a8900d6572a0

SHA1: 9f6026fd8fa9dac3a2199a815646c417ac8cce20

SHA256: 1E0C765BCB34AF47AC30D39AEA6483B549E70F56C5E63B681E9BA07C3D33D0CF

File Size: 38.91 KB, 38912 bytes

MD5: 1354eec7a827a779169a19d835c6422a

SHA1: f3ee5e866ae35516a06507d51388e63b996f45a3

SHA256: 3753F10F6522D7D1C3C03816433CB6B2B5E14FF7E96044A29DC2EC3C85930360

File Size: 643.24 KB, 643244 bytes

MD5: abdcc944b942344254b6302a66a4ad5c

SHA1: edee9a2be943b5d539009dc7bbe5588b851b69d5

SHA256: 7C844786209435712D47BB53D171A2442849F539BEFB2DCB221054816D1538E9

File Size: 55.81 KB, 55808 bytes

MD5: 63ce763d4a954a9fe0a37ae3c8888abc

SHA1: e8cf01d615df85264b6dbffe0bd5206b37c738db

SHA256: 7E94DB67C4B3B07E773D4B61A53FEDCBD24E6A5C0C72BDCCCB033267130F3A6C

File Size: 5.16 MB, 5162496 bytes

MD5: 83fed3b24c8df1eeb5acbba77f0849b1

SHA1: cc189e8c550e8b491f184ad00ba59bb5836cb960

SHA256: C2670A1A63C2AF28D2AA554E33DE2B9EFFF21C978A59B6BD82CF9EB3B9180799

File Size: 98.30 KB, 98304 bytes

MD5: 7420725d5e68bdb10b486ae109487177

SHA1: 0f4f5c08fc48c998298157f134af05161fdab63d

SHA256: F9CA69C67C116BDDDC9654DE5836939243318165A163EA1992DE32612BFD3A8F

File Size: 2.23 MB, 2229666 bytes

MD5: 3ccf758d3237f3758a88fca340f7fa5a

SHA1: ec085c260d83a400f806201156a9b674a4f355d9

SHA256: 5E2F4E2EB2654AAA183CBA48AEF1C85B07AA16779022285CA394B23081A2F536

File Size: 2.13 MB, 2127332 bytes

MD5: a47e421fad89004b56ea0c6006a4d484

SHA1: 12917758345e291ad16b56ef56bfc22c07d77464

SHA256: 7F1BA8CF1849A4DC1BA0690660746DD2524BE5C170D8B98C86516710255CA56A

File Size: 2.34 MB, 2335232 bytes

MD5: da9aab4dadb984731975fa4b7256c9e8

SHA1: bbea3dd8dd12c13883bd479b6d86b2d8040d8c54

SHA256: 8412E3FCB1D44DC79814BB64846003C74AD3FB3AA367A7A5F7D0D94D7A1191C9

File Size: 2.58 MB, 2580168 bytes

MD5: 5086d1f0b3821c926e1d0391b081c3fb

SHA1: e41231836b719e43b5345e13dd69dca618af7962

SHA256: C3BE661C0E446190C8A9F70EFDE396CB9E47B0C1DFDF79F690C4694758027F6F

File Size: 697.47 KB, 697472 bytes

MD5: 1e7b910757d882eff979c9aa0885a10a

SHA1: 645d0d457db2f58aa2ab305847949a306bcf92ca

SHA256: 33099DF29592E0E9E219B7B7974EF7F56C2E50D4746217C32F0C10880CBB8355

File Size: 1.89 MB, 1885800 bytes

MD5: 42def360b2d9a3de0f360d37ed788ba7

SHA1: bf3973213c8dd5153fbf6f0a84e5f6f9c5c1a91f

SHA256: 50FB74A6647009793AB47F9EA5C600E8499F2103B2D5025D6E25E6F19269D321

File Size: 811.83 KB, 811831 bytes

MD5: 1d22bc323e9a53842f6c470838e60a63

SHA1: 58387aeceee5a466145310fddeadd79d5ba2d55f

SHA256: C5D72843BE6C0FC93D19950942044B31A4E5DFCCF9A4E9CC4C416EE40F525AD1

