zChris Posted March 15, 2014 ID:803318 Share Posted March 15, 2014 Hi all, I wasn't expecting to be back so soon I picked up a Windows 7 disk and got my old computer up and running again. The first thing I did was download MalwareBytes and run a full scan. It was looking good with only 10 items found. When it got to the last few folders, it found another 500+ items. Here's the log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.03.14.08Windows 7 x64 NTFSInternet Explorer 8.0.7600.16385Administrator :: WIN-HT6TJ7B4HIO [administrator]3/14/2014 10:34:42 PMmbam-log-2014-03-14 (22-34-42).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 949177Time elapsed: 2 hour(s), 33 minute(s),Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 37C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\FunWebProducts\Installr (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.Files Detected: 498C:\Backup\Louise\AppData\Roaming\Microsoft\Windows Security\Windows Security.exe (Trojan.MSIL) -> Quarantined and deleted successfully.C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (PUP.Optional.Inbox) -> Quarantined and deleted successfully.C:\Users\Louise\Downloads\l337install.zip (Trojan.FakeFirefox) -> Quarantined and deleted successfully.C:\Users\Louise\Downloads\pzn-nsft.zip (Malware.Packer.Gen) -> Quarantined and deleted successfully.C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\80000064.@ (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Users\Louise\AppData\Roaming\WinSec.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\sysid.ini (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\uninstall.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SessionRestore.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
zChris Posted March 15, 2014 Author ID:803319 Share Posted March 15, 2014 I thought I would mention this before-hand.. I've already removed a program called uTorrent and PowerISO. I believe those were the programs that my son was using to download games.. I'm not sure if any files remain on my computer. I apologize ahead of time if anything shows up. Let me know, and I will be more than happy to remove it before continuing. Link to post Share on other sites More sharing options...
aharonov Posted March 15, 2014 ID:803362 Share Posted March 15, 2014 Hi Chris, well the vast majority of these found items is not dangerous. But in between them there are also a few files that are real malware. So we definitively should have a closer look: Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
zChris Posted March 15, 2014 Author ID:803556 Share Posted March 15, 2014 Hey Aharonov, I don't know if this will matter or not..but I'm working on getting SysPrep to run correctly right now as well. I'm stuck at trying to run the OOBE, and I keep getting installation errors. Here is the FRST.txt Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Administrator (administrator) on WIN-HT6TJ7B4HIO on 15-03-2014 15:55:34Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LS0C9W2Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe(Microsoft Corporation) C:\Windows\system32\sysprep\sysprep.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Farbar) C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LS0C9W2\FRST64[1].exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)HKLM-x32\...\RunOnce: [identityCardFUB] - C:\Windows\oem\IdentityCard\FUB.exe [227872 2009-10-08] ()Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50==================== Services (Whitelisted) =================R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [126904 2010-05-22] (Symantec Corporation)==================== Drivers (Whitelisted) ====================S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-03-15 15:55 - 2014-03-15 15:55 - 00000000 ____D () C:\FRST2014-03-14 22:33 - 2014-03-14 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes2014-03-14 22:32 - 2014-03-14 22:32 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-14 22:32 - 2014-03-14 22:32 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-14 22:32 - 2014-03-14 22:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-14 22:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-14 22:17 - 2014-03-14 22:01 - 00002504 _____ () C:\Users\Administrator\Desktop\setuperr.log2014-03-14 22:09 - 2014-03-14 22:47 - 00007600 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg2014-03-14 17:12 - 2014-03-14 17:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Best Buy pc app2014-03-14 17:05 - 2014-03-14 17:05 - 00000383 _____ () C:\Windows\DirectX.log2014-03-14 17:02 - 2014-03-14 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment2014-03-14 17:02 - 2014-03-14 