FromDocToPDF Internet Explorer Toolbar

FromDocToPDF Internet Explorer Toolbar

Known Toolbar

by Mindspark Interactive Network

What is FromDocToPDF Internet Explorer Toolbar?

FromDocToPDF Internet Explorer Toolbar is software application developed by Mindspark Interactive Network. It is most commonly found on computers running Windows 7 with nearly 54.02% of installations running this operating system. FromDocToPDF Internet Explorer Toolbar's installer is typically 9.00 MB in size and installs around 57 files. The most common release is 11.0.9600.16438 with 0.19% of all installations currently using this version.

FromDocToPDF Internet Explorer Toolbar is most popular in the United States with 65.89% of installations residing in this country.

FromDocToPDF Internet Explorer Toolbar adds 3 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times.

About FromDocToPDF Internet Explorer Toolbar?

The FromDocToPDF Internet Explorer Toolbar is a browser extension designed to modify the search and home pages of Internet Explorer. It is intended to generate search advertising revenue by altering the search provider and preserving it as the default browser search engine. This software is typically distributed as a bundled offer within third-party software installations, often in partnership with third-party publishers to optimize installation revenue. When installed, the toolbar changes the default search engine, including the browser's built-in search box and address bar, as well as the default home page and new tabs, while safeguarding the modified search settings.

Multiple virus scanners have detected malware in FromDocToPDF Internet Explorer Toolbar.

AppIntegrator64.exe (MD5: f6dc4156b10629b1bcb37152d3523326) has been flagged by 14 scanners:
Scanner Software Result
avast! Win32:Mindspark-A [PUP]
AVG Zango
Dr.Web Adware.MyWebSearch.47
ESET-NOD32 Win64/Toolbar.MyWebSearch.A
K7 AntiVirus Trojan ( 004703fc1 )
K7GW Trojan ( 004703fc1 )
nProtect Adware/W32.Agent.548936
Rising Antivirus PE:Trojan.Win32.Generic.14B467E4!347367396
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Baidu-International Adware.Win32.MyWebSearch.bQ
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
Panda Antivirus Adware/WebSearch
Tencent Win32.Trojan.Falsesign.Ahei
TrendMicro-HouseCall TROJ_GEN.F47V0603
APPINTEGRATOR.EXE (MD5: e14cededde0adaf05dbe6119b9f6b12a) has been flagged by 8 scanners:
Scanner Software Result
avast! Win32:Mindspark-A [PUP]
AVG Zango
Baidu-International Adware.Win32.MyWebSearch.bQ
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
Panda Antivirus Adware/WebSearch
Tencent Win32.Trojan.Falsesign.Ahei
TrendMicro-HouseCall TROJ_GEN.F47V0603
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
65brmon64.exe (MD5: 0d9d1e8096a7f5402e8fe0fa845aa1f3) has been flagged by 7 scanners:
Scanner Software Result
avast! Win32:Mindspark-A [PUP]
AVG Zango
Baidu-International Adware.Win32.MyWebSearch.bQ
Panda Antivirus Adware/WebSearch
Tencent Win32.Trojan.Falsesign.Ijd
TrendMicro-HouseCall TROJ_GEN.F47V0603
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
65brmon.exe (MD5: 3e1dfacf17584f0aa2372f993ec15618) has been flagged by 25 scanners:
Scanner Software Result
Avira AntiVir TR/Trash.Gen
avast! Win32:FunWeb-K [PUP]
Comodo Security UnclassifiedMalware
Dr.Web Trojan.Damaged.1
IKARUS anti.virus Trojan.Trash
McAfee-GW-Edition Heuristic.BehavesLike.Exploit.CodeExec.I
PC Tools HeurEngine.MalPE
SUPERAntiSpyware Trojan.Agent/Gen-Nullo[Short]
Symantec Bloodhound.MalPE
TrendMicro-HouseCall TROJ_GEN.RCBH1KE
AVG Zango
Baidu-International Adware.Win32.MyWebSearch.bQ
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
Malwarebytes PUP.Optional.AudioToAudioToolBar.A
Panda Antivirus Adware/WebSearch
Tencent Win32.Trojan.Falsesign.Dsze
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Agnitum Outpost PUA.Toolbar.MyWebSearch!
ESET-NOD32 a variant of Win32/Toolbar.MyWebSearch.AI
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.sr
Zillya Adware.MyWebSearch.Win32.766
K7 AntiVirus Trojan ( 004703fc1 )
K7GW Trojan ( 004703fc1 )
nProtect Adware/W32.Agent.548936
Rising Antivirus PE:Trojan.Win32.Generic.14B467E4!347367396
65barsvc.exe (MD5: 100eef7d7187a738b98a03694048eeb8) has been flagged by 18 scanners:
Scanner Software Result
avast! Win32:Mindspark-A [PUP]
AVG Zango
Baidu-International Adware.Win32.MyWebSearch.bQ
Kingsoft AntiVirus Win32.Troj.Undef.(kcloud)
Malwarebytes PUP.Optional.AudioToAudioToolBar.A
Panda Antivirus Adware/WebSearch
Tencent Win32.Trojan.Falsesign.Dsze
TrendMicro-HouseCall TROJ_GEN.F47V0603
VIPRE Antivirus MyWebSearch.J (v) (not malicious)
Agnitum Outpost PUA.Toolbar.MyWebSearch!
ESET-NOD32 a variant of Win32/Toolbar.MyWebSearch.AI
Kaspersky not-a-virus:WebToolbar.Win32.MyWebSearch.sr
Zillya Adware.MyWebSearch.Win32.766
Dr.Web Adware.MyWebSearch.47
K7 AntiVirus Trojan ( 004703fc1 )
K7GW Trojan ( 004703fc1 )
nProtect Adware/W32.Agent.548936
Rising Antivirus PE:Trojan.Win32.Generic.14B467E4!347367396