File Size: 6.03 MB, 6029976 bytes

MD5: b78cfa434e8935855feae01b34161c8e

SHA1: 442bdb2600c16862d5b5d97a5db1aa8f433e9eda

SHA256: CF6AD9B1D2A67BD64A9E2E499EA112B6062B4EFED74DE1786D7FC453F12985D0

File Size: 709.23 KB, 709232 bytes

MD5: 0f008f0736873d199b80d315197dc991

SHA1: 7fe7abb7e884746ac6981ee5da769a8f170890c7

SHA256: 3021561A27398D32F7FFA49CEC3C523258EF7416DF7A1939A94B368D358A65B5

File Size: 8.13 MB, 8128000 bytes

MD5: c8086283449af73a023e71fcc8f5b5be

SHA1: be1f4242a01315e0ca0d5b7c86f88df23824c01f

SHA256: 8EA1F3911061A3D58382195D3591B4FE1C02F013DF7E0EA199B3CA99BBCC5530

File Size: 2.48 MB, 2484736 bytes

MD5: 6bbd172b50f978b4f670553f89855605

SHA1: 1e56a2dca0baa6aa87452a41f4ee4cd1ebddc677

SHA256: 984A71C5D31B9FEEB7595E426674647C250A037A887DA14F317B94CB2997334A

File Size: 2.38 MB, 2381526 bytes

MD5: 3ab416f0ae6a19f4fe6c4f6efb59ccb7

SHA1: 8f9f29d1e4ad3b9995052fa18c03705d508516be

SHA256: 8FA5554CDDA6636F36D5F0603CAC9703438107846702A30E1A1DF4A0AC698FF9

File Size: 6.60 MB, 6601382 bytes

MD5: 0759e2ef0254cb93453e204873e3c477

SHA1: 3d0f65127e8c6d2ffb28e4ec3802386074e5a778

SHA256: 97529991ADE9EA73CABF0E189714C99CB067ED84279FF88D732FF51054E24C5A

File Size: 5.66 MB, 5657088 bytes

MD5: 086774d46c86c4fec1893761e31603b3

SHA1: 78bc4b9a8e24fa3be4dd72e6a62659802a47ee86

SHA256: 6B496D8E98E8A10DAEB39E5F0DD4F6A25D438F0BF466C7FCD2AD93AF4F36F155

File Size: 229.99 KB, 229989 bytes

MD5: 7ea4e58055bd8b2035fd502b00fca3c3

SHA1: 41cc63a673a870c569080e0177dd3959abef9419

SHA256: 9F53FBB72649CFA2FA870F7AFAB140B2BE44FEE0E6943B430510C921EA647976

File Size: 5.13 MB, 5134336 bytes

MD5: be0641a5e7b37adff16a2d23494c2c79

SHA1: 96130c65ed1bc0d380b6be0b131dd723cd0be5c8

SHA256: 8CE5B679E50ACF5C25762C162373E18F42BB4F66B127DC74938966624CCED976

File Size: 2.13 MB, 2127349 bytes

MD5: e93f5d82408fedce1b3b3debd2b097ce

SHA1: 4e8880abd457ee206fc8eb3e6d4f1daa47fce4fe

SHA256: 409255A82463AB12D033E50002BCB330D9AD646F0EDB95AAFBF042855F6C6F97

File Size: 2.62 MB, 2621626 bytes

MD5: a53250e494507273950bab235c86460c

SHA1: 01bccd16dadafc4789907771f3cf569215aa1515

SHA256: 8494FDAC23ED06CF8CA308A162AEC6908D80AC9E0344121C52D9FEBD6C86325D

File Size: 4.93 MB, 4927276 bytes

MD5: 8d7b1ec679801210948cbf2ddd7bc234

SHA1: 7292f633d2d3129a6bbaf1b9c442d0bb2a5fe197

SHA256: 534DA6C150C48DE80C132C4924251CAE3D9A05C59102CD9A569445A48118E7D0

File Size: 148.12 KB, 148118 bytes

MD5: 0301c687a0c834eb17a2542c3ebcb16b