17:02 - 00000398 _____ () C:\Users\Administrator\Desktop\pc app.appref-ms2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\PackageAware2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.02014-03-14 17:00 - 2014-03-14 17:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla2014-03-14 16:44 - 2014-03-15 15:19 - 00059740 _____ () C:\Windows\WindowsUpdate.log==================== One Month Modified Files and Folders =======2014-03-15 15:55 - 2014-03-15 15:55 - 00000000 ____D () C:\FRST2014-03-15 15:35 - 2009-07-13 21:46 - 00005730 _____ () C:\Windows\DtcInstall.log2014-03-15 15:23 - 2009-07-13 22:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-15 15:23 - 2009-07-13 21:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-03-15 15:23 - 2009-07-13 21:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-03-15 15:19 - 2014-03-14 16:44 - 00059740 _____ () C:\Windows\WindowsUpdate.log2014-03-15 15:16 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-15 15:16 - 2009-07-13 21:51 - 00026434 _____ () C:\Windows\setupact.log2014-03-15 15:15 - 2007-07-11 18:49 - 00000000 ____D () C:\Windows\Panther2014-03-15 01:46 - 2012-06-26 00:19 - 00199724 _____ () C:\Windows\PFRO.log2014-03-15 01:25 - 2012-06-08 22:19 - 00000000 ____D () C:\Program Files (x86)\FunWebProducts2014-03-15 01:25 - 2011-10-15 10:05 - 00000000 ____D () C:\Program Files (x86)\Inbox Toolbar2014-03-14 22:47 - 2014-03-14 22:09 - 00007600 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg2014-03-14 22:33 - 2014-03-14 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes2014-03-14 22:32 - 2014-03-14 22:32 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-14 22:32 - 2014-03-14 22:32 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-14 22:32 - 2014-03-14 22:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-14 22:29 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries2014-03-14 22:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment2014-03-14 22:01 - 2014-03-14 22:17 - 00002504 _____ () C:\Users\Administrator\Desktop\setuperr.log2014-03-14 18:00 - 2011-02-23 02:37 - 00011971 _____ () C:\Windows\patch.log2014-03-14 17:20 - 2010-11-10 12:40 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM2014-03-14 17:18 - 2011-02-22 06:51 - 00000000 ___HD () C:\OEM2014-03-14 17:12 - 2014-03-14 17:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Best Buy pc app2014-03-14 17:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help2014-03-14 17:05 - 2014-03-14 17:05 - 00000383 _____ () C:\Windows\DirectX.log2014-03-14 17:04 - 2011-01-31 04:01 - 00000413 _____ () C:\Windows\system32\oem_Get_OS_Language.log2014-03-14 17:03 - 2011-01-31 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office2014-03-14 17:02 - 2014-03-14 17:02 - 00000398 _____ () C:\Users\Administrator\Desktop\pc app.appref-ms2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\PackageAware2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.02014-03-14 17:02 - 2011-01-31 03:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-14 17:02 - 2011-01-31 03:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-14 17:02 - 2011-01-31 03:59 - 00000000 ____D () C:\ProgramData\Best Buy pc app2014-03-14 17:01 - 2012-09-03 14:58 - 00505128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll2014-03-14 17:01 - 2012-09-03 14:58 - 00353576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll2014-03-14 17:01 - 2011-01-31 03:58 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll2014-03-14 17:00 - 2014-03-14 17:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla2014-03-14 16:56 - 2010-11-10 12:39 - 00002035 _____ () C:\RHDSetup.log2014-03-14 16:44 - 2009-10-05 13:30 - 00000000 ____D () C:\Windows\DeployWinRE22014-03-14 16:42 - 2011-05-01 22:07 - 00000000 __SHD () C:\Recovery2014-03-14 16:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep2014-03-14 16:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\RecoveryZeroAccess:C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\@C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\00000004.@C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\L\00000004.@C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\L\201d3ddeZeroAccess:C:\Windows\assembly\GAC_32\Desktop.iniZeroAccess:C:\Windows\assembly\GAC_64\Desktop.iniZeroAccess:C:\Users\Louise\AppData\Local\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}Files to move or delete:====================C:\Users\Louise\AppData\Roaming\RSBuddy Login.iniC:\Users\Louise\jagex_cl_runescape_LIVE.dat==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-03-14 18:03==================== End Of Log ========================= Link to post Share on other sites More sharing options...