Software Behaviors

Services:
  • 65barsvc.exe runs as a service named 'ConservativeTalkNowService' (ConservativeTalkNow_4nService).
Scheduled tasks:
  • AppIntegrator64.exe is scheduled as a task named 'Price Fountain' (runs daily at 4:45 PM).
  • 65medint.exe is scheduled as a task with the class '{CEC2F177-6434-48CF-AEA5-AB1F3AD5E60A}' (runs on registration).
  • 65SrchMn.exe is scheduled as a task named 'MetaCrawler' (runs daily at 15:24).

Startup Entries

Startup tasks:
  • AppIntegrator64.exe is automatically launched at startup through a scheduled task named 7.
  • 65SrchMn.exe is automatically launched at startup through a scheduled task named 3.
  • 65medint.exe is automatically launched at startup through a scheduled task named 2.
  • 65brmon64.exe is automatically launched at startup through a scheduled task named 5.
  • 65brmon.exe is automatically launched at startup through a scheduled task named 4.
Registry entries:
  • 65medint.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'MapsGalaxy EPM Support' and executes as "C:\Program Files2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S.
  • 65brmon64.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'MapsGalaxy_39 Browser Plugin Loader 64' and executes as C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon64.exe.
  • 65brmon.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'ctfmon.exe' and executes as C:\Program Files3\rundll32.exe C:\Program Files3\lni28.dat,FG00.
  • 65SrchMn.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Hoolapp Android' and executes as "C:\users\user\appdata\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized.

Software Details

URL:
https://support.mindspark.com
Support:
–
Installation path:
C:\Program Files\FromDocToPDF_65\bar\1.bin
Uninstaller:
rundll32 "C:\Program Files\FromDocToPDF_65\bar\1.bin\65Bar.dll",O mindsparktoolbarkey="FromDocToPDF_65" uninstalltype="IE"
Size:
9.00 MB
Language:
English

FromDocToPDF Internet Explorer Toolbar Executable Details

Primary executable:
65bar.dll
Name:
FromDocToPDF Internet Explorer Toolbar
Path:
C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll
MD5:
96a060cf33a2c42617cf13224a47db07
SHA-1:
–
SHA-256:
–
Files installed by FromDocToPDF Internet Explorer Toolbar
File Type Filename MD5
DLL
65httpct.dll
6df45cd8b40014f94f1a949fb96d3284
DLL
65datact.dll
70a6b86cb0a6a3f7b35421ec7b9f5b7f
DLL
65skin.dll
00fbbb2b564dd1f2f54ed0810a08b8d9
DLL
65script.dll
2c0327baa4c4e39bc839fcaeb7156dd2
DLL
65mlbtn.dll
896943b4b92b7e3f406844674f629076
DLL
65htmlmu.dll
65871eaefe51bf6ba0731f4fc62c2f55
DLL
65feedmg.dll
f18d8bcb38dfd1409cf19f3ebd3de3ea
DLL
65brstub64.dll
f04c0efeafa8302e5b52d13cb0916ed3
DLL
65brstub.dll
d3efe03300caf0fa2215206280d31220
EXE
65brmon64.exe
Malware
0d9d1e8096a7f5402e8fe0fa845aa1f3