SHA1: 0502d1bdc9fb6f26fd5ca1a1951b85624e7f9015

SHA256: 87A461B41AB50F7230BBFBA80810FA84356694165769432C1D52F8215463AADB

File Size: 1.38 MB, 1384720 bytes

MD5: 4488afc664ec3e44a8061936d9386a67

SHA1: 8790c7fa39911b6ba62e2e95a4e73e8d1335368b

SHA256: A29A0B904E16C271BD339C1E1408591A6FA7843C428A8F23D0DF087D34AF2293

File Size: 391.83 KB, 391832 bytes

MD5: 143e6992dde1b8eae4278514c868a989

SHA1: 69a5a78b1eaa7b2f17a82f6879044ec9294e8b9d

SHA256: 3A4FFBB4BC22B6DAD8105BA94BE8540C2A50D0FF69CEA787989986E7F8F40E76

File Size: 2.37 MB, 2374426 bytes

MD5: 3fa5dfffcb10574849828446ad9e01d3

SHA1: 40d0d84abf0a983fbe6a3a9af9cbea20102fbfda

SHA256: 3818CFD2BA16D0D575C52A68F78F8E4E3C8A26A977FF06AACF3B9729BBC8A7A8

File Size: 193.92 KB, 193923 bytes

MD5: d87069bef3c7211d69f1be08a122821f

SHA1: 21f70f10f866416c911877fa1ae04ed0593b1076

SHA256: D4748F5ECEEF5D7041856AF26A5CDFA5452999C7B0BD19070A8521908C3F6F96

File Size: 2.03 MB, 2033573 bytes

MD5: 9c7fb3fb4202e73fbc1e89a77af86e1e

SHA1: 5e3a1bee51f8d9ba154002b04ac6870bdca4ce10

SHA256: C7B16C71C50499883AF1BDCBD9204D8810FEF813A53C67B06D0F0515EC2B3FE0

File Size: 45.06 KB, 45056 bytes

MD5: 9b6eb967e2950ac600dd87b7df389b9b

SHA1: bafd59ef5cf6a57c7b9a244376ed8900b71265b3

SHA256: E921F0148F1EBA61F5B30244B8F4773FB9E7247621A52506855335F9F50B9B28

File Size: 45.57 KB, 45568 bytes

MD5: fc671f784ce23f639533b52be7671d0c

SHA1: 26a31db5603bae3d5ea295702b4752422b891470

SHA256: 1A940E7B7EBAE7C6EE066938A147A198094DAE275569B1F158658C2AD174714B

File Size: 38.91 KB, 38912 bytes

MD5: 4c967ef096bdff39a697440998939892

SHA1: b323bf2f03e9f95a405ee7639bf55b6d7013faf6

SHA256: E1B2347C0BFA18DC5FBEA899BBE80305347234F77863E2FBBBEB455908F3284A

File Size: 52.22 KB, 52224 bytes

MD5: 677f67dc9806978461318409d5090a7c

SHA1: 99166e4db77233024f2fc0f3682d592ea1adc470

SHA256: AAD86771ECDE8EB9B034BA2201BA071954F783ABF340A6674E6DDCE4A63D931B

File Size: 5.85 MB, 5849601 bytes

MD5: 6d5823e5bcfeb67104d6568919568964

SHA1: 224a2dc9dfa30845217a2d03d13706a4752839b6

SHA256: 94A32CD2D0BBC6AC8FBB96D98F1B023C8573986016FCE4D15028A940BAD97ADE

File Size: 126.60 KB, 126600 bytes

MD5: 213e6a62a226399702a6dd3c780b8cef

SHA1: 86dd604adff48c0f0aace68faaad09469a539434

SHA256: 9ADAB4ADB68FE7B67AEDF27FCD1B83BA1A9D8BEAD23A8AB1802D7900B6D2E0ED

File Size: 234.92 KB, 234920 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File is .NET application
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	0.0.0.0