zChris Posted March 15, 2014 Author ID:803558 Share Posted March 15, 2014 And here is the Additional.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by Administrator at 2014-03-15 15:56:16Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LS0C9W2Boot Mode: Normal============================================================================== Security Center ========================AV: Norton Internet Security (Disabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}==================== Installed Programs ======================Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) HiddenAdobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)Advertising Center (x32 Version: 0.0.0.2 - Nero AG) HiddenBest Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.1.1.0 - Best Buy)Best Buy pc app (Version: 3.1.1.0 - Best Buy) HiddenBest Buy pc app (x32 Version: 3.1.1.0 - Best Buy) HiddenCyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2931.50 - CyberLink Corp.)CyberLink PowerDVD 9 (x32 Version: 9.0.2931.50 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenGateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3015 - Gateway Incorporated)Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0825.2010 - Gateway Incorporated)Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Gateway Incorporated)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)ImagXpress (x32 Version: 7.0.74.0 - Nero AG) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenNero 9 Essentials (HKLM-x32\...\{47bd9548-9d52-4ec6-930f-df573e36962b}) (Version: - Nero AG)Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) HiddenNero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) HiddenNero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) HiddenNero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) HiddenNero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) HiddenNero Express Help (x32 Version: 9.4.37.100 - Nero AG) HiddenNero InfoTool (x32 Version: 6.4.12.100 - Nero AG) HiddenNero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) HiddenNero Installer (x32 Version: 4.4.9.0 - Nero AG) HiddenNero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) HiddenNero StartSmart (x32 Version: 9.4.37.100 - Nero AG) HiddenNero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) HiddenNero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) HiddenNeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hiddenneroxml (x32 Version: 1.0.0 - Nero AG) HiddenNorton Internet Security (HKLM-x32\...\NIS) (Version: 18.0.0.128 - Symantec Corporation)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3005 - Gateway Incorporated)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden==================== Restore Points =========================15-03-2014 08:21:19 MBAM Scan==================== Hosts content: ==========================2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============Task: {A87DFF10-C54B-474A-8182-FA424AFA1D92} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2010-08-18] (Acer)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{F7171E66-01DE-4581-83CF-A29CCEA56026}.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3412091256-1999745169-456823300-1000Core.job => C:\Users\Louise\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3412091256-1999745169-456823300-1000UA.job => C:\Users\Louise\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe==================== Loaded Modules (whitelisted) ================================= Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\ProgramData\Temp:02CC0035AlternateDataStreams: C:\ProgramData\Temp:0410A323AlternateDataStreams: C:\ProgramData\Temp:041C0562AlternateDataStreams: C:\ProgramData\Temp:04EAB86FAlternateDataStreams: C:\ProgramData\Temp:0B352B60AlternateDataStreams: C:\ProgramData\Temp:0B4227B4AlternateDataStreams: C:\ProgramData\Temp:0ED1C542AlternateDataStreams: C:\ProgramData\Temp:10CB85CAAlternateDataStreams: C:\ProgramData\Temp:1234ADAEAlternateDataStreams: C:\ProgramData\Temp:14B2E0BDAlternateDataStreams: C:\ProgramData\Temp:159A493AAlternateDataStreams: C:\ProgramData\Temp:17EB5BAEAlternateDataStreams: C:\ProgramData\Temp:19474103AlternateDataStreams: C:\ProgramData\Temp:1A3E8375AlternateDataStreams: C:\ProgramData\Temp:1B389835AlternateDataStreams: C:\ProgramData\Temp:1D6B18F1AlternateDataStreams: C:\ProgramData\Temp:1DB77A89AlternateDataStreams: C:\ProgramData\Temp:1E942FB9AlternateDataStreams: C:\ProgramData\Temp:206470A5AlternateDataStreams: C:\ProgramData\Temp:2216A431AlternateDataStreams: C:\ProgramData\Temp:244E4E3AAlternateDataStreams: C:\ProgramData\Temp:24C072FFAlternateDataStreams: C:\ProgramData\Temp:2652902FAlternateDataStreams: C:\ProgramData\Temp:2AE74FF9AlternateDataStreams: C:\ProgramData\Temp:2B856118AlternateDataStreams: C:\ProgramData\Temp:2B9555D8AlternateDataStreams: C:\ProgramData\Temp:2C84CA43AlternateDataStreams: C:\ProgramData\Temp:2CB9631FAlternateDataStreams: C:\ProgramData\Temp:2D2461E7AlternateDataStreams: C:\ProgramData\Temp:2E636DD9AlternateDataStreams: C:\ProgramData\Temp:32289BE8AlternateDataStreams: C:\ProgramData\Temp:3241739EAlternateDataStreams: C:\ProgramData\Temp:366EFA1AAlternateDataStreams: C:\ProgramData\Temp:398EFF0FAlternateDataStreams: C:\ProgramData\Temp:3A0561F3AlternateDataStreams: C:\ProgramData\Temp:3AEF46F0AlternateDataStreams: C:\ProgramData\Temp:3C4BD225AlternateDataStreams: C:\ProgramData\Temp:3DB6F365AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08AlternateDataStreams: C:\ProgramData\Temp:401CAF8FAlternateDataStreams: C:\ProgramData\Temp:40640B7DAlternateDataStreams: C:\ProgramData\Temp:43F5FA9DAlternateDataStreams: C:\ProgramData\Temp:45912F61AlternateDataStreams: C:\ProgramData\Temp:46283136AlternateDataStreams: C:\ProgramData\Temp:4673E9EAAlternateDataStreams: C:\ProgramData\Temp:491270B8AlternateDataStreams: C:\ProgramData\Temp:4A5CFD3BAlternateDataStreams: C:\ProgramData\Temp:4B6A9FDAAlternateDataStreams: C:\ProgramData\Temp:4EA7C5C4AlternateDataStreams: C:\ProgramData\Temp:4EFA2FC7AlternateDataStreams: C:\ProgramData\Temp:512E1728AlternateDataStreams: C:\ProgramData\Temp:54403233AlternateDataStreams: C:\ProgramData\Temp:5539129FAlternateDataStreams: C:\ProgramData\Temp:55BB2521AlternateDataStreams: C:\ProgramData\Temp:56FBA78DAlternateDataStreams: C:\ProgramData\Temp:592D7272AlternateDataStreams: C:\ProgramData\Temp:5A9F1AE5AlternateDataStreams: C:\ProgramData\Temp:5D351BC6AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2AlternateDataStreams: C:\ProgramData\Temp:65B8AF94AlternateDataStreams: C:\ProgramData\Temp:65C4D44AAlternateDataStreams: C:\ProgramData\Temp:6C5F503CAlternateDataStreams: C:\ProgramData\Temp:6CF828C2AlternateDataStreams: C:\ProgramData\Temp:6EE8565AAlternateDataStreams: C:\ProgramData\Temp:6EFFF8B9AlternateDataStreams: C:\ProgramData\Temp:72A1B66AAlternateDataStreams: C:\ProgramData\Temp:79875988AlternateDataStreams: C:\ProgramData\Temp:7BFFC6A9AlternateDataStreams: C:\ProgramData\Temp:7DC5D762AlternateDataStreams: C:\ProgramData\Temp:834DD57EAlternateDataStreams: C:\ProgramData\Temp:852F2262AlternateDataStreams: C:\ProgramData\Temp:869C6B4AAlternateDataStreams: C:\ProgramData\Temp:89C6F032AlternateDataStreams: C:\ProgramData\Temp:8AE92FD3AlternateDataStreams: C:\ProgramData\Temp:8B4B9596AlternateDataStreams: C:\ProgramData\Temp:8E5EA40FAlternateDataStreams: C:\ProgramData\Temp:902C848DAlternateDataStreams: C:\ProgramData\Temp:90D89144AlternateDataStreams: C:\ProgramData\Temp:961B84C5AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6AlternateDataStreams: C:\ProgramData\Temp:A2FF62A6AlternateDataStreams: C:\ProgramData\Temp:A6F30843AlternateDataStreams: C:\ProgramData\Temp:A819A132AlternateDataStreams: C:\ProgramData\Temp:A900C3A3AlternateDataStreams: C:\ProgramData\Temp:A9056F42AlternateDataStreams: C:\ProgramData\Temp:A9223B61AlternateDataStreams: C:\ProgramData\Temp:AD179392AlternateDataStreams: C:\ProgramData\Temp:AFC732F7AlternateDataStreams: C:\ProgramData\Temp:B190BE3AAlternateDataStreams: C:\ProgramData\Temp:B2112128AlternateDataStreams: C:\ProgramData\Temp:B2735F9EAlternateDataStreams: C:\ProgramData\Temp:B3A5945EAlternateDataStreams: C:\ProgramData\Temp:BD0A043EAlternateDataStreams: C:\ProgramData\Temp:BE6B5FC3AlternateDataStreams: C:\ProgramData\Temp:BE6DC701AlternateDataStreams: C:\ProgramData\Temp:C0893153AlternateDataStreams: C:\ProgramData\Temp:C0A9B815AlternateDataStreams: C:\ProgramData\Temp:C0BCE04BAlternateDataStreams: C:\ProgramData\Temp:C2F24DB5AlternateDataStreams: C:\ProgramData\Temp:C370B84FAlternateDataStreams: C:\ProgramData\Temp:C43C957EAlternateDataStreams: C:\ProgramData\Temp:C82CA1C0AlternateDataStreams: C:\ProgramData\Temp:CAC06C34AlternateDataStreams: C:\ProgramData\Temp:CB5AA1E6AlternateDataStreams: C:\ProgramData\Temp:D31BE97CAlternateDataStreams: C:\ProgramData\Temp:DC7EDF41AlternateDataStreams: C:\ProgramData\Temp:DD0005C2AlternateDataStreams: C:\ProgramData\Temp:E402E439AlternateDataStreams: C:\ProgramData\Temp:E4EE99EFAlternateDataStreams: C:\ProgramData\Temp:E517FE76AlternateDataStreams: C:\ProgramData\Temp:E5B07840AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3AlternateDataStreams: C:\ProgramData\Temp:E894A3EDAlternateDataStreams: C:\ProgramData\Temp:EA10407CAlternateDataStreams: C:\ProgramData\Temp:ECF3C50FAlternateDataStreams: C:\ProgramData\Temp:EDDBC69EAlternateDataStreams: C:\ProgramData\Temp:EE9C3FEDAlternateDataStreams: C:\ProgramData\Temp:EF0BD3A1AlternateDataStreams: C:\ProgramData\Temp:F13867C6AlternateDataStreams: C:\ProgramData\Temp:F2E92DCDAlternateDataStreams: C:\ProgramData\Temp:F3A185AEAlternateDataStreams: C:\ProgramData\Temp:F52DB269AlternateDataStreams: C:\ProgramData\Temp:F5B51004AlternateDataStreams: C:\ProgramData\Temp:F5E4BCD5AlternateDataStreams: C:\ProgramData\Temp:F610C203AlternateDataStreams: C:\ProgramData\Temp:F7F4DC88AlternateDataStreams: C:\ProgramData\Temp:FB4262DEAlternateDataStreams: C:\ProgramData\Temp:FB6A21E3==================== Safe Mode (whitelisted) ======================================= Disabled items from MSCONFIG ==============MSCONFIG\startupreg: Best Buy pc app => C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms==================== Faulty Device Manager Devices =============Name: Microsoft PS/2 MouseDescription: Microsoft PS/2 MouseClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.==================== Event log errors: =========================Application errors:==================Error: (03/15/2014 03:35:06 PM) (Source: MSDTC Client) (User: )Description: Cleanup0x80100101System errors:=============Microsoft Office Sessions:=========================Error: (03/15/2014 03:35:06 PM) (Source: MSDTC Client)(User: )Description: Cleanup0x80100101==================== Memory info ===========================Percentage of memory in use: 29%Total physical RAM: 6109.18 MBAvailable physical RAM: 4289.86 MBTotal Pagefile: 12216.5 MBAvailable Pagefile: 10620.72 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.8 MB==================== Drives ================================Drive c: (Gateway) (Fixed) (Total:916.91 GB) (Free:742.13 GB) NTFSDrive d: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 71B49C11)Partition 1: (Not Active) - (Size=15 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
aharonov Posted March 15, 2014 ID:803592 Share Posted March 15, 2014 Ok. Let's continue: Please download Combofix (by sUBs) and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start Combofix.exe and follow its instructions.Do not use the computer while the scan is running. This may cause the program to stall.When finished, a log file will be displayed (that can also be found at C:\Combofix.txt). Please copy and paste the contents of this file into your next post.Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer. (You can find more detailed instructions in this guide on using Combofix.) Link to post Share on other sites More sharing options...