Checksum	xx
Comments	A build of the ConverterLite Installer. DL Bilingue/bilingual
Company Name	Amnis Technology Ltd BitTorrent Inc. ClientConnect DownloadBoosters LLC eMule Plus Team. NCH Software Oleg N. Scherbakov PC SOFT
File Description	7z Setup SFX BitComet Acceleration Patch BitTorrent conduitinstaller ConverterLite 0.1 Installer Dynamick Toolbar eMule Plus, The eye candy eMule client. Express Rip PC SOFT - DLL PalmConduit Memo PC SOFT - PalmConduit Memo DLL Show More PDF Creator Setup.exe WavePad Sound Editor
File Version	11.00Aa 7.9.3.40761 5.13 5.4.8.0 4.5.189.15 1.71DE 1.2.5.0 1.0.0.1 1, 3, 0, 1501 0.1 Show More 0.0.0.0
Internal Name	7ZSfxNew Assembly-CSharp.dll BitTorrent.exe ConverterLite Installer ExpressRip Meta.WitAi.Conduit.dll Meta.WitAi.Conduit.Editor.dll WavePad
Legal Copyright	ClientConnect Ltd. Conduit Ltd. Copyright (C) 2011 all authors (GPLv3). Copyright © 2005-2009 Oleg N. Scherbakov Copyright © PC SOFT 1993-2006 General Public License (GPL). GPL NCH Software ©2015 BitTorrent, Inc. All Rights Reserved. © DownloadBoosters LLC
Legal Trademarks	ConverterLite
Original Filename	7ZSfxNew.exe Assembly-CSharp.dll BitTorrent.exe Meta.WitAi.Conduit.dll Meta.WitAi.Conduit.Editor.dll setup-converterlite-cw-0.1.exe WDP110MEM.DLL \\192.168.17.111\Bundles\19\159\ct1594719\2963cd6b21ac4da6acb98d3afbaebf0a\Downloads\Prod\DDE1.3.8.8.140217.01\14-02-24-17.19.14.139\TubeBox.exe \\192.168.17.111\Bundles\42\616\ct6162342\4dba910fb13948348b246ae81e5da9ab\Downloads\Prod\DDE1.3.8.8.140309.02\14-03-31-18.16.44.123\InstallConverter.exe
Plateforme	WINDOWS 32
Private Build	September 7, 2009
Product Name	7ZSfxNew BitComet Acceleration Patch BitTorrent ConverterLite WavePad WinDev
Product Version	11.0 7.9.3.40761 1.3.8.8.140309.02 1.3.8.8.140217.01 1, 3, 0, 1501 0.1 0.0.0.0
Special Build	stable34 stable
Version	11.00Aa
Version V I	01A110054b

Digital Signatures

Signer	Root	Status
Amnis Technology Ltd	Amnis Technology Ltd	Self Signed
NCH Software	Thawte Code Signing CA	Self Signed
Conduit Ltd.	VeriSign Class 3 Code Signing 2004 CA	Root Not Trusted
Conduit Ltd.	VeriSign Class 3 Code Signing 2009-2 CA	Root Not Trusted
ClientConnect LTD	VeriSign Class 3 Code Signing 2010 CA	Self Signed

Conduit Ltd.	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Safe Download x3	thawte Primary Root CA	Root Not Trusted

File Traits

.NET
big overlay
BINinO
dll
HighEntropy
MZ (In Overlay)
packed
Wise
WriteProcessMemory
x86

Block Information

Similar Families

NetBus.A
Sqwire.AA

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\c:\users\user\appdata\local\temp\install.log	Generic Write,Read Attributes
c:\c:\users\user\appdata\local\temp\install.log	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\utorrent\settings.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\utorrent\settings.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\utorrent\utorrent.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\utorrent\utorrent.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\utorrent\utorrent.lng	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\utorrent\utorrent.lng	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\captura.bmp	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\earth3d-1_0_5.zip	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\earth3d-1_0_5.zip	Synchronize,Write Data
c:\users\user\appdata\local\temp\emule0.49b-installer1.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\emule0.49b-installer1.exe	Synchronize,Write Data
c:\users\user\appdata\local\temp\emule0.50a-installer.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\emule0.50a-installer.exe	Synchronize,Write Data
c:\users\user\appdata\local\temp\emuleplus-1.2e.installer.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\emuleplus-1.2e.installer.exe	Synchronize,Write Data
c:\users\user\appdata\local\temp\glb2bbb.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glb41ae.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glb4e33.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glb4f54.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glb5bd7.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glb9280.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glb96ab.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glbfdaa.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glc2d8f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc4364.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc5075.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc50db.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc5cf1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc9407.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glc9870.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glcfee3.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glf611b.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glf611b.tmp	Synchronize,Write Data
c:\users\user\appdata\local\temp\glface.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glface.tmp	Synchronize,Write Data
c:\users\user\appdata\local\temp\glg395a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glg4f2e.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glg5533.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glg5c4f.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glg610b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glg9fd1.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glga43a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glgaad.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk2dcf.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk4393.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk50d3.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk510b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk9437.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glk98bf.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glm5d11.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\glmff13.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\n1s.cab	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\n1s.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\n1s.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nchuninst\uninst.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\nsa3030.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3030.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsa3030.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3030.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3030.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3030.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsa3030.tmp\pantallatoolbar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3030.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4e2.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4e2.tmp\webapphost.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsbbe45.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\pantallapubli	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsbbe45.tmp\pantallapubli	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsbbe45.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc3934.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse7834.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7834.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nse7834.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7834.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7834.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7834.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nse7834.tmp\pantallatoolbar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7834.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg160e.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg160e.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsg160e.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg160e.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg160e.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg160e.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsg160e.tmp\pantallatoolbar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg160e.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5fe4.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5fe4.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsg5fe4.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5fe4.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5fe4.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5fe4.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsg5fe4.tmp\pantallatoolbar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5fe4.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg62bd.tmp\converterlite.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg62bd.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg62bd.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg62bd.tmp\splash.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg62bd.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg6658.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg6658.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsg6658.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg6658.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg6658.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg6658.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsg6658.tmp\pantallatoolbar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg6658.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsifd50.tmp\tb.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjfee6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nskfc.tmp.tbexpr.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl628d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nslbc61.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nslbc62.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm4d2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nspa405.tmp\emule_installer_page4user.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nspa405.tmp\emule_installer_page4user.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspa405.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq15ec.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq15ec.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsq15ec.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq15ec.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq15ec.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq15ec.tmp\pantallapubli	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsq15ec.tmp\pantallapubli	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq15ec.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq62ac.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq62ad.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq62ad.tmp\webapphost.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3944.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3944.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsr3944.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3944.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3944.tmp\p2p-toolbar-screenshot.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3944.tmp\p2p_torrent.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3944.tmp\p2p_torrent.xpi	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3944.tmp\setup.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsr3944.tmp\setup.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr3944.tmp\vcredist_x86.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstf173.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstf173.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nstf173.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstf173.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstf173.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstf173.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nstf173.tmp\pantallatoolbar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\alerts_icon.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\home_icon.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\license.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\publisherlogodefault.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\revert_icon.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\search_icon.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\setup_top.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstff16.tmp\truste_setup.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe26.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe26.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nswbe26.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe26.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe26.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbe26.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nswbe26.tmp\pantallatoolbar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx4a9f.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx4a9f.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsx4a9f.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx4a9f.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx4a9f.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx4a9f.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsx4a9f.tmp\pantallatoolbar	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx4a9f.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxd55.tmp\background.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxd55.tmp\header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxd55.tmp\header_dl.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxd55.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxd55.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxd55.tmp\modern-wizard.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxd55.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxd55.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyca4d.tmp\background.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyca4d.tmp\header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyca4d.tmp\header_dl.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyca4d.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyca4d.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyca4d.tmp\modern-wizard.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsyca4d.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyca4d.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz2b4d.tmp\installoptions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz2b4d.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsz2b4d.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz2b4d.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz2b4d.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz2b4d.tmp\pantallatoolbar	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsz2b4d.tmp\pantallatoolbar	Generic Write,Read Attributes

21 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	澸ȁ龡^獖}좟Ê	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\nch software\wavepad\registration::name		RegNtPreCreateKey
HKCU\software\microsoft\registration\nch::wavepad	1	RegNtPreCreateKey
HKCU\software\nch software\wavepad\registration::rd	aVQ&	RegNtPreCreateKey

HKLM\software\wow6432node\express-files\toolbar::markoldapps	FALSE	RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main\featurecontrol\feature_browser_emulation::e41231836b719e43b5345e13dd69dca618af7962_0000697472	⫸	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main\featurecontrol\feature_browser_emulation::442bdb2600c16862d5b5d97a5db1aa8f433e9eda_0000709232	⫸	RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess ShellExecuteEx
Service Control	OpenSCManager
Network Info Queried	GetAdaptersAddresses GetIpAddrTable
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtDuplicateToken Show More ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile UNKNOWN
Network Winsock2	WSAStartup WSAttemptAutodialName
Other Suspicious	AdjustTokenPrivileges
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winsock	connect freeaddrinfo getaddrinfo gethostbyname gethostname inet_addr send socket
Cert Store Read	CertOpenStore
Cert Store Write	CertAddCertificateContextToStore
Network Wininet	InternetConnect InternetOpen
Network Winhttp	WinHttpOpen

Shell Command Execution


							C:\Users\Amqjqnol\AppData\Local\Temp\GLB4F54.tmp C:\Users\Amqjqnol\AppData\Local\Temp\GLB4F54.tmp 4736 c:\users\user\DOWNLO~1\66C8A8~1