zChris Posted March 15, 2014 Author ID:803618 Share Posted March 15, 2014 Here is the log: ComboFix 14-03-13.01 - Chris 03/15/2014 17:54:27.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.4273 [GMT -7:00]Running from: c:\users\Chris\Downloads\ComboFix.exeAV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\program files (x86)\FunWebProductsc:\program files (x86)\MyWebSearchc:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFESTc:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JARc:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPGc:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMVc:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DATc:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNGc:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDFc:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3Sc:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3Sc:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3Sc:\program files (x86)\MyWebSearch\bar\gen1\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\icons\CM.ICOc:\program files (x86)\MyWebSearch\bar\icons\MFC.ICOc:\program files (x86)\MyWebSearch\bar\icons\PSS.ICOc:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICOc:\program files (x86)\MyWebSearch\bar\icons\WB.ICOc:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICOc:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\jsifb\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3Sc:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Settings\s_pid.datc:\program files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3Sc:\users\Louise\AppData\Roaming\dclogsc:\windows\assembly\GAC_32\Desktop.inic:\windows\assembly\GAC_64\Desktop.inic:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}c:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\@c:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\L\00000004.@c:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\L\201d3ddec:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\00000004.@c:\windows\wininit.inic:\windows\XSxS..((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 )))))))))))))))))))))))))))))))..2014-03-16 01:00 . 2014-03-16 01:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp2014-03-15 23:18 . 2014-03-15 23:18 -------- d-----w- c:\users\Chris2014-03-15 22:55 . 2014-03-15 22:56 -------- d-----w- C:\FRST2014-03-15 05:33 . 2014-03-15 05:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes2014-03-15 05:32 . 2014-03-15 05:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2014-03-15 05:32 . 2014-03-15 05:32 -------- d-----w- c:\programdata\Malwarebytes2014-03-15 05:32 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-15 05:32 . 2014-03-15 05:32 -------- d-----w- c:\users\Administrator\AppData\Local\Programs2014-03-15 00:12 . 2014-03-15 00:12 -------- d-----w- c:\users\Administrator\AppData\Local\Best Buy pc app2014-03-15 00:02 . 2014-03-15 05:02 -------- d-----w- c:\users\Administrator\AppData\Local\Deployment2014-03-15 00:02 . 2014-03-15 00:02 -------- d-----w- c:\users\Administrator\AppData\Local\Apps2014-03-15 00:02 . 2014-03-15 00:02 -------- d-----w- c:\users\Administrator\AppData\Local\PackageAware2014-03-14 23:46 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345845AF-0DC8-4908-9508-50D41BE47A49}\mpengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-15 00:01 . 2012-09-03 21:58 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll2014-03-15 00:01 . 2012-09-03 21:58 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll2014-03-15 00:01 . 2011-01-31 10:58 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"IdentityCardFUB"="c:\windows\oem\IdentityCard\FUB.exe" [2009-10-08 227872].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-10-26 9216].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [x]S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 23:23 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 20:28].2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 04:59].2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 04:59].2013-09-08 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-24 00:27]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 24.116.0.53 24.116.2.50..[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-03-15 18:02:49ComboFix-quarantined-files.txt 2014-03-16 01:02.Pre-Run: 797,747,331,072 bytes freePost-Run: 797,716,619,264 bytes free.- - End Of File - - 72EC4C91DC5565D9E10ACEC4719ECF4A Link to post Share on other sites More sharing options...
aharonov Posted March 16, 2014 ID:803709 Share Posted March 16, 2014 Ok. How is your computer running? Do any problems or strange symptoms exist? Please download the ESET Online Scanner and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start esetsmartinstaller_enu.exe with administartor privileges.Select the option Yes, I accept the Terms of Use and click on Start.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick on Start. The virus signature database will begin to download. This may take some time.When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!Now click on FinishA log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Copy and paste the content of this log file in your next reply.Note: Do not forget to re-enable your antivirus application after running the above scan! Link to post Share on other sites More sharing options...