							(NULL) C:\Users\Amqjqnol\appdata\local\temp\\SOFTON~1.EXE /s -silent -DefaultSearch=TRUE  -StartPage=TRUE      -showPersonalCompDialog=FALSE


							C:\Users\Amqjqnol\AppData\Local\Temp\GLB5BD7.tmp C:\Users\Amqjqnol\AppData\Local\Temp\GLB5BD7.tmp /s -silent -DefaultSearch=TRUE  -StartPage=TRUE      -showPersonalCompDialog=FALSE  4736 C:\Users\Amqjqnol\appdata\local\temp\SOFTON~1.EXE


							open C:\Users\Nmvpenlf\AppData\Local\Temp\nchuninst\uninst.exe -u


							C:\Users\Cafmwnnr\AppData\Local\Temp\GLB9280.tmp C:\Users\Cafmwnnr\AppData\Local\Temp\GLB9280.tmp 4736 c:\users\user\DOWNLO~1\E8CF01~1


									(NULL) C:\Users\Cafmwnnr\appdata\local\temp\EMULE0~1.EXE


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\cc189e8c550e8b491f184ad00ba59bb5836cb960_0000098304.,LiQMAxHB


									"C:\Users\Zxvzvota\AppData\Local\Temp\nsiFD50.tmp\tb.exe" -installsp=false


									(NULL) uTorrent.exe


									C:\Users\Lnioyjls\AppData\Local\Temp\GLB96AB.tmp C:\Users\Lnioyjls\AppData\Local\Temp\GLB96AB.tmp 4736 c:\users\user\DOWNLO~1\7FE7AB~1


									(NULL) C:\Users\Lnioyjls\appdata\local\temp\\EMULE0~1.EXE


									C:\Users\Yrhmnrbv\AppData\Local\Temp\GLB41AE.tmp C:\Users\Yrhmnrbv\AppData\Local\Temp\GLB41AE.tmp 4736 c:\users\user\DOWNLO~1\BE1F42~1


									C:\Users\Sasnmjrf\AppData\Local\Temp\GLB4E33.tmp C:\Users\Sasnmjrf\AppData\Local\Temp\GLB4E33.tmp 4736 c:\users\user\DOWNLO~1\3D0F65~1


									C:\Users\Kxwgrvia\AppData\Local\Temp\GLB2BBB.tmp C:\Users\Kxwgrvia\AppData\Local\Temp\GLB2BBB.tmp 4736 c:\users\user\DOWNLO~1\41CC63~1


									(NULL) C:\Users\Kxwgrvia\appdata\local\temp\\EMULEP~1.EXE


									C:\Users\Rcgkluuy\AppData\Local\Temp\GLBFDAA.tmp C:\Users\Rcgkluuy\AppData\Local\Temp\GLBFDAA.tmp 4736 c:\users\user\DOWNLO~1\0502D1~1


									(NULL) C:\Users\Lsslgtvs\AppData\Local\Temp\n1s.exe "c:\users\user\downloads\8790c7fa39911b6ba62e2e95a4e73e8d1335368b_0000391832"

2 Comments

Arlene 12 years ago Reply

Man This Virus Was So Annoying! Took Me About 3-5 Months To Get It Off! First, I Had To Run Spyhunter's Scan And Remove The Threats. Then, I Had To Initally Remove It. If You See Any Free Downloads. Chances Are, They Could Include Conduit Search/Toolbar. I Highly Recommend That You Buy Spyhunter, Then Turn System Guard On So It Cant Get Onto Your Computer!

Aroldo Tissot Júnior 11 years ago Reply

Como faco para deletar este search Protect criminoso que entro no meu PC e nada mais e que um vírus dominante, que aparentemente está oculto em alguma pasta de meu PC e dominou a internet, abre sozinho sites de publicidade, e vive tentando fazer eu instalar novos programas. Como faço para denunciar? Entrou no meu PC quando fui baixar o CCLEANER no Baixaki.

Conduit Search/Toolbar

Threat Scorecard

EnigmaSoft Threat Scorecard

Problems Associated with the Search.conduit.com Website and Toolbar

Removing the Search.conduit.com Toolbar from Your Computer System

Aliases

SpyHunter Detects & Remove Conduit Search/Toolbar

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

2 Comments

Submit Comment

Trending

Most Viewed