zChris Posted March 16, 2014 Author ID:803921 Share Posted March 16, 2014 It's running fine at the moment. Here is the log: ESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=fdd2eff1dc6d0e418a5a2d3192f8c987# engine=17468# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2014-03-16 09:23:46# local_time=2014-03-16 02:23:46 (-0800, Pacific Daylight Time)# country="United States"# lang=1033# osver=6.1.7600 NT # compatibility_mode=1279 16777215 0 0 0 0 0 0# compatibility_mode=3589 16777214 60 64 95632965 157511611 0 0# compatibility_mode=5893 16776573 100 94 77838 146548476 0 0# scanned=694934# found=11# cleaned=0# scan_time=10478sh=A0CAA80116C414C48EC40C6E2FA4CD7D78DFF1AD ft=0 fh=0000000000000000 vn="a variant of MSIL/TrojanDropper.Agent.KB trojan" ac=I fn="C:\Backup\Louise\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000b1a"sh=7FBD0962BC6F8780A41C41652117A8AA6693A96E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Backup\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4YRQ51A1\shadowcraft-2[1].htm"sh=F4D2D8A4798018BA54A22F13C65B8E4229D4A03E ft=0 fh=0000000000000000 vn="Win32/DomaIQ.E potentially unwanted application" ac=I fn="C:\Backup\Louise\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130909171351423.rsc_tmp"sh=9B8C633A10417757469388830CFA3700BF8391D1 ft=0 fh=0000000000000000 vn="a variant of Java/Obfuscated.AllatoriDemo.B potentially unsafe application" ac=I fn="C:\Backup\Louise\AppData\Roaming\EpicBot\Cache\update.jar"sh=AC2EC6544DBD953FBF7F13C7F0C2B12E2B847DF6 ft=1 fh=80c515dd57445045 vn="MSIL/DownVision.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\DownVision\update.exe"sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="probably a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe"sh=50F7BC095D56F8DE85C3654F53E7A5039DDFDC6E ft=1 fh=22ba93820351546e vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimband.dll"sh=3D30770CA02B988D17FB6B86DD02DDDF078CC9D0 ft=1 fh=454e4fee16bd7532 vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll"sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39impipe.exe"sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\00000004.@.vir"sh=6A4567E1F624236A0F0F616F914EABBBE96F9474 ft=0 fh=0000000000000000 vn="probably a variant of MSIL/PSW.OnLineGames.QG trojan" ac=I fn="C:\Users\Louise\Downloads\IDB-3.4.1.rar" Link to post Share on other sites More sharing options...
aharonov Posted March 17, 2014 ID:804131 Share Posted March 17, 2014 All right!Please download this attached fixlist.txt and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.I don't need the log. That's it! Your logs look clean to me at the moment.We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.My help is free for everybody.If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: .Thank you!Clean UpNow we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)Download DelFix (by Xplode) and save it to your Desktop.Close all running programs and start delfix.exe.Make sure that all available options are checked.Click on RunDelFix should remove all our tools and delete itself afterwards. I don't need the log file.If there is still something left you can delete it manually. Closing security holesMany infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:Adobe Flash Player 10 ActiveXAdobe Reader 9.1 MUIDownload and install Service Pack 1 for Windows 7.Internet Explorer Version 8TipsI recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams. Link to post Share on other sites More sharing options...
zChris Posted March 17, 2014 Author ID:804355 Share Posted March 17, 2014 What do you mean by rename Combofix.exe in Uninstall.exe? Link to post Share on other sites More sharing options...
aharonov Posted March 17, 2014 ID:804373 Share Posted March 17, 2014 Just right-click on Combofix.exe, select "Rename" and change its file name to Uninstall.exe.The double-click on it. Link to post Share on other sites More sharing options...
zChris Posted March 19, 2014 Author ID:804853 Share Posted March 19, 2014 I finished everything you suggested. Computer seems to be running fine. Only other issue I have is with Windows.. The default administrator account opens on start-up and Sysprep pops up. When I try to run it, it says there was an error when trying to run SysPrep. I don't know if that's something you would know about, or could help with. If not, it's fine. Link to post Share on other sites More sharing options...
aharonov Posted March 19, 2014 ID:804928 Share Posted March 19, 2014 Hm, I'm afraid I'd not be able to assist you as effectively as it would be possible on this matter. I suggest that you ask for advice in a forum/community that is more specialized on this type of problem. Link to post Share on other sites More sharing options...
zChris Posted March 19, 2014 Author ID:804963 Share Posted March 19, 2014 Alright, it was worth a shot! Thank you for your help, aharonov! I appreciate it. Link to post Share on other sites More sharing options...
aharonov Posted March 19, 2014 ID:804982 Share Posted March 19, 2014 You're welcome. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 19, 2014 Root Admin ID:805226 Share Posted March 19, